Exporting Audit Data
Whenever a change is made to a user profile, information about that change is written to the Console audit log: any action that creates, deletes, or modifies a user account in any way is recorded in the log:
agent_capture_client_id,agent_email,agent_id,agent_label,agent_uuid,origin_component, signed_data_client_description,signed_data_client_id,target_capture_application_id,target_capture_ entity_type,target_capture_uuid,target_field_current_value,target_field_path, target_field_previous_value,transaction_committed,transaction_id,transaction_start, type c5ukftq8n6fene4mgw6bvbhb5vj87rps,firstname.lastname@example.org,,, 277a966f-37e6-4ce8-9abc-61b77ca6ae3f,,TBD dragons,kskmfn2sxu4ysuvrzv8cs57wa53rzums, wzm8bdgztq83dxcrfh247g3vgt,user,f467d27a-e4f1-4c1b-bd18-24d47b6ac3f8,,aboutMe,, 2018-02-22T19:16:46Z,,,create
If you look closely, you’ll see that this audit log entry (and all audit log entries, for that matter) contains the attributes detailed in the following table (although, depending on the change and who made it, not all the attributes will contain values):
|Name||Show Audit Data||Description|
ID of the API client associated with the API call. This is the same ID found on the Manage Properties page. For example:
Email address of the agent who made the change. This attribute will be blank unless the task was carried out by a Console agent. For example:
|agent_id||Reserved for future use.|
|agent_label||Reserved for future use.|
UUID of the agent who carried out the task. This attribute will be blank unless the task was carried out by a Console agent. For example:
|origin_component||Reserved for future use.|
Description of the signing client. This attribute will be blank unless the task was carried out by a Console agent. For example:
Client ID used to sign any ancillary data delivered along with the logdata header interface. This attribute will be blank unless the task was carried out by a Console agent. For example:
ID of the application used when making the API call; application IDs can be found on the Manage Application page. For example:
Name of the database schema (i.e., the entity type) that was updated. For example:
UUID of the user profile that was modified. For example:
|target_field_current_value||New Value||New value assigned to the modified attribute. For example:
Name (path) of the modified attribute. For example:
Value that was assigned to the attribute before the modification was made. For example:
Date and time the modification took place. For example:
|transaction_id||Reserved for future use.|
Type of operation performed: create, update, or delete. For example:
Good question: how do you get access to all this log data? In the Console, you gain access to log entries by exporting audit data for a user (you can only export audit data for a single user at a time). To export this data, and to view the data onscreen, complete the following procedure:
- From the Manage Profiles page, click the user profile containing the audit data you want to export.
- From the user profile Edit page, click Export Audit Data:
- On the Export Audit Data tab, select a time interval (30 days, 60 days, 90 days) for the export:
- Click Show Audit Data. The audit data is displayed onscreen:
As you can see, the onscreen display includes only a handful of audit data fields (although, arguably, these are the fields you’re probably most interested in). Despite that seeming-limitation, Akamai strongly recommends viewing audit data onscreen whenever possible. Why? Because audit data always includes personally-identifiable information (PII). The chances of someone stumbling upon PII that they shouldn’t have access to is lessened if that data is displayed onscreen (and then disappears from sight when you access another page in the Console). By comparison, downloading and saving CSV files, each file containing PII, increases the chances of that data being exposed.
If you need to download data, however, you can complete the same procedure and then click Download CSV File instead of Show Audit Data. Clicking Download File downloads audit data to a comma-separated values (CSV) file with a name similar to this:
In the preceding file name, f467d27a-e4f1-4c1b-bd18-24d47b6ac3f8 indicates the UUID of the user whose audit data was exported.
When downloading audit data, as we saw previously, you can export all audit data for the last 30 days, the last 60 days, or the last 90 days.
In addition to those predefined intervals, the Select Dates option enables you to pick a specific time interval for downloading audit information any time within the last 90 days; for example, you might choose to look at audit activity that took place only between September 8 and September 15, 2018:
To return data for a specific time range, click Select Dates and then click the Start Date calendar icon to display the date picker:
Click a start date, then repeat the process to select an end date.
Note that, when you display the date picker, you’ll initially see a calendar only for the current month:
Does that mean you’re limited to time intervals that occurred only in this month? No. If you want to set a date for a month other than the current one, just click the displayed month name (e.g., Oct 2018). In turn, you’ll see a list of months similar to this:
To select a start date in, say, September 2018, just click the appropriate month and then click the start date.
If you look closely at the preceding calendar, you’ll notice that some of the months (like January through June) are unavailable. Why can’t you select those months (and, by extension, any days within those months)? There’s a good reason for that: audit data is only maintained for 90 days. That means that you cannot select a start date (or a start month) from 91 or more days ago.