SkyVault provides
the ability to audit activity. This section describes how SkyVault generates,
stores, and retrieves auditing information.
Note: The auditing mechanism prior to Version 3.4.0 has been removed but the old tables remain
in the system. You can access the previous audit data but any new audit data will be
directed to the new tables. Any customizations of the auditing feature must be rewritten
using the new configuration files. All SQL-based queries used previously must be replaced by
calls to the supplied APIs. The use of low-level SQL statements to retrieve data is not
supported.
The architecture of the auditing features comprises the following components:
A data producer defines the components that produce data that might be audited. Data producers do not need to know anything about how the data is stored. Data is generated and sent to the AuditComponent.recordAuditValues component. The only requirement is that each packet of data is a Map of data keyed by logical path names, which are specific to the producers.
The AuditService search should be used for data retrieval; however, for completeness,
the following tables are used:
- Tables exclusive to the new audit (SkyVaultPostCreate-3.2-AuditTables.sql)
- alf_audit_model: Contains the record of the audit configuration files.
- alf_audit_application: Contains an entry for each logical application. There can be several audit applications defined in a single audit model.
- alf_audit_entry: Contains an entry for each call to AuditComponent.recordAuditValues. There is a reference to a property.
- Shared tables (SkyVaultPostCreate-3.2-PropertyValueTables.sql)
- alf_prop_root: Entry point for properties: shared values are fully indexed; arbitrarily-deep collections; quick data query and reconstruction.