User audit logs
This functionality is available only in the server version of Allure TestOps starting from version 4.23.0.
If your security policies require logging of the user activities in the system, such logging can be configured on Allure TestOps side.
Allure TestOps logs actions related to:
- licencing;
- user account management;
- user actions within projects (creation, editing and deletion of entities).
Logging profiles
Allure TestOps can log events in JSON format or as plain text. The log format is determined by the SPRING_PROFILES_ACTIVE
parameter, which is specified in all Allure TestOps configurations.
The SPRING_PROFILES_ACTIVE
parameter value must be specified as one or more profiles separated by commas.
The available profiles are:
kubernetes
This profile is used by default when deploying Allure TestOps via Kubernetes. Events will be logged to the console (stdout) in JSON format.compose
This profile is used by default when deploying Allure TestOps via Docker Compose. Events will be logged to the console (stdout) in text format with elements divided by spaces.package
This profile is used by default when deploying Allure TestOps via Linux packages (DEB or RPM). Events will be logged to the console (stdout) in text format with elements divided by spaces.logging-console-json
Events will be logged to the console (stdout) in JSON format.logging-file-json
Events will be logged to a file in JSON format. The path to the file must be specified using theLOG_FILE
environment variable (described below).
Logging level
For the audit logging there are two levels, defining the type of events logged by the system defined via parameter LOGGING_LEVEL_ACCESSLOG
:
debug
— it logs events withPOST
,DELETE
,PATCH
, andPUT
methods.These methods are used to create, modify, and delete Allure TestOps entities.
trace
— it logs events withGET
,HEAD
, andOPTION
methods.In this case, all user actions will be recorded in the log. This is an excessive logging option.
Logging to a file
The logging can be performed to a file for further processing by third-party applications (such as Logstash).
To log events to a file, add the LOG_FILE
parameter to the configuration and specify the path to the file where the log should be stored.
Full logging configuration
The following piece of the configuration allows logging POST, DELETE, PATCH, PUT events in JSON format to stdout and to the file /var/log/testops/testops.log:
SPRING_PROFILES_ACTIVE: logging-console-json,logging-file-json
LOGGING_LEVEL_ACCESSLOG: debug
LOG_FILE: /var/log/testops/testops.log
Log record fields
Each access log record contains the following fields:
message
— message in "raw" format;logger_name
— logger name. For logging user actions, the logger name isaccesslog
;method
— API method invoked by the user's action (GET
/POST
/PUT
, etc.);endpoint
— endpoint triggered;query
— query parameters (for example, the ID of a project);status
— response status (2xx
,3xx
,4xx
,5xx
);user
— username;roles
— user role;client
— IP address of the user.
Record example
{
"@timestamp": "2023-11-13T12:00:00.778Z",
"@version": "1",
"message": "status=200, method=GET, endpoint=/rs/testcasetree/leaf, query=projectId=4&treeId=8&sort=id%2Casc&size=100, client=192.168.100.4, user=admin, roles=[ROLE_ADMIN]",
"logger_name": "accesslog",
"thread_name": "http-nio-8081-exec-7",
"level": "trace",
"level_value": 5000,
"endpoint": "/rs/testcasetree/leaf",
"method": "GET",
"query": "projectId=4&treeId=8&sort=id%2Casc&size=100",
"roles": "ROLE_ADMIN",
"client": "192.168.1.4",
"user": "admin",
"status": "200"
}