TestOps logo
Try TestOps

User audit logs

This functionality is available only in the server version of Allure TestOps starting from version 4.23.0.

If your security policies require logging of the user activities in the system, such logging can be configured on Allure TestOps side.

Allure TestOps logs actions related to:

  • licencing;
  • user account management;
  • user actions within projects (creation, editing and deletion of entities).

Logging profiles

Allure TestOps can log events in JSON format or as plain text. The log format is determined by the SPRING_PROFILES_ACTIVE parameter, which is specified in all Allure TestOps configurations.

The SPRING_PROFILES_ACTIVE parameter value must be specified as one or more profiles separated by commas.

The available profiles are:

  • kubernetes This profile is used by default when deploying Allure TestOps via Kubernetes. Events will be logged to the console (stdout) in JSON format.

  • compose This profile is used by default when deploying Allure TestOps via Docker Compose. Events will be logged to the console (stdout) in text format with elements divided by spaces.

  • package This profile is used by default when deploying Allure TestOps via Linux packages (DEB or RPM). Events will be logged to the console (stdout) in text format with elements divided by spaces.

  • logging-console-json Events will be logged to the console (stdout) in JSON format.

  • logging-file-json Events will be logged to a file in JSON format. The path to the file must be specified using the LOG_FILE environment variable (described below).

Logging level

For the audit logging there are two levels, defining the type of events logged by the system defined via parameter LOGGING_LEVEL_ACCESSLOG:

  • debug — it logs events with POST, DELETE, PATCH, and PUT methods.

    These methods are used to create, modify, and delete Allure TestOps entities.

  • trace — it logs events with GET, HEAD, and OPTION methods.

    In this case, all user actions will be recorded in the log. This is an excessive logging option.

Logging to a file

The logging can be performed to a file for further processing by third-party applications (such as Logstash).

To log events to a file, add the LOG_FILE parameter to the configuration and specify the path to the file where the log should be stored.

Full logging configuration

The following piece of the configuration allows logging POST, DELETE, PATCH, PUT events in JSON format to stdout and to the file /var/log/testops/testops.log:

SPRING_PROFILES_ACTIVE: logging-console-json,logging-file-json
LOGGING_LEVEL_ACCESSLOG: debug
LOG_FILE: /var/log/testops/testops.log

Log record fields

Each access log record contains the following fields:

  • message — message in "raw" format;
  • logger_name — logger name. For logging user actions, the logger name is accesslog;
  • method — API method invoked by the user's action (GET/POST/PUT, etc.);
  • endpoint — endpoint triggered;
  • query — query parameters (for example, the ID of a project);
  • status — response status (2xx, 3xx, 4xx, 5xx);
  • user — username;
  • roles — user role;
  • client — IP address of the user.

Record example

{
    "@timestamp": "2023-11-13T12:00:00.778Z",
    "@version": "1",
    "message": "status=200, method=GET, endpoint=/rs/testcasetree/leaf, query=projectId=4&treeId=8&sort=id%2Casc&size=100, client=192.168.100.4, user=admin, roles=[ROLE_ADMIN]",
    "logger_name": "accesslog",
    "thread_name": "http-nio-8081-exec-7",
    "level": "trace",
    "level_value": 5000,
    "endpoint": "/rs/testcasetree/leaf",
    "method": "GET",
    "query": "projectId=4&treeId=8&sort=id%2Casc&size=100",
    "roles": "ROLE_ADMIN",
    "client": "192.168.1.4",
    "user": "admin",
    "status": "200"
}
© Qameta Software Inc. All rights reserved.