Audit Log

ThingsBoard provides the ability to track user actions in order to keep audit log. It is possible to log user actions related to main entities: assets, devices, dashboard, rules, etc.

User Interface

Tenant Administrator is able to review audit logs that belong to corresponding tenant account. The administrator is able to setup date range and executes a full-text search for fetched entities.

The “details” button allows reviewing low-level details of the logged action.

REST API

It is possible to fetch audit logs via REST API. There are several API calls that allow to fetch entities related to particular user, entity, customer or fetch all records using page links.

General configuration

System administrator is able to configure audit log levels using thingsboard.yml. You can find sample configuration below:

# Audit log parameters
audit_log:
  # Enable/disable audit log functionality.
  enabled: "${AUDIT_LOG_ENABLED:true}"
  # Specify partitioning size for audit log by tenant id storage. Example MINUTES, HOURS, DAYS, MONTHS
  by_tenant_partitioning: "${AUDIT_LOG_BY_TENANT_PARTITIONING:MONTHS}"
  # Number of days as history period if startTime and endTime are not specified
  default_query_period: "${AUDIT_LOG_DEFAULT_QUERY_PERIOD:30}"
  # Logging levels per each entity type.
  # Allowed values: OFF (disable), W (log write operations), RW (log read and write operations)
  logging_level:
    mask:
      "device": "${AUDIT_LOG_MASK_DEVICE:W}"
      "asset": "${AUDIT_LOG_MASK_ASSET:W}"
      "dashboard": "${AUDIT_LOG_MASK_DASHBOARD:OFF}"
      "customer": "${AUDIT_LOG_MASK_CUSTOMER:W}"
      "user": "${AUDIT_LOG_MASK_USER:RW}"
      "rule": "${AUDIT_LOG_MASK_RULE:RW}"
      "plugin": "${AUDIT_LOG_MASK_PLUGIN:RW}"

This configuration sample disables the logging of any actions related to dashboards and logs read operations for users and rules. For all other entities, ThingsBoard will log only write level operations.

We recommend to modify “by_tenant_partitioning” parameter based on the number of devices and user actions that will be logged. The more actions you plan to log, the more precise partitioning is required. The approximate amount of records per partition should not exceed 500 000 records.

External log sink configuration

System administrator is able to configure connection to external system. This connection will be used to push audit logs. The configuration parameters are well documented inline.

  sink:
    # Type of external sink. possible options: none, elasticsearch
    type: "${AUDIT_LOG_SINK_TYPE:none}"
    # Name of the index where audit logs stored
    # Index name could contain next placeholders (not mandatory):
    # @{TENANT} - substituted by tenant ID
    # @{DATE} - substituted by current date in format provided in audit_log.sink.date_format
    index_pattern: "${AUDIT_LOG_SINK_INDEX_PATTERN:@{TENANT}_AUDIT_LOG_@{DATE}}"
    # Date format. Details of the pattern could be found here:
    # https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html
    date_format: "${AUDIT_LOG_SINK_DATE_FORMAT:YYYY.MM.DD}"
    scheme_name: "${AUDIT_LOG_SINK_SCHEME_NAME:http}" # http or https
    host: "${AUDIT_LOG_SINK_HOST:localhost}"
    port: "${AUDIT_LOG_SINK_POST:9200}"
    user_name: "${AUDIT_LOG_SINK_USER_NAME:}"
    password: "${AUDIT_LOG_SINK_PASSWORD:}"      

Next steps

入门指南 - 快速学习ThingsBoard相关功能。
安装指南 - 学习如何在各种操作系统上安装ThingsBoard。
连接设备 - 学习如何根据你的连接方式或解决方案连接设备。
可视化 - 学习如何配置复杂的ThingsBoard仪表板说明。
数据处理 - 学习如何使用ThingsBoard规则引擎。
数据分析 - 学习如何使用规则引擎执行基本的分析任务。
硬件样品 - 学习如何将各种硬件平台连接到ThingsBoard。
开发指南 - 学习ThingsBoard中的贡献和开发。