
Dynatrace audit logs are a crucial tool for monitoring and troubleshooting issues in your environment. They provide a detailed record of all changes made to your Dynatrace environment.
To enable audit logs, you'll need to configure the audit log settings in the Dynatrace UI, which can be found under Settings > Audit logs. This is a straightforward process that requires minimal setup.
Audit logs are stored for a maximum of 30 days, after which they are automatically deleted. This is a standard retention period that can be adjusted if needed.
Dynatrace provides a dedicated logs section where you can view and filter your audit logs.
Additional reading: Is Rotting Logs in a Log Home and Insurance Claim
Understanding Audit Logs
An audit log entry is a record of a specific action that occurred in your Dynatrace environment. It's a crucial tool for tracking changes and identifying potential issues.
Each audit log entry has a unique ID, known as the logId, which can be used to reference the entry. The logId is a string value.
The audit log also includes information about the category of the recorded operation, such as CONFIG, TOKEN, or WEB_UI. This category can hold specific values.
The entity that was changed is also recorded in the audit log, with the entityId providing a unique identifier for the entity. The environmentId is also included, which is the ID of the Dynatrace environment where the recorded operation occurred.
The user who performed the recorded operation is identified by their email address, and the user type is also recorded, indicating whether the user is a person or a built-in mechanism.
Here are the properties of an audit event:
The timestamp of the record creation is also recorded in the audit log, in UTC milliseconds.
Logging Setup
To set up audit logging in Dynatrace, you'll need to have environment admin permissions.
First, navigate to Settings > Preferences > Data privacy and security and enable Log all audit-related system events. This is a crucial step to get started with audit logging.
Consider reading: Logging Equipment Financing
To generate an API token, go to Settings > Integration > Dynatrace API and click Generate token. Be sure to give the token a name and enable Read audit logs.
You'll need to copy the Generated token value, which you can then use within the Authorization header to access audit logs.
The /auditlogs API endpoint is available in the Dynatrace Environment API v2, allowing you to access audit logs for a given timeframe.
Here's a quick rundown of the steps:
- Enable Log all audit-related system events in Settings > Preferences > Data privacy and security
- Generate an API token in Settings > Integration > Dynatrace API, enabling Read audit logs
- Copy the Generated token value
- Use the copied API token within the Authorization header to access audit logs
Logs
Logs are a crucial part of Dynatrace audit logs, allowing you to explore all your logs without writing a single query.
You can analyze logs by adding a log explorer to Dynatrace's Notebook, a powerful tool for custom analytics of logs, events, and metrics. This feature helps you understand and perform an in-depth analysis of AppFabric logs using Dynatrace's query language called DQL.
The AuditLogEntry object, a fundamental component of Dynatrace audit logs, contains various elements that provide valuable information about recorded operations. These elements include category, dt.settings.key, dt.settings.object_id, and many others.
To enable and use the new environment Audit logs API, you need to follow a series of steps, which include enabling log all audit-related system events and generating a token with the required access scope.
Here are the key elements of the AuditLogEntry object:
Troubleshooting and Alerting
You can set up alerts for suspicious user activity across your SaaS applications with AppFabric integration with Dynatrace Log Management analytics.
This allows you to receive notifications based on specific log events, giving you timely insights into potential issues.
Dynatrace problem can be raised based on audit logs, as shown in figure 3.
Check this out: Equity Stock Based Compensation Audit Guide
Looking for Answers?
If you're stuck and need guidance, start a new discussion or ask for help in our Q&A forum to get the support you need.
Our Q&A forum is a great resource for finding answers to your questions and resolving issues.
Alert on suspicious user activity
Setting up alerts for suspicious user activity is a game-changer for AppFabric customers.
With AppFabric integration with Dynatrace Log Management analytics, customers can set up alerts based on specific log events.
Dynatrace problem can be raised based on audit logs, as shown in figure 3, example.
This allows you to stay on top of potential security issues before they become major problems.
Response
Responding to alerts is crucial in troubleshooting.
A timely response can prevent minor issues from escalating into major problems.
According to the "Types of Alerts" section, there are three main categories: informational, warning, and critical alerts.
These categories help determine the severity of the issue and guide the response accordingly.
In the "Alerting Strategies" section, it's mentioned that setting up automated responses can save time and ensure consistency in handling alerts.
For instance, setting up a script to automatically respond to critical alerts can ensure that the issue is addressed immediately.
The "Alert Fatigue" section warns that too many alerts can lead to desensitization, making it difficult to respond effectively.
To combat this, it's essential to prioritize and filter alerts, as shown in the "Prioritizing Alerts" section.
By doing so, you can focus on the most critical issues and respond accordingly.
Featured Images: pexels.com


