Authorization Audit Configuration

Authorization Audit Data - PAA

If your deployment contains a hybrid PAA, the authorization data will be audited in your hosted environment and not in the Authorization Platform Audit Store. In each PAA, you will have a PDP service that includes Audit configuration as part of the runtime configuration. According to this configuration, the Audit will be stored in a database and/or collected as syslog using your tool of choice..

The Authorization Platform Audit Report in the PAP UI will not contain the internal PAA audit records, but you can connect to your DB or syslog store and compile reports based on the authorization audit data.

Database

Audit data can be stored in your Postgres database (as a managed service or locally). This data can also be stored in other databases such as Oracle, MSSQL, MySQL, etc. For a Postgres database, the structure consists of a single table:

CREATE TABLE authorization_audit (
    request_id varchar(2044) NULL,
    request text NULL,
    response text NULL,
    ip varchar(2044) NULL,
    client_id varchar(2044) NULL,
    entity_id varchar(2044) NULL,
    entity_type varchar(2044) NULL,
    request_type varchar(2044) NULL,
    organization varchar(2044) NULL,
    instance_name varchar(2044) NULL,
    request_time numeric(20) NULL,
    external_request_id varchar(128) NULL,
    total_duration numeric(20) NULL
);
CREATE INDEX auth_requests ON authorization_audit USING btree (request_time, entity_id, organization, request_type, external_request_id);

NOTE: To store Audit data in other database types, the customer will need to prepare their database, have available drivers, and also note that the table structure might be slightly different. For assistance, contact PlainID Support.

Runtime Service Configuration

The runtime service configuration contains an 'audit' section in which you can configure the authorization audit. You will find in this JSON section these relevant properties:

• isDataBaseEnable: false - Audit data is stored in the database, if set to true (default value is false)
• isSysLogEnable: true - Audit data is collected by syslog, if set to true (default value is true)
• connection: In this section, input the following details in you database's Connection properties:
  • "driverName": "org.postgresql.Driver"
  • "type": "POSTGRESQL"
  • "url": "jdbc:postgresql://127.0.0.1:5432/audit"
  • "user": "..."
  • "Password": " *** "

Syslog

If you want to use syslog to collect your Audit data, set true for isSysLogEnable, as mentioned above. Also, you should configure the following syslog parameters:

Standalone PAA Deployment (VM)

To adjust for Standalone PAA Deployment:

1. In the $PLAINID_HOME/runtime/conf folder, open the log4j.xml configuration file.
2. Locate and edit the relevant properties:
   • Syslog Host and Port
   • Syslog Appender:
     • Syslog Name
     • Host
     • Port
     • Protocol
       Example:

    <Property name="syslog-host" value="10.20.11.7" />
    <Property name="syslog-port" value="5000" />
    ...
    <Appenders>
        <Syslog name="SysLog" host="${syslog-host}" port="${syslog-port}" protocol="UDP"/>

K8s PAA Deployment

To configure the syslog in a K8s environment, you should add to your values-custom.yaml the below section and configure your host, port, and protocol.

runtime:
  # Audit runtime calls to syslog
  syslog:
    enabled: true
    host: ""
    port: ""
    # Supported protocols: UDP
    protocol: "UDP"

If the syslog.enabled is set to true, audit records should be collected by your syslog agent and contain a _source section with a message property that includes all the audit record. This will be in a similar structure to the Audit DB Record.