Page History

...

Scope of the Audit Log

The Audit Log is maintained for all job-related objects such as Jobs, Job Chains, Orders, etc., whose statuses are modified by users carrying out operations such as starting, stopping or pausing. It uses a format that is human and machine readable and fulfills the following main functions:

• provide a compliance-conform record in a simple file format that can be archived and handed over to a compliance officer,
• provide an operational record of that is readily accessible to operating staff,
• provide a second source of operational information should the database not be available.

Operators
Users of the JOC Cockpit with the necessary permissions can view the Audit Log in the JOC Cockpit by clicking the Audit Log link in the JOC Cockpit main menu as shown in the screenshot below:

 
Inclusion of the Audit Log view and in particular the Reasons field is intended to provide users of the JOC Cockpit with more relevant operational information about actions taken than is recorded in the History. 

Compliance and Operational Features

• The Audit Log is written automatically by the JobScheduler Web Services:
  • Entries to the Audit log are made when an operation that changes the state of a JobScheduler Object is initiated in the JOC Cockpit or other application accessing the JobScheduler Web Services.
  •  There is no mechanism for switching off the Audit Log.
• The Audit Log is written in two locations simultaneously:
  • In the DBMS used by the JobScheduler Web Services: 
    • This instance is used by the JOC Cockpit to allow operators to view the Audit Log information.

...

• • • It is also used by the JOC Cockpit to generate an Excel-compatible export file for reporting purposes.
  • In the Audit Log file:
    • It is intended that this instance is archived and used as a compliance record. System Administrators can make a copy of this instance available to operating staff if the DBMS should not be available. 
    • The Audit Log file is named JOCAuditLog.log and saved in the ./logs folder.
• All Any new entries will be added to the Audit Log file, i.e. the file will not be overwritten- neither the log file not the DMBS records are overwritten.
  • System administrators have to arrange an archiving and housekeeping system for the Audit Log file according to the relevant compliance laws and corporate governance.
  • It is the responsibility of system administrators to check compliance requirements such as the retention period for the information contained in the Audit Log file.
• The Audit Log is visible in the JOC Cockpit to:
  • Users with the appropriate permissions. The specification of user permissions is described in the Authentication and Authorization - Configuration article. 
    
    • The default authorization permissions for the Audit Log which are configured for the JOC Cockpit are listed in the Permissions Matrix shown in the Authentication and Authorization - Permissions for the JOC Cockpit Web Service article.  
  • System Administrators with access to the DBMS used by the JOC Cockpit and JobScheduler Master(s) or the file system where the Audit Log file is written.
  • The Audit Log is read-only for all JOC Cockpit users - only
  the JobScheduler Web Services and
  • System Administrators that have access to the file system and to the database can modify the log. 
  Entries

Key to the Audit Log Entries

• Created: the point in time when the action was performed.
• Account: the user account that caused the action.
• Request URL: the Web Service URL that was invoked by the JOC Cockpit. The URLs represent the object type and action, e.g. /orders/start.
• Job Chain, Order ID, Job: identifies the object for which the action was performed.
• Reasons: (can be mandatory or optional - see below) an explanation of why an action was carried out. Reasons are created either by selecting an item from a list of predefined reasons (configurable) or individual - i.e. free text input. A maximum of 2000 characters can be added to a free text reason.
• Time Spent: (optional) the number of minutes required for the action (including time for impact analysis) can be added.
• Ticket Link: (optional) a URL can be added that points to a ticket system, e.g. the SOS Ticket System, to identify the underlying ticket for the intervention
log can only be made when an operation that changes the state of a JobScheduler Object is initiated in the JOC Cockpit or other application accessing the JobScheduler Web Services
• It lies in the responsibility of system administrators to check compliance requirements such as the retention period for information contained in this file.
• Maintenance of an Audit Log requires system administrators to comply with applicable law and corporate governance.

Operation Reasons

Users carrying out operations are able to add an explanatory reason for each operation. These reasons are then saved with in the Audit Log and can be read by all other JOC Cockpit users with the necessary permissions. The 'Enter a Reason' form is shown after each operation is initiated and can be seen in the following screenshot:
 
Reasons may be mandatory and two forms of reasons are possible:

• Predefined Reasons which are selected from a drop-down list and
• Individual Reasons as shown in the above screenshot.

The Submit and Cancel buttons in the Enter a Reason form refer to the operation being carried out. This means that:

•  even when reasons are optional, selection of the Cancel button will cause the operation being carried out to be broken off - not just entry of the reason.

Mandatory Reasons

The  force_comments_for_audit_log flag can be set in the joc.properties file as shown in the following code box:

...

Predefined reasons are found in the ./joc_home/jetty_base/resources/joc directory, in the joc.properties file. 

The JOC Cockpit is provided with a default set of predefined reasons as are listed in the following code box:

...

• The ";" near the end of each line marks the end of the comments. The use of a semicolon here functions as a delimiter and allows commas to be used in reasons.
• The "\" at the marks the end of a line.

...