Skip to content

Access Audit Logs#

Introduction#

Hopsworks collects audit logs on all URL requests to the application server. These logs are saved in Payara log directory under <payara-log-dir>/audit by default.

Prerequisites#

In order to access the audit logs you need the following:

  • Administrator account on the Hopsworks cluster.
  • SSH access to the Hopsworks cluster with a user in the glassfish group.

Step 1: Configure Audit logs#

Audit logs can be configured from the Cluster Settings Configuration tab. You can access the Configuration page of your Hopsworks cluster by clicking on your name, in the top right corner, and choosing Cluster Settings from the dropdown menu.

Audit log configuration
Audit log configuration

Type audit in the search box to see the configuration variables associated with audit logs. To edit a configuration variable, you can click on the edit button (), insert the new value and save changes clicking on the check mark ().

Audit logs configuration variables

Name Description
audit_log_count the number of files to keep when rotating logs (java.util.logging.FileHandler.count)
audit_log_dir the path where audit logs are saved
audit_log_file_format log file name pattern. (java.util.logging.FileHandler.pattern)
audit_log_file_type the output format of the log file. Can be one of java.util.logging.SimpleFormatter (default), io.hops.hopsworks.audit.helper.JSONLogFormatter, or io.hops.hopsworks.audit.helper.HtmlLogFormatter.
audit_log_size_limit the maximum number of bytes to write to any one file. (java.util.logging.FileHandler.limit)
audit_log_date_format if io.hops.hopsworks.audit.helper.JSONLogFormatter is used as audit log file type, this will set the date format of the output JSON. The format should be java.text.SimpleDateFormat compatible string.

Warning

Hopsworks application needs to be reloaded for any changes to be applied. For doing that, go to the Payara admin panel (https://<your-domain>:4848), click on Applications on the side menu and reload the hopsworks-ear application.

Step 2: Access the Logs#

To access the audit logs, SSH into the head node of your Hopsworks cluster and navigate to the path set in the audit_log_dir configuration variable.

Audit logs follow the format set in the audit_log_file_type configuration variable.

Example of audit logs using JSONLogFormatter

{"className":"io.hops.hopsworks.api.user.AuthService","methodName":"login","parameters":"[admin@hopsworks.ai, org.apache.catalina.connector.ResponseFacade@2de6dd0b, org.apache.catalina.connector.RequestFacade@7a82f674]","outcome":"200","caller":{"username":null,"email":"admin@hopsworks.ai","userId":null},"clientIp":"10.0.2.2","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36","pathInfo":"/auth/login","dateTime":"2022-11-09 12:00:08"}

Regardless the format, each line in the audit logs can contain the following variables:

Audit log variables

Name Description
className the class called by the request
methodName the method called by the request
parameters parameters sent from the client
outcome response code sent from the server
caller the logged in user that made the request. Can be username, email, or userId
clientIp the IP address of the client
userAgent the browser used by the client
pathInfo the URL path called by the client
dateTime time of the request

Going Further#

You can export audit logs to use them outside Hopsworks.