Introduction

Enzo Server
  Installation
  Quick Start

  Core Features
    Async Calls
    ConnectionStrings
    Edge Cache
    Scheduling
    Views

  Advanced Capabilities
    Change Data Capture

  Administration
    Configuration Settings
    Logins & ACL
    Auditing
    Current Executions
    Linked Server
    SSL

/administration/auditing




AUDITING


Enzo Server gives you the ability to audit access to all your APIs including the handlers accessed, from where, at what time, and by which login. This feature is disabled by default and requires specific configuration changes.

This feature can be enabled upon request. Please contact support for instructions.

Create an Audit Database Table

Before you can configure auditing you will need to create a SQL Server database on your network. Although you can create the audit database on the same server where Enzo Server is running, it is recommended to create an external database for stronger separation of duties. Use SQL Server Management Studio to connect the SQL Server you will be using to store the audit log, and create a database using the CREATE DATABASE T-SQL command (or ask a database administrator to help you).

Once the database has been created, run the following command on the database to create the audit log table:

--CREATE DATABASE database_name;
--GO;
--USE database_name;
--GO;

SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[EnzoRxLog](
	[EnzoRxLogID] [bigint] IDENTITY(1,1) PRIMARY KEY NOT NULL,
	[RequestTime] [datetime] DEFAULT (getutcdate()) NOT NULL,
	[ServerName] [nvarchar](128) NULL,
	[InstanceName] [nvarchar](128) NULL,
	[ListenerType] [nvarchar](30) NULL,
	[ListenerName] [nvarchar](128) NULL,
	[CommEvent] [nvarchar](30) NULL,
	[Namespace] [nvarchar](128) NULL,
	[Schema] [nvarchar](128) NULL,
	[Handler] [nvarchar](128) NULL,
	[Operation] [nvarchar](30) NULL,
	[Login] [nvarchar](128) NULL,
	[Hostname] [nvarchar](128) NULL,
	[ClientIPAddress] [nvarchar](50) NULL,
	[ClientMAC] [nvarchar](20) NULL,
	[Application] [nvarchar](128) NULL,
	[Pid] [int] NULL,
	[Spid] [int] NULL,
	[RequestBytes] [bigint] NULL,
	[RequestArguments] [nvarchar](max) NULL,
	[RequestFilter] [nvarchar](max) NULL,
	[ResponseTime] [datetime] NULL,
	[ResponseBytes] [bigint] NULL,
	[ResponseColumns] [nvarchar](max) NULL,
	[ResponseRows] [int] NULL,
	[ErrorValue] [int] NULL,
	[ErrorMsg] [nvarchar](max) NULL
)
GO

CREATE NONCLUSTERED INDEX [IX_EnzoRxLog_Login] ON [dbo].[EnzoRxLog]
(
	[RequestTime] ASC, [Login] ASC
)
GO

CREATE NONCLUSTERED INDEX [IX_EnzoRxLog_Adapter] ON [dbo].[EnzoRxLog]
(
	[RequestTime] ASC, [Namespace] ASC, [Schema] ASC, [Handler] ASC
)
GO

You may need to create additional indexes to support the queries you will be running against the audit log.

You can point multiple installations of Enzo Server to the same audit log. One of the fields in the log contains the Enzo Server server name so you can filter audit by server.

Configure Auditing

To configure the audit log you must edit the EnzoUnifiedSvc.exe.config; this configuration file is found under the install directory of Enzo Server. Add the following section under the listeners node, set the connection string to the database that will store the audit data, and restart the Enzo Server service.


To use an SSPI context for database connection string, the service name running Enzo Server must have access to the database. Enzo Server only performs INSERT operations to the audit log database.


<txRequestLogging>
    <dbRequestLogs>
        <dbRequestLog name="auditlog" type="mssql" connectionString="Data Source=servername;Database=dbname;User ID=uid;Password=pwd" />
    </dbRequestLogs>
    <fileRequestLogs>
        <fileRequestLog name="default" />
    </fileRequestLogs>
</txRequestLogging>

Accessing the Audit Log


When configured, the log is stored on an external database of your choice and contains key audit fields, operation, and whether the operation succeeded or failed. To access the log, connect to the database that was configured to store the audit and execute this command:

SELECT TOP 100 * FROM EnzoRxLog

Because the audit log is stored externally and not directly accessible through Enzo Server, all 'sa' activity is logged and cannot be altered through Enzo. This provides strong separation of duties for information security purposes.

In addition, this audit log contains payload size of result data and the number of rows returned, allowing charge back allocation if desired.