Package com.sas.lsaf.query.audit

Interface AuditQueryService

public interface AuditQueryService
The service to extract audit information to a file. The methods in the service require the current user to have the View Audit History privilege.
Since:
2.3

  • Method Details

    • executeAuditEntryQuery

      String executeAuditEntryQuery(AuditEntryQuery query, ExtractFileCreateInfo file) throws QueryException
      Extracts audit entries to a file based on the specified query. This method requires the current user have the View Audit History privilege. If the query results exceed the row limit (default is 10 million), a QueryLimitException will be thrown.

      Here is a simple example that queries audit entries, which includes all available columns, for a specific user sorted by date. 

       
 AuditEntryQuery query = new AuditEntryQuery();
 query.select(AuditEntryQuery.ALL);
 query.constrain(Comparison.equal(AUDIT_ENTRY_USERID, "userxyz"));
 query.order(Order.descending(AUDIT_ENTRY_TIMESTAMP));
 service.executeAuditEntryQuery(query, fileInfo);

      Here is an example of a more complex query of audit entries for logins, successful or unsuccessful, within the last month, sorted first by userid and then by date. 

       
 AuditEntryQuery query = new AuditEntryQuery();
 query.select(AUDIT_ENTRY_USERID, AUDIT_ENTRY_ACTION, AUDIT_ENTRY_TIMESTAMP);
 Date oneMonthAgo = DateUtils.addMonths(new Date(), -1);
 query.constrain(
         Condition.and(
                 Condition.or(
                         Comparison.equal(AUDIT_ENTRY_ACTION, AuditConstants.ACTION_SESSION_LOGON_SUCCESSFUL),
                         Comparison.equal(AUDIT_ENTRY_ACTION, AuditConstants.ACTION_SESSION_LOGON_FAILED)),
                 Comparison.greaterThan(AUDIT_ENTRY_TIMESTAMP, oneMonthAgo.getTime())));
 query.order(Order.descending(AUDIT_ENTRY_USERID), Order.ascending(AUDIT_ENTRY_TIMESTAMP));
 service.executeAuditEntryQuery(query, fileInfo);
      Parameters:
      query - The audit criteria with which to query.
      file - The method to add the query output file.
      Returns:
      The path to the query output file.
      Throws:
      QueryException - Thrown when there is an issue generating the query.

    • executeAuditEntryDetailQuery

      String executeAuditEntryDetailQuery(AuditEntryDetailQuery query, ExtractFileCreateInfo file) throws QueryException
      Extracts audit entries with details to a file based on the specified query. Each detail is in a separate row that includes the parent audit entry information. This method requires the current user have the View Audit History privilege. If the query results exceed the row limit (default is 10 million), a QueryLimitException will be thrown.

      Here is a simple example that queries audit entries with details, which includes all available columns, for a specific user sorted by date. 

       AuditEntryDetailQuery query = new AuditEntryDetailQuery();
 query.select(AuditEntryDetailQuery.ALL);
 query.constrain(Comparison.equal(AUDIT_ENTRY_USERID, "userxyz"));
 query.order(Order.descending(AUDIT_ENTRY_TIMESTAMP));
 service.executeAuditEntryDetailQuery(query, fileInfo);

      Parameters:
      query - The audit criteria with which to query.
      file - The method to add the query output file.
      Returns:
      The path to the query output file.
      Throws:
      QueryException - Thrown when there is an issue generating the query.