Audit Log / Filtering Audit Events for Vocera Analytics |
Filters are specified in the Audit property configuration files.
The default filters are specified in the default properties file, found at /opt/EXTENSION/conf/audit/audit.properties.
You can add to or replace the default filters by creating a .user properties file at /opt/EXTENSION/conf/audit/audit.user.properties.
The default filters are:
filter.01=interfaceRefName~/Data\\s*Export/ filter.02=component~/^DataExport$/ filter.03=rawMessage~/\\bSignalingPretimeoutNotification\\b/ filter.04=rawMessage~/\\bWakeupNotification\\b/
To override the filters without replacing them, place the following in /opt/EXTENSION/conf/audit/audit.user.properties:
filter.01= filter.02= filter.03= filter.04=
To change the existing filters, specify new values for the same filters.
To add a filter, use a new filter name such as "filter.05".
Filters are specified using one or more conditions. Conditions are composed of the Audit field/property and a regular expression that the field/property must match. They are formatted in the property file as follows:
filter.<number>=<audit field or property>/<regular expression>/,<audit field or property>/<regular expression>/,...
Where:
Use a comma or space (or anything that doesn't look like a condition) to separate multiple conditions.
A filter matches an Audit event if all conditions match. The regular expression can match anywhere in the value. To match the complete value, use anchors in the regular expression; for example, /DataExport/ will match MyDataExport, but /^DataExport$/ will not.
Filters will never match warning or error level Audit events. Filtering only applies to INFO level events.
Filters can be tested by viewing /opt/EXTENSION/log/EIAudit.log. All filtered Audit events are logged as INFO log entries starting with {{Filtered :}} followed by the JSON for the Audit event.