Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Suggest an Idea

Announcements
This page is no longer in use. To suggest an idea, please visit Browse and Suggest.

QEM Audit Log Automation

MRodriguez
Contributor III
Contributor III
‎2020-09-09 12:35 PM

QEM Audit Log Automation

Creating a new idea based off my comment in this idea pre request from CSM: https://community.qlik.com/t5/Ideas/QEM-Features/idc-p/1742053/highlight/true#M3409

I have a requirement as part of our Enterprise Security Policy that states all applications should be able to routinely generate log data around user activity and send it to a centralized log monitoring solution for review. The Audit Log file contains all the data necessary to meet this requirement, however, it's only possible to generate this file manually by clicking on the button in the UI.

I'd like to request functionality that allows for any of the below options:

  1. Scheduled execution of the generation of this report (with a customizable schedule) to a folder on the QEM server
  2. An endpoint within the QEM API to request this data as a stream or file
  3. The ability to configure QEM to automatically emit this data out in realtime (as it happens) to an external system

Thanks!

Status: Delivered Submitted by Contributor III on ‎2020-09-09 12:35 PM
1,760 Views
4 Comments
Shelley_Brennan
Former Employee
Former Employee
‎2020-12-23 08:38 AM

We are planning an EM API to provide audit trail information in JSON format.  It should be part of the upcoming April 2021 release.  Thank you!

Status changed to: Open - In Development
prashant_pandey
Employee
Employee
‎2021-02-01 02:04 PM

Very happy to hear that this will be released in April '21! I'm in an active POC right now where the prospect has the same requirement. Prospect needs to be able to continuously consume the QEM Audit Trail log using an API. During the POC, prospect communicated a broad requirement to be able to consume as much log data as possible into Splunk. The goal is to mine all available information across systems to be able to generate end to end insights (using analytics, ML, and AI)  and move towards addressing issues proactively before they occur. 

Prabodh
Creator II
Creator II
‎2021-05-06 07:46 PM

Hi,

We have similar security policy requirement. However, the solution discussed here looks cumbersome to me. It would require us to configure a separate module to read the audit logs from API and ship it to centralized log repository.

This information is already logged to <Enterprise Manager installation folder>\data\AuditTrail\audit_service location, however is not readable. I would like to request an enhancement to make this plaintext and readable OR simply log this information to the general Enterprise Manager log file.

Most logging tools like Elastisearch, Splunk, Cloudwatch and other provide log forwarding capabilities. I can simply hookup a filebeats agent or logstash to ship the audit log file to Elasticsearch for further analysis.

Thanks!

Shelley_Brennan
Former Employee
Former Employee
‎2021-05-12 09:57 AM

The May 2021 release of Enterprise Manager now includes an API for exporting audit trial information.  Thank you!

Status changed to: Delivered
Subscribe by Topic