Hello team,
We have security policy requirement where we want to track the user activity in QEM. This activity should be logged to a centralized and immutable destination. I have cheked teh enhancement and the solution proposed in https://community.qlik.com/t5/Suggest-an-Idea/QEM-Audit-Log-Automation/idc-p/1805995.
However, the solution looks cumbersome to me. It would require us to configure a separate module to read the audit logs from API and ship it to centralized log repository.
This information is already logged to <Enterprise Manager installation folder>\data\AuditTrail\audit_service location, however is not readable. I would like to request an enhancement to make this plaintext and readable OR simply log this information to the general Enterprise Manager log file.
Most logging tools like Elastisearch, Splunk, Cloudwatch and other provide log forwarding capabilities. I can simply hookup a filebeats agent or logstash to ship the audit log file to Elasticsearch for further analysis.
Thanks!