Table of contents

Audit Watson Studio Local records

Watson Studio Local logs an audit record of user login attempts (either from the sign in page or using the validateAuth REST API) to the Watson Studio Local cluster.

You can use the following REST API endpoint to download the DSX_AUDIT_RECORD content as JSON:

GET https://9.87.654.321/api/v1/log/getDSXAudit

Example:

curl -i -o dsx_audit_record.txt \
-H  "authorization: Bearer $bearerToken" \
-X GET
"{clusterIp}/api/v1/log/getDsxAudit?from=2018-03-05T12:00:00&to=2018-03-06T12:00:00"

where $bearerToken represents your bearer token, from=2018-03-05T12:00:00 represents an optional parameter for any login attempt on or newer than that ISO8601 timestamp, and to=2018-03-06T12:00:00 represents an optional parameter for any login attempt on or older than that ISO8601 timestamp. You can specify one or both timestamp parameters; if no timestamps are specified, then all login attempts are returned.

JSON response:

{"DSX_AUDIT_RECORDS":[
  { "timestamp: timestamp of the log
     status: Notification level of the log (error, warning, info,
notice)
     host: host of the nginx instance 
     container: docker container name. 
     log: nginx log containing the DSX_AUDIT_RECORD },
     ...
 ]
 success: boolean
 error_message: error message if success is false
}

All audit records are retained for a default of 10 days before they are automatically deleted. The Watson Studio Local administrator can modify the log retention settings by clicking Settings from the admin user profile icon and under Refresh and alert settings, typing in a new duration in the Log retention (days) field.

Tip: The admin should download the user login audit records using the REST API periodically, before they are automatically deleted for long term storage, for example, QRadar.