Enabling enhanced audit logging

If your company needs to maintain an audit history of actions that are completed against your shoppers' personal data, you can enable enhanced audit logging.

About this task

The enhanced audit logging uses the AuditLogging helper to log any action that is completed against a shopper's personal data. The audit logging also includes the user that completed the action and the type of data affected.
  • Any REST API read operation that is performed on a shopper's personal data by anyone other than the shopper is logged. For instance, if one of your customer service representatives accesses data for a shopper, the action is logged.
  • Any REST API update or delete operation that is performed on shopper personal data is logged.
For more information about the types of personal data that your site can collect by default, see Data collection.

Procedure

  1. Create a custom Docker image to set the trace specification. Then, you can distribute the custom Docker image.
    1. Create a Dockerfile for the target Docker image.
    2. In the Dockerfile, define the Run Engine command to set your trace specification.
      For example,
      run set-trace-specification com.ibm.commerce.businessaudit.util.AuditLoggingHelper=all
    3. Create a Docker image with the Dockerfile.
  2. Enable trace for the following logger: com.ibm.commerce.businessaudit.util.AuditLoggingHelper. The trace string resembles the following string.
     com.ibm.commerce.businessaudit.util.AuditLoggingHelper=all

Results

Audit log updates are added to the WC_profiledir/logs/server_name/trace.log file.

Example

Example log entries:
[2/9/18 14:29:21:925 EST] 00000161 AuditLoggingH A com.ibm.commerce.rest.member.handler.PersonHandler 
    findByUserId(String storeId, String userId)  [ audit=customer ] [ sourceIp=127.0.0.1 ] CWXCM0001A User csr1 (11003) read personal data of user shopper12 (13005)
[3/16/18 13:43:49:405 IST] 000002ea AuditLoggingH A com.ibm.commerce.user.beans.UserDisplayDataBean populate 
    [ audit=customer ] [ sourceIp=0:0:0:0:0:0:0:1 ] CWXAC0001A: User wcsadmin (-1000) read personal data of user aur_csr001 (8002)
[3/16/18 13:43:55:353 IST] 000002ea AuditLoggingH A com.ibm.commerce.usermanagement.commands.UserRegistrationAdminUpdateCmdImpl 
    performExecute [ audit=customer ] [ sourceIp=0:0:0:0:0:0:0:1 ] CWXAC0003A: User wcsadmin (-1000) updated personal data of user aur_csr001 (8002)
[3/16/18 13:45:00:631 IST] 00000050 AuditLoggingH A com.ibm.commerce.order.beans.OrderDataBean populate 
    [ audit=customer ] [ sourceIp=0:0:0:0:0:0:0:1 ] CWXAC0001A: User wcsadmin (-1000) read order of user aur_user001 (3002)
[3/16/18 13:45:15:029 IST] 00000050 AuditLoggingH A com.ibm.commerce.orderitems.commands.OrderItemBaseCmdImpl performExecute 
    [ audit=customer ] [ sourceIp=0:0:0:0:0:0:0:1 ] CWXAC0003A: User wcsadmin (-1000) updated order of user aur_user001 (3002)