RPC Audit Data Collection Tool

In this section, you will learn how to run the RPC Audit Data Collection Tool in order to collect recorded RPC audit data.

This tool is distributed as part of Corda Enterprise.

The RPC data recorded by the node is explained in detail on the RPC Audit Data Recording page.

Collecting RPC audit data

To enable the collection of recorded RPC Audit Data, we have provided a new RPC action with options for filtering data collection based on username, action, and a specific time range (by specifying startTime and endTime). All of these filters are optional and are not applied if not explicitly enabled.

The action is available on the AuditDataRPCOps interface.

fun collectRPCAuditData(
    format: Format = Format.JSON,
    username: String? = null,
    action: String? = null,
    startTime: Instant? = null,
    endTime: Instant? = null
) : String

To use the interface to collect audit data, ensure that the following permissions are set:

  • InvokeRpc.collectAuditData
  • InvokeRpc.nodeInfo

You can use the collectAuditData action with the following parameters:

  • format - either JSON or CSV (default: JSON)
  • username - filter by a specific user
  • action - filter by a specific action
  • startTime - filter RPC data after the startTime (inclusive)
  • endTime- filter RPC data before the endTime (exclusive)

Examples

Collecting RPC audit data for all actions over the last 7 days

fun collectRpcAuditData(rpc: AuditDataRPCOps): String {
    val startTime = Instant.now() - Duration.ofDays(7)
    val endTime = Instant.now()
    return rpc.collectAuditData(
        Format.JSON,
        startTime = startTime,
        endTime = endTime)
}
public String collectRpcAuditData(AuditDataRPCOps rpc) {
    Instant startTime = Instant.now() - Duration.ofDays(7)
    Instant endTime = Instant.now()
    return rpc.collectAuditData(
        Format.JSON,
        null,
        null,
        startTime,
        endTime);
}

Collecting RPC audit data for user “Alice” for the last 7 days

fun collectData(rpc: AuditDataRPCOps): String {
    val startTime = Instant.now() - Duration.ofDays(7)
    val endTime = Instant.now()
    return rpc.collectAuditData(
        Format.JSON,
        user = "Alice",
        startTime = startTime,
        endTime = endTime)
public String collectRpcAuditData(AuditDataRPCOps rpc) {
    Instant startTime = Instant.now() - Duration.ofDays(7)
    Instant endTime = Instant.now()
    return rpc.collectAuditData(
        Format.JSON,
        "Alice",
        null,
        startTime,
        endTime);
}

Collecting all available RPC data for a particular action

fun collectData(rpc: AuditDataRPCOps): String {
    return rpc.collectAuditData(
        Format.JSON,
        action = "startDynamicFlow")
}
public String collectRpcAuditData(AuditDataRPCOps rpc) {
    return rpc.collectAuditData(
        Format.JSON,
        null,
        "startDynamicFlow",
        null,
        null);
}

Purging RPC audit data

You can purge older audit logs that you don’t need (although the collection of RPC audit data usually results in a fairly small amount of disk space). To remove older audit data, use the following action on the AuditDataRPCOps interface:

/**
 * Removes any past audit data
 * NOTE: Exercise caution if you are allowing users access to this function.
 */
fun clearRPCAuditDataBefore(
    before: Instant
)

You can use the clearRPCAuditDataBefore action with the following parameter:

  • before - the cut-off time to keep audit data from - all audit data recorded before that time will be cleared (exclusive)

Example

Clearing all RPC audit data over a week old

fun clearWeekOldAuditData(rpc: AuditDataRPCOps) {
    val oneWeekAgo = Instant.now() - Duration.ofDays(7)
    rpc.clearAuditDataBefore(oneWeekAgo)
}
public void clearWeekOldAuditData(AuditDataRPCOps rpc) {
    Instant oneWeekAgo = Instant.now() - Duration.ofDays(7);
    rpc.clearAuditDataBefore(oneWeekAgo);
}