Email Notification for audit log

dhiraj.pawar · December 12, 2023, 8:14am

Hello Team,
We have requirement for audit log with email alert.
Could please help to let us know feasibility of send email notification to admin user once log created in audit log?

Thanks,
Dhiraj Pawar

bschroeder · December 12, 2023, 12:02pm

You would like to send an e-mail every time a record is added to the audit log table? I don't believe that there is a first-party way to do that. You would need to run a gateway timer script at a frequency that is acceptable to your usage and query the audit log for all the records that have happened since the last time the script ran, compile them into a dataset, convert them to Excel, and then email to the appropriate users.

There will be a TON of records in a busy system.

dhiraj.pawar · December 12, 2023, 12:29pm

Hello bschroeder,
Thanks for responding. But due to continuous execution of timer script it can affect the performance of server.
I there is any another way to identify the new audit log added ?

Matrix_Engineering · December 12, 2023, 1:13pm

A 1000mS gateway script checking the last top 1 result compared to not equal to the last cached top 1 result is not going to bog down your server.

What it is going to do is seriously annoy your user base and potentially flood your ITs mailserver.

bschroeder · December 12, 2023, 1:16pm

This exactly. It's not getting the data, but the amount of emails that users will get.

DNice · December 12, 2023, 1:21pm

My modest system is 1.5 years old and I have >350k audit events recorded - I would NOT recommend sending an email everytime a record is added. Instead as Matrix_Engineering suggested have a GW script that checks (even once a min would probably be fine I'd guess) for a very specific audit event that brings value to your team - like a specific role login or a specific tag write event. If one of those types of events is present then shoot an email out. I'd recommend starting with the least number of emails as possible to avoid "crying wolf" and then no one looks at the emails anymore (been there).

PGriffith · December 12, 2023, 2:42pm

For what it's worth, this dubious requirement will be possible with the new event streams feature coming in 8.3, though all the required pieces may not be available in 8.3.0.

dhiraj.pawar · December 14, 2023, 5:17am

Hello,
Thanks all for the suggestion. We are not sending email for every new log created. We will identify specific log & send those only.

Thanks