Subscribe

UiPath Automation Suite

The UiPath Automation Suite Guide

Audit logs queries

Prerequisites


Before downloading audit logs for Apps in the Automation Suite setup, the following requirements must be met:

  • You must have access to the machine or virtual machine (VM) where UiPath services are hosted.

Optionally, you need to know the following:

  • Organization name for which the audit logs are needed (<orgName>).
  • User email for whom the audit logs need to be exported or deleted (<userEmail>).
  • Number of days between now and the day you want to get or delete audit logs for (<numDays>).

Getting audit logs queries


db.getCollection("audit-logs").find({
    __tenantId: '<orgName>',
    'userInfo.userEmail': '<userEmail>',
    timestamp: {
        $lte: (new Date().getTime() - 86400000 * <numDays>)
    }
});

For example, to get audit logs which are more than 180 days old for an organization named sampleOrg with user email [email protected], run the following query:

db.getCollection("audit-logs").find({
    __tenantId: 'sampleOrg',
    'userInfo.userEmail': '[email protected].com',
    timestamp: {
        $lt: (new Date().getTime() - 86400000 * 180)
    }
});

Deleting audit logs


db.getCollection("audit-logs").deleteMany({
    __tenantId: '<orgName>',
    'userInfo.userEmail': '<userEmail>',
    timestamp: {
        $lte: (new Date().getTime() - 86400000 * <numDays>)
    }
});

For example, to delete audit logs which are more than 180 days old for an organization named sampleOrg with user email [email protected], run the following query:

db.getCollection("audit-logs").deleteMany({
    __tenantId: 'sampleOrg',
    'userInfo.userEmail': '[email protected]',
    timestamp: {
        $lt: (new Date().getTime() - 86400000 * 180)
    }
});

Procedure


  1. Open a Command Prompt or Powershell.
  2. SSH into the virtual machine using the command below.
ssh <user>@<host>
[email protected]'s password: <password>
  1. Go to the root user using the command below.
sudo su
  1. Go to the root folder using the command below.
cd /
  1. Export KUBECONFIG using the command below.
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/var/lib/rancher/rke2/bin
  1. Get MongoDB URI using the command below.
kubectl -n mongodb get secrets/mongo-admin-user --template={{.data.MONGODB_URI}} | base64 -d
// copy and store the output till '/admin' (as highlighted in screenshot) for further use in next commands
17981798
  1. Go to the Mongo Replica Set's shell using the command below.
kubectl -n mongodb exec -it mongodb-replica-set-0 bash
  1. Retrieve audit records using the command below.
mongo '<mongodb-uri>' --tls --tlsCAFile /var/lib/tls/ca/ca.crt --quiet << EOF > /data/audit-fetch-query.json
use appstudio
db.getCollection("audit-logs").find({"__tenantId": "<orgName>", "userInfo.userEmail": "<userEmail>", "timestamp": {\$lte: (new Date().getTime() - 86400000 * <numDays>)}}).toArray()
EOF
  1. Delete audit records using the command below.
mongo '<mongodb-uri>' --tls --tlsCAFile /var/lib/tls/ca/ca.crt --quiet << EOF > /data/audit-delete-query.json
use appstudio
db.getCollection("audit-logs").deleteMany({"__tenantId": "<orgName>", "userInfo.userEmail": "<userEmail>", "timestamp": {\$lte: (new Date().getTime() - 86400000 * <numDays>)}})          
EOF
  1. Exit the Pod Shell using the command below.
exit
  1. Bring the files from the Pod to the VM using the command below.
kubectl -n mongodb exec -i mongodb-replica-set-0 -- sh -c 'cat /data/audit-fetch-query.json' > audit-fetch-query.json
kubectl -n mongodb exec -i mongodb-replica-set-0 -- sh -c 'cat /data/audit-delete-query.json' > audit-delete-query.json
  1. Exit the VM using the command below.
// exit the root user
exit
// exit the vm
exit
  1. Bring the files from the VM to Personal Machine using the command below.
    Note: SCP might not run on some PowerShells and may need to be installed.
scp <user>@<host>:/audit-fetch-query.json .
[email protected]'s password: <password>

scp <user>@<host>:/audit-delete-query.json .
[email protected]'s password: <password>

Updated 11 months ago


Audit logs queries


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.