Abonnieren

UiPath Process Mining

The UiPath Process Mining Guide

Einrichten von Überwachungsprotokollen

Einleitung

For reasons of compliance, it may be needed to have an audit trail. UiPath Process Mining enables you to create audit trails by means of the Audit Logs functionality. Audit Logs record events in chronological order.
This guide describes:

  • The categories for log entries;
  • How to set up Audit Logs;
  • Exporting the audit logs.

Protokolle

Every entry in the audit log contains:

  • a version number,
  • a timestamp,
  • the identification number of the UiPath Process Mining instance that logged the entry,
  • session information,
  • a log entry.

Session information

The following table describes the elements of the session information.

ElementDescription
clientIPThe IP address of the system from which the action was triggered.
isSuperAdminIndicates whether the user is a Superadmin user.
isDataServerIndicates whether the action was taken as the Data Server.
endUserIdThe ID of the user.
endUserOrganizationIdThe ID of the user’s organization.
superAdminUserIdThe impersonated User ID of the Superadmin user.
Note: Only applicable if isSuperAdmin is True.

Log entries

The audit log distinguishes the following categories for log entries.

  • User authentication, for example logins,
  • User management actions, for example add/remove users and change password.
  • Releases, creation, deletion, activation, etc.,
  • Data accesses, for example project viewed with datasets, delete dataset, upload data, upload/change files, refresh/load, etc.,
  • Data exports by the end user,
  • Changes to server settings,
  • Changes to the license information,
  • Errors related to data leaks.

The categories are described in more detail in Category Details.

📘

Hinweis:

Changes to any of these categories are only detected when updated from the UiPath Process Mining Superadmin pages. Changes performed directly on the installation are not logged to the audit log.

Setting up the Audit Logs

By default, Audit Logs functionality is disabled. To enable the Audit Logs you must create the folder in which the log files will be stored.

Follow these steps to create a new folder for the Audit Logs and to display the security settings for the folder.

StepAction
1Go to your UiPath Process Mining installation folder .
2Create a new folder and rename it to auditlogs.
3* Right-click on the auditlogs folder and select Properties.
- Go to the Security tab.
- Click on Advanced….
The inherited access rights of the auditlogs folder are displayed.

Access Rights

Since Audit Logs are used for compliance and security strict access rules must be applied to the auditlogs folder, its subfolders and files.

  1. Set the access rights for the folder, subfolders and files for the platform accounts.
  2. Set up read-only access for auditors who are allowed to read the audit logs.
  3. Disable inherited permission.

Access rights for the accounts running the platform

❗️

Hinweis:

Changing the access rights on the audit logs will be difficult afterwards. Make sure to carefully consider the features you plan on using for the UiPath Process Mining platform. For example, if you plan on using Windows tasks to automate cache generations, make sure to also give the user account which will run the task also these access rights.

Audit logs are written using the user account for the Application Pool. The user account needs write access to the folder, its subfolders, and files to be able to add log files and log entries.

If you are using, or plan to use, task scheduler scripts to generate caches automatically, the user account running the task also needs to have the same access rights as the user account for the Application Pool. For example, in a default environment, you will have to set access rights for the IIS_IUSRS and SYSTEM accounts.

The steps below must be performed for all accounts running the platform. In a default situation, this will be:

  • IIS_IUSRS
  • SYSTEM
    If there are other accounts that run the platform, for example to automatically generate caches, these steps must be performed as well.
    In the steps below, these accounts are referred to as ‘account’.

Follow these steps to set the access rights for the auditlogs folder.

StepAction
1Click on Addin the Advanced Security Settings dialog.
2Click on Select a principal.
3Select the account and click on OK.
4Select This folder only in the Applies to list.
5Click on Show advanced permissions.
6Click on Clear all.
7Enable Create folders/append data and click on OK.

📘

Hinweis:

If the account is a user group, e.g. IIS_IUSRS, then you must also enable List folder / read data.

Follow these steps to set the access rights for the subfolders and files in the auditlogs folder.

StepAction
1Click on Add in the Advanced Security Settings dialog.
2Click on Select a principal.
3Select the account and click on OK.
4Select Subfolders and files only in the Applies to list.
5Click on Show advanced permissions.
6Click on Clear all.
7Enable Create files/write data and click on OK.

Access rights for auditors

To view the audit log files, the auditor role on the server can access the <PLATFORMDIR>\auditlogs folder.

Follow these steps to set up read-only access for users who are allowed to read the audit log files.

StepAction
1Click on Add in the Advanced Security Settings dialog.
2Click on Select a principal.
3Select the user who you want to give read-only access and click on OK.
Note: You must select a user. This does not work for groups.
4Select This folder, subfolders and files in the Applies to list.
5Enable Read & Execute, List folder contents, and Read.
6Click on OK.

Disable inherited permissions

Follow these steps to disable inheritance and to complete the set up for the Audit Logs.

StepAction
1Click on Disable inheritance in the Advanced Security Settings dialog.
2Click on OK to save all the access right settings and to close the Advanced Security Settings.
3Close the Properties dialog.

Exporting the audit logs

To export the audit logs you use the Dataserver - ExportAuditLogs function. Use the out= parameter to specify the name and location of the export file.

📘

Hinweis:

The ExportAuditLogs function merges individual logs into a single .csv file without regard for the order of the events.

Follow these steps to export the audit logs.

StepAction
1Open a Windows Command Prompt dialog.
2Navigate to the <PLATFORMDIR> folder.
3Enter the following command:
builds\processgold.bat -DataServer -ExportAuditlogs out=auditlogs\auditlogs.csv.

The auditlogs.csv is created in the auditlogs folder.

📘

Hinweis:

You can use the following command to get help on the Dataserver – ExportAuditLogs function.
builds\processgold.bat -DataServer -? ExportAuditLogs

Vor etwa einem Monat aktualisiert

Einrichten von Überwachungsprotokollen


Auf API-Referenzseiten sind Änderungsvorschläge beschränkt

Sie können nur Änderungen an dem Textkörperinhalt von Markdown, aber nicht an der API-Spezifikation vorschlagen.