process-mining
2021.10
true
UiPath logo, featuring letters U and I in white
Process Mining
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Sep 2, 2024

Set up Audit Logs

Introduction

For reasons of compliance, it may be needed to have an audit trail. UiPath Process Mining enables you to create audit trails by means of the Audit Logs functionality. Audit Logs record events in chronological order.

This guide describes:

  • The categories for log entries;
  • How to set up Audit Logs;
  • Exporting the audit logs.

Audit Logs

Every entry in the audit log contains:

  • a version number,
  • a timestamp,
  • the identification number of the UiPath Process Mining instance that logged the entry,
  • session information,
  • a log entry.

Session information

The following table describes the elements of the session information.

Element

Description

clientIP

The IP address of the system from which the action was triggered.

isSuperAdmin

Indicates whether the user is a Superadmin user.

isDataServer

Indicates whether the action was taken as the Data Server.

endUserId

The ID of the user.

endUserOrganizationId

The ID of the user’s organization.

superAdminUserId

The impersonated User ID of the Superadmin user.

Note: Only applicable if isSuperAdmin is True.

Log entries

The audit log distinguishes the following categories for log entries.

  • User authentication, for example logins,
  • User management actions, for example add/remove users and change password.
  • Releases, creation, deletion, activation, etc.,
  • Data accesses, for example project viewed with datasets, delete dataset, upload data, upload/change files, refresh/load, etc.,
  • Data exports by the end user,
  • Changes to server settings,
  • Changes to the license information,
  • Errors related to data leaks.

The categories are described in more detail in Category Details.

Note: Changes to any of these categories are only detected when updated from the UiPath Process Mining Superadmin pages. Changes performed directly on the installation are not logged to the audit log.

Setting up the Audit Logs

By default, Audit Logs functionality is disabled. To enable the Audit Logs you must create the folder in which the log files will be stored.

Follow these steps to create a new folder for the Audit Logs and to display the security settings for the folder.

Step

Action

1

Go to your UiPath Process Mining installation folder <PLATFORMDIR>.

2

Create a new folder and rename it to auditlogs.

3

  • Right-click on the auditlogs folder and select Properties.
  • Go to the Security tab.
  • Click on Advanced….

The inherited access rights of the auditlogs folder are displayed.

Access rights

Since Audit Logs are used for compliance and security strict access rules must be applied to the auditlogs folder, its subfolders and files.

  1. Set the access rights for the folder, subfolders and files for the platform accounts.
  2. Set up read-only access for auditors who are allowed to read the audit logs.
  3. Disable inherited permission.

Access rights for the accounts running the platform

Important: Changing the access rights on the audit logs will be difficult afterwards. Make sure to carefully consider the features you plan on using for the UiPath Process Mining platform. For example, if you plan on using Windows tasks to automate cache generations, make sure to also give the user account which will run the task also these access rights.

Audit logs are written using the user account for the Application Pool. The user account needs write access to the folder, its subfolders, and files to be able to add log files and log entries.

If you are using, or plan to use, task scheduler scripts to generate caches automatically, the user account running the task also needs to have the same access rights as the user account for the Application Pool. For example, in a default environment, you will have to set access rights for the IIS_IUSRS and SYSTEM accounts.

The steps below must be performed for all accounts running the platform. In a default situation, this will be:

  • IIS_IUSRS
  • SYSTEM

If there are other accounts that run the platform, for example to automatically generate caches, these steps must be performed as well.

In the steps below, these accounts are referred to as ‘account’.

Follow these steps to set the access rights for the auditlogs folder.

Step

Action

1

Click on Addin the Advanced Security Settings dialog.

2

Click on Select a principal.

3

Select the account and click on OK.

4

Select This folder only in the Applies to list.

5

Click on Show advanced permissions.

6

Click on Clear all.

7

Enable Create folders/append data and click on OK.

Note: If the account is a user group, e.g. IIS_IUSRS, then you must also enable List folder / read data.

Follow these steps to set the access rights for the subfolders and files in the auditlogs folder.

Step

Action

1

Click on Add in the Advanced Security Settings dialog.

2

Click on Select a principal.

3

Select the account and click on OK.

4

Select Subfolders and files only in the Applies to list.

5

Click on Show advanced permissions.

6

Click on Clear all.

7

Enable Create files/write data and click on OK.

Access rights for auditors

To view the audit log files, the auditor role on the server can access the <PLATFORMDIR>\auditlogs folder.

Follow these steps to set up read-only access for users who are allowed to read the audit log files.

Step

Action

1

Click on Add in the Advanced Security Settings dialog.

2

Click on Select a principal.

3

Select the user who you want to give read-only access and click on OK.

Note: You must select a user. This does not work for groups.

4

Select This folder, subfolders and files in the Applies to list.

5

Enable Read & Execute,List folder contents, and Read.

6

Click on OK.

Disable inherited permissions

Follow these steps to disable inheritance and to complete the set up for the Audit Logs.

Step

Action

1

Click on Disable inheritance in the Advanced Security Settings dialog.

2

Click on OK to save all the access right settings and to close the Advanced Security Settings.

3

Close the Properties dialog.

Exporting the Audit Logs

To export the audit logs you use the Dataserver - ExportAuditLogs function. Use the out= parameter to specify the name and location of the export file.
Note: The ExportAuditLogs function merges individual logs into a single .csv file without regard for the order of the events.

Follow these steps to export the audit logs.

Step

Action

1

Open a Windows Command Prompt dialog.

2

Navigate to the <PLATFORMDIR> folder.

3

Enter the following command:

builds\processgold.bat -DataServer -ExportAuditlogs out=auditlogs\auditlogs.csv.
The auditlogs.csv is created in the auditlogs folder.
Note:
You can use the following command to get help on the Dataserver – ExportAuditLogs function.

builds\processgold.bat -DataServer -? ExportAuditLogs

  • Introduction
  • Audit Logs
  • Session information
  • Log entries
  • Setting up the Audit Logs
  • Access rights
  • Exporting the Audit Logs

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.