Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Security event logging

Security event logging

In addition to data and rule modification auditing, plus recording work history, Pega provides the ability to record security-related events to a file named PegaRULES-SecurityEvent.log. This log file can be accessed from Dev Studio using: Configure > System > Operations > Logs > Log files.

Log files

Below are two example security event log entries. Notice that each entry is recorded using JSON format.

{"id":"6e11a563-fd93-46d8-9de0-3963fb43a70f","eventCategory":"Security administration event","eventType":"security event configuration changed","appName":"Booking","tenantID":"shared","ipAddress":"192.168.118.1","timeStamp":"Fri 2019 Jul 12, 17:30:54:274","operatorID":"Admin@Booking","nodeID":"ff9ef7835fd4906aea82694c981938d0","message":"security event configuration has been modified.","requestorIdentity":"20190710T213105"}

{"id":"ed76e8a7-ea28-4e9a-8830-01e8e90301ae","eventCategory":"Authentication event","eventType":"Operator record change","appName":"Booking","tenantID":"shared","ipAddress":"192.168.118.1","timeStamp":"Fri 2019 Jul 12, 17:41:24:976","operatorID":"Admin@Booking","nodeID":"ff9ef7835fd4906aea82694c981938d0","requestorIdentity":"20190710T213105","operatorRecID":"DATA-ADMIN-OPERATOR-ID ADMIN@BOOKING","operatorRecName":"Admin","operation":"update"}

Using: Configure > Org & Security > Tools > Security > Security Event Configuration, displays which type of events are recorded. At the bottom is the ability to enable or disable Custom event logging.

Custom events
Note: The Security Event Configuration only allows you to turn custom events on or off.

This setting does not provide control over when individual custom events are logged. You could, for example, define a parameterized When rule used to control whether a step in a Data Transform or Activity step should record a custom security event. The When rule’s parameter could be used to perform a Data Page-mediated lookup to see whether logging of the custom event has been enabled.

Custom event logging can be used to facilitate the fulfillment of Client-Based Access Control (CBAC) auditing requirements.

It is possible to log a custom event within an Activity java step using:

tools.getSecEventLogger().logCustomEvent(PublicAPI tools, String eventType, String outcome, String message, Map<String, String> customFlds)

With the parameter values:

  • eventType: Name of the event type to keep track of custom events
  • outcome: The outcome of the event
  • message: Any message that a user needs to log as part of the event.
  • customFlds: A map of key-value pairs that log extra information for the event. 

A better long term approach, however, would be to execute this API with a Rule-Utility-Function. This is because future versions of Pega platform may curtail the use of java steps in Activities.

According to the help topic Adding a custom security event, to record a custom security event you would create a java step within an activity.

It would be overly complex to require code that calls a Function to supply a StringMap (Map<String, String>) customFlds parametter. The Function could instead accept a text-based ValueGroup Property. That ValueGroup Property can be converted to a StringMap within the Function. The following steps describe how you could configure this function.

  1. Create a Library and Function
  2. Have the Function accept four parameters (String, String, String, ClipboardProperty)
  3. The supplied ClipboardProperty must be a ValueGroup
  4. The Function converts the ValueGroup ClipboardProperty to a locally declared Map<String, String> customFlds variable 
PublicAPI tools = null;
PRThread thisThread = (PRThread)ThreadContainer.get();
if (thisThread != null) tools = thisThread.getPublicAPI();
else throw new PRAppRuntimeException("Pega-RULES", 0, "Unable to obtain current thread");
Map<String, String> customFldsMap = new HashMap<String, String>();
java.util.Iterator iter = customFlds.iterator();
while (iter.hasNext())

{ ClipboardProperty prop = (ClipboardProperty)iter.next();
customFldsMap.put(prop.getName(), prop.getStringValue());
}
tools.getSecEventLogger().logCustomEvent(tools, eventType, outcome, message, customFldsMap);

Below is an example of a custom security event.

{"id":"c86a4299-9355-418b-b95d-519f842693d1","eventCategory":"Custom event","eventType":"FooBla","appName":"Booking","tenantID":"shared","ipAddress":"192.168.118.1", "timeStamp":"Fri 2019 Jul 12, 17:46:05:284","operatorID":"Admin@Booking", "nodeID":"ff9ef7835fd4906aea82694c981938d0","outcome":"Fail","message":"FooBla failed","requestorIdentity":"20190710T213105"}

 

Note: The event category for every custom security event is “Custom Event”. To enable or disable logging of a specific custom security event type, you would need to use the (custom) eventType value as a When rule parameter. The When rule would use the parameter to perform a node-level Data Page lookup. If the lookup shows that logging of the custom eventType is enabled, the When rule would return “true”. In turn, the custom security event-logging function (RUF) would be called.

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice