System Administration
Log Events and Access to Personal Data
The Stewardship Tier assists clients with corporate or regulatory compliance by logging all events related to processing personal data. The logs are created daily as .CSV files.
The Stewardship Tier creates a log entry every time an event executes in Stewardship Tier in any application, including each page load. By default, events on all pages are tracked; however, a System Administrator can set which pages are not tracked.
The log entry contains all information necessary to understand what was executed and by whom, including:
- Current Time
- User ID
- WebAppID
- PageID
- Page name
- Event name
- Primary Keys (if available)
- DrillDownKeys (if available)
A System Administrator enables or disables logging as needed. By default, logging is disabled.
Before logging can be enabled, a data source to store the logs must be defined.
This topic contains the following sections:
- Define the Data Source
- Enable Logging
- Enable and Disable Logging for Pages
- View Logs
- Enable Auditing for Tables with Personal Information
Define the Data Source
To define the data source:
-
Create a local file data source. Refer to Register a Data Source for more information.
NOTE: This data source’s path can be local on the web server or on a network. It is highly recommended that the logs be stored on a remote server.
-
Test the connection to the data source.
NOTE: The Stewardship Tier must have read and write permissions to the data source.
If the logs cannot be written to the data source specified because of a network or permissions issue, the logs are written to the installation directory logs folder. Syniti does not recommend writing these events to a local file on the application server. The logs should be written to a remote location, so as not to impact Stewardship Tier performance, and log size should be monitored using log management software. A warning message displays in the Stewardship Tier every hour that logs are written to the installation directory logs folder.
Enable Logging
To enable logging:
- Select Admin > Configuration > Parameters on the Navigation pane.
- Click the Logging Options tab.
- Click Edit.
- Select the data source in the Logging Data Source ID list box.
- Click Save.
- Click the Enable Page Logging button.
-
Set the Logging Retention Days, which is the number of days before the logs are deleted
NOTE: The default value, 0, indicates that the logs are not deleted.
NOTE: The daily log also tracks when logging is enabled or disabled and by whom.
Disable and Enable Logging for Pages
A System Administrator can disable logging for specific pages if the data on these pages is not related to personal data or does not need to be tracked.
To disable logging by page:
- Select Admin > Configuration > Parameters on the Navigation pane.
- Click the Logging Options tab.
- Click the Enable Logging By Page icon.
- Select a page or multiple pages.
- Click the Disable Page icon.
NOTE: To enable logging on a page that has had logging disabled, click the Enable Page icon.
NOTE: The daily log also tracks when logging is enabled or disabled for a page and by whom.
View Logs
When logging is enabled, the Stewardship Tier tracks every page event and every time a page is accessed and logs this information daily in a .CSV file, unless logging for a page has been disabled.
The logs are stored in a data source defined on the Parameters page on the Logging Options tab.
To download the current daily log, click the Download Most Recent Log File icon on the Logging Options tab.
Enable Auditing for Tables with Personal Information
On a client’s site, a System Administrator must enable auditing for any tables that contain personal data or that must be purged for compliance reasons.
At the client site, an Administrator must also set up auditing for these specific tables in the DataSource named “Data Garage'.
- dgTarget
- dgTargetSource
- dgTargetSourceTable
When a Data Controller updates any retention expiration date, an e-signature is required and captured in the audit records.
At the target, target source or table level, a Data Controller can update the retention expiration date, which sets when data is purged at that level. If this date is updated, it is audited and an e-signature is required.
To set up auditing, use the Stewardship Tier’s auditing feature. Refer to Enable Audit Trail and Electronic Signature for more information.