Guides

Audit Logs

Suggest Edits

Overview

Glassix has many logs documenting both general changes and security events.

You might want to save these logs on your end or preform actions based on your needs.

Glassix provides two integration methods for receiving said logs:

  1. Sending logs via Webhooks.
  2. Using logs in Functions.

Log Types

Glassix has two main log types:

  1. Informative - logs of general operations and management e.g., chatbot mapping, department name change, business hours update, etc.
  2. Security - logs regarding sensitive information and operations e.g., security settings changes, user logins, password changes, etc.

Logs Format

🚧

Note:

The initiatorUser and targetUser objects are sent only when applicable.

Informative

{
	"key": "9200c94a-13d7-4397-a52c-1728fc6bb670",
	"dateTime": "2024-01-07T12:23:16.9159993Z",
	"changes": [
		{
			"_event": "AUDIT_LOGS",
			"log": {
				"id": "8e548273-0418-4e7b-acd6-c79f7d31e3ec",
				"dateTime": "2024-01-07T12:23:16.7965229Z",
				"departmentId": "9200c94a-13d7-4397-a52c-1728fc6bb670",
				"initiatorUser": {
					"id": "aca76a89-8950-4424-b727-2f277c24a891",
					"gender": "Male",
					"UserName": "[email protected]",
					"culture": "en-US",
					"isAnonymous": false,
					"uniqueArgument": "",
					"type": "AGENT"
				},
				"ipAddress": "212.199.97.210",
				"message": "[email protected] changed chatbot mappings",
				"type": "ChatbotMappingsChange",
				"logType": "Informative"
			}
		}
	]
}

Security

{
	"key": "9200c94a-13d7-4397-a52c-1728fc6bb670",
	"dateTime": "2024-01-11T09:18:32.7608826Z",
	"changes": [
		{
			"_event": "AUDIT_LOGS",
			"log": {
				"id": "cb20ff99-25bb-400c-a8cd-9052fc5f6d3f",
				"dateTime": "2024-01-11T09:18:32.7452358Z",
				"departmentId": "9200c94a-13d7-4397-a52c-1728fc6bb670",
				"initiatorUser": {
					"id": "aca76a89-8950-4424-b727-2f277c24a891",
					"gender": "Male",
					"UserName": "[email protected]",
					"culture": "en-US",
					"isAnonymous": false,
					"uniqueArgument": "",
					"type": "AGENT"
				},
				"targetUser": {
					"id": "2bab1a91-b203-4127-a546-8636165e873a",
					"gender": "Male",
					"UserName": "[email protected]",
					"culture": "en-US",
					"isAnonymous": false,
					"uniqueArgument": "",
					"type": "AGENT"
				},
				"ipAddress": "212.199.97.210",
				"message": "[email protected] removed by [email protected]",
				"type": "UserRemoved",
				"logType": "Security"
			}
		}
	]
}

Send Logs via Webhooks

You can connect logs to your webhooks endpoint to receive a copy of the event's message to your systems. You can perform various actions using these logs, including documenting them in your systems.

  1. Go to Settings.

    Click on the symbol in the agent dashboard.

  2. In the Developers section, click on EventsWebhooksAdd +.
  3. Type a name for your webhook in the Name text box.
  4. In the Target text box, type <Your HTTPS Endpoint>.
  5. Use the checkbox to choose AUDIT_LOGS.
  6. Click Save.

Send logs to Syslog using Glassix functions

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, troubleshooting, and other essential IT operational tasks.

Syslog Format Example

<166>1 2024-01-15T11:19:07.00Z glassix.com glassix - ad681bbc-9608-4a2a-a283-717011f35c35 [data id="ad681bbc-9608-4a2a-a283-717011f35c35" dateTime="2024-01-15T11:19:07.7935597Z" departmentId="95b4ae47-a872-4dd5-920d-7b01d64288ad" initiatorUser_id="f4d56da7-f39f-4741-8c84-4b5b34e40ad3" initiatorUser_gender="Undefined" initiatorUser_UserName="[email protected]" initiatorUser_culture="en-US" initiatorUser_isAnonymous="false" initiatorUser_uniqueArgument="" initiatorUser_type="AGENT" targetUser_id="2563e94e-f68e-4cf8-b13b-17cfc95c437d" targetUser_gender="Undefined" targetUser_UserName="[email protected]" targetUser_culture="en-US" targetUser_isAnonymous="true" targetUser_uniqueArgument="" targetUser_type="AGENT" ipAddress="212.199.97.210" message="[email protected] removed role SystemUser from [email protected]" type="RoleRemoved" logType="Security"] RoleRemoved: [email protected] removed role SystemUser from [email protected]

Most Syslog servers support receiving messages using TCP or UDP protocols, and NOT HTTP.
As our webhooks events are sent using HTTP requests, you need to find a way to send these messages using TCP or UDP. One way of doing that is by utilizing our native functions integration.
Glassix functions can be triggered by events.

You can connect logs to trigger a function whenever an event occurs.
The log object passed to the function will contain information about the log message, such as message text, timestamp, and related users that were affected.

First, you will have to create a webhook function that can listen to events.

Function Examples

Sending audit logs to a Syslog server using TCP

🚧

Note:

You must import the net and glossy NPM. For more info on NPMs and Glassix read here.

import * as net from "net";
import * as glossy from "glossy";

const handler = async (key, dateTime, changes) => {
	let glassixLog = changes?.[0]?.log;

    if (!glassixLog.id) {
        console.error('Payload must contain a log "id"');
    };

    //Flatten the log object
    const mapObjProprties = (obj, output = {}, prefix = '') => {
        Object.entries(obj).forEach(([key, val]) => {
            if (val && typeof val == 'object') mapObjProprties(val, output, prefix + key + '_');
            else output[prefix + key] = val;
        });
        return output;
    };

    glassixLog = mapObjProprties(glassixLog);

    try {
        //Open TCP Connection
        const Syslog = glossy.Produce;
        const syslogServerHost = process.env.SYSLOG_SERVER_HOST; // Your server's hostname
        const syslogServerPort = process.env.SYSLOG_SERVER_PORT; // Syslog listener port
        const socket = new net.createConnection(syslogServerPort, syslogServerHost);

        const connectToServer = () => new Promise((resolve, reject) => {
            socket.on('connect', () => {
                resolve(true)
            });

            socket.on('error', function(error) {
                resolve(false)
            });

            socket.on('timeout', function(error) {
                resolve(false)
            })
        });

        const isConnected = await connectToServer();

        if (isConnected) {
            const producer = new Syslog({ type: 'RFC5424', app_id: 'glassix', host: 'glassix.com' });
           
            const logData = {
                facility: 'local4', // You can override the default facility here if needed
                severity: 'info', // Log severity level
                appName: 'glassix', // Log source application
                date: glassixLog.dateTime, // Log timestamp
                msgID: glassixLog.id,
                message: `${glassixLog.type}: ${glassixLog.message}`,
                structuredData: { data: glassixLog }
            };

            // Convert the log data to the syslog format
            const syslogMessage = producer.produce(logData);


            // Send the syslog message to the server
            socket.write(syslogMessage);


            // Close the socket connection after sending the message
            socket.end();
        }


        socket.end();
    } catch (e) {
        console.log(e)
    }
};

Sending audit logs to a Syslog server using UDP

🚧

Note:

You must import the dgram and glossy NPM. For more info on NPMs and Glassix read here.

import * as dgram from "dgram";
import * as glossy from "glossy";

const handler = async (key, dateTime, changes) => {
	try {
        // Define UDP 
        const Syslog = glossy.Produce;
        const client = dgram.createSocket('udp4');
        const syslogServerHost = process.env.SYSLOG_SERVER_HOST; // Your server's hostname
        const syslogServerPort = process.env.SYSLOG_SERVER_PORT; // Syslog listener port

        let glassixLog = changes?.[0]?.log;

	    if (!glassixLog.id) {
            console.error('Payload must contain a "id" key');
        };

        const mapObjProprties = (obj, output = {}, prefix = '') => {
            Object.entries(obj).forEach(([key, val]) => {
                if (val && typeof val == 'object') mapObjProprties(val, output, prefix + key + '_');
                else output[prefix + key] = val;
            });
            return output;
        };

        glassixLog = mapObjProprties(glassixLog);

        // Create a glossy producer
        const producer = new Syslog({type: 'RFC5424', app_id: 'glassix', host: 'glassix.com'});

        // Log a message
        const logData = {
            facility: 'local4', // You can override the default facility here if needed
            severity: 'info', // Log severity level
            appName: 'glassix', // Log source application
            date: glassixLog.dateTime, // Log timestamp
            msgID: glassixLog.id,
            message: `${glassixLog.type}: ${glassixLog.message}`,
            structuredData: { data: glassixLog }
        };

        // Convert the log data to the syslog format
        const syslogMessage = producer.produce(logData);
        const packet = Buffer.from(syslogMessage)

        client.send(packet, syslogServerPort, syslogServerHost, (err) => {
            if (err) {
                console.error('Failed to send syslog.')
            } else {
                console.log('Syslog sent successfully!')
            }
            client.close();
        });
    } catch (e) {
        console.log(e)
    }
};

Next, we will have to connect our function to the audit logs event type.

  1. Go to Settings.

    Click on the symbol in the agent dashboard.

  2. In the Developers section, click on EventsFunctionsAdd +.
  3. Fill Name.
  4. From the Events drop-down select AUDIT_LOGS.
  5. From the Functions drop-down select your desired function.
  6. Click Save.

Updated 10 months ago