# Admin console settings

The Admin console settings page lets partners control audit log replication across customer accounts by configuring a single setting.

The audit log streaming feature enables partners to stream their customers’ audit log activities, including job history, recipe step details, and user activity, to a log provider. This feature is an add-on. Contact your Workato Success Representative to enable this feature.

When the audit log streaming feature is enabled, Workato creates a JSON file for each job and event in your customer accounts and sends it to your provider of choice through the HTTP POST method.

# Audit log streaming

Audit log streaming Audit log settings in the Admin console

Audit log streaming lets partners store audit events from all customer accounts and their admin accounts in a single destination with a one-time setup.

Audit events include:

  • Job summaries
  • Job details
  • User activity (log-ins, team changes, asset creation, edits, and deletions)

# JSON file details

Workato creates a JSON file for each event. The file path and name have the following format.

user_id/jobs/recipe_id/date/formated_job_id/user_id-recipe_id-job_id-time_and_date-status.json
User ID
This unique ID correcsponds to an individual customer account.
Recipe ID
This unique ID corresponds to a specific recipe.
Job ID
This unique ID corresponds to a specific job.
Formatted job ID
The job ID expanded into a 21-digit number (left padded with 0s) and split into 3-character fragments separated by /s. Example: Job ID 100 is formatted as 000/000/000/000/000/000/100.
Date
The date of the job. For example, May 21, 2018 is represented as 20180521.
Time and date
The date and time of the job. For example, midnight at May 21, 2018 is represented as 20180521000000.
Status
Job completion status. Example: succeeded or failed.

Example:

5234/jobs/234/20180521/000/000/000/000/000/000/100/5234-234-100-20180521000000-succeeded.json

Customize the audit log JSON to different formats to suit your needs. For example, you may require a source application (for example, Workato) to process the event logs in the destination application automatically.

You can create the custom log message and include the audit log event in a specific JSON format in the Customize log message section. The is the placeholder that Workato uses to substitute the actual audit log event message in JSON format.

{
  "source": "workato",
  "environment": "staging",
  "hostname": "workato_cloud",
  "logEntries": {{log_message}}
}

Invalid JSON

If the JSON is invalid or does not contain the placeholder, Workato sends the default log message without customization.

# Identifying customers from JSON files

The JSON file includes the user_id and user_external_id parameters in the context block for all log files related to job details. These two IDs refer to the Workato customer ID and the partner-provided external ID for the customer.

Audit log streaming Sample JSON from a job event

The JSON file includes the id and external_id parameters nested in the user and team for all log files related to user activity. The IDs in the team block refer to the customer account, while the IDs in the user block refer to the specific customer team member who performed the action.

Audit log streaming Sample JSON from a user activity event

If the partner did not provide any external ID while creating the customer or customer team member, the external_id value is null.

# Set unique audit log destinations

Partners can provide audit log replication configuration on each customer individually. This setting is available on each customer account's settings page as long as the audit log replication setting is not configured in the partner's Admin console. Hence, if each customer requires a separate audit log destination, don't configure the master setting on the Admin console.