How to find access logs
# supportn
nikulkhatik
08/11/2023, 6:11 AMHow to Retrieve Access Logs for Medplum and Systems utilizing Medplum API or Client: Tracking User Access to Resources and Activity Frequency
r
rahul1
08/11/2023, 11:38 AMHi @nikulkhatik , Medplum produces AuditEvent resources for certain actions, such as Bot Invocations. You can see these here: https://app.medplum.com/AuditEvent
rahul1
08/11/2023, 11:42 AMMore advanced logging, including logs on all resource accesses and logins, are a feature of our enterprise offering, and you can reach out here!
https://www.medplum.com/pricing
rahul1
08/11/2023, 11:42 AMB/c of the high volume, we typically pipe these logs into your own logging infrastructure, such as datadog, splunk, etc.
r
ravindratc
03/19/2024, 4:50 PM@rahul1 We seek guidance on best practices for effectively viewing access logs within our Medplum AWS Self-Hosted Environment. Specifically, we're interested in understanding who (such as patients or Medplum client credentials for our public website) is accessing what health data at the resource level.
Currently, we've implemented AWS Athena following the provided guide: https://www.medplum.com/docs/self-hosting/aws-athena-guide. However, this setup only provides the Client's IP address, Request Method, and URL.
Our goal is to gain insight into who accessed what and when. What request payload was used, and what specific resources have been delivered?
Should we be using AuditEvent towards this end? Or approach to achieving this visibility?
ravindratc
03/23/2024, 7:59 AM@cody @reshma @rahul1 Any insights on it.
c
cody
03/23/2024, 9:15 PMHi @ravindratc - are you using the "logRequests" setting? https://www.medplum.com/docs/self-hosting/config-settings
cody
03/23/2024, 9:16 PMAuditEvent will provide specific access patterns (i.e., which user accessed which resources)
cody
03/23/2024, 9:17 PMHowever, AuditEvents can be quite verbose, so will typically require significant post processing and filtering to find what you want. For example, if a search includes 20 results, there will be 1 AuditEvent for the search and 20 additional AuditEvents for "reading" each of the search results.
r
ravindratc
03/23/2024, 11:37 PM@cody No, It’s not enabled. And currently AuditEvent only has Subscription and Bots execution record.
c
cody
03/24/2024, 12:52 AMAh, there should be many more AuditEvent in AWS CloudWatch logs.
144 Views