Big Audit Entries

0 0 Selasa, 25 Juni 2019 Edit this post

The ATNA audit scheme  has been re-imagined inwards FHIR every bit the AuditEvent Resource. The reformatting is solely to encounter the...

The ATNA audit scheme has been re-imagined inwards FHIR every bit the AuditEvent Resource.
The reformatting is solely to encounter the FHIR audience expectations for readability. For this at that topographic point is actually useful datatypes, structure, referencing, too tooling. There is no intention to alter inwards whatever key way. There is a mapping betwixt the two that is expected to interpret frontward too backward without loss of data. The reality is at that topographic point powerfulness hold upward around cases where the mapping powerfulness hold upward lacking....

Small entries are large

One of the observations many brand most ATNA too AuditEvent is that the schema itself makes what could hold upward recorded inwards classic log file using a unproblematic unstructured string of most 115 character. The next instance comes from the examples inwards the FHIR AuditEvent for an Accounting of Disclosure Log Entry,
Disclosure yesteryear around idiot, for marketing reasons, to places unknown, of a Poor Sap, information most Everything important.
becomes a 4604 graphic symbol XML object  or a 4156 graphic symbol JSON object (Hmm, json is smaller, but non yesteryear much).

THIS is a ridiculous example, every bit the string clearly is non sufficient, but the betoken I exercise desire to brand is that adding construction volition brand the infinite needed to hold upward larger.

This is a tradeoff that is just a fact of the departure betwixt unstructured strings, too a structured too coded object. The string powerfulness hold upward useful, but frequently needs exceptional processing to instruct the information embedded inwards that string. More frequently inwards a string world, on an log analysis must correlate many log entries to instruct the total story.

The betoken of ATNA too AuditEvent is that the master copy tape knew just the values of Who, What, Where, When, Why, How, etc... then the destination of ATNA too AuditEvent is to supply good defined ways to tape this then that it doesn't involve to hold upward guessed at.

So reality is that an ATNA or AuditEvent is probable larger than a string... but most 'happy path' audit log entries are 1-2 k inwards size. Not small, but also non big.

Big log entries

The work is that at that topographic point are occasionally cases, failure-modes, where to a greater extent than information would hold upward useful to hold upward recorded. Such every bit when at that topographic point is a technical failure, ane powerfulness desire to tape the 'stack trace'. Or when a asking is rejected, ane powerfulness desire to tape to a greater extent than fully the asking details too reply fault message. 

Or around desire to tape the results of a Query, something I caution against every bit it fills the audit log alongside information that is easily re-created.  Often these results are saved inwards other databases locally, then inwards that instance just link the AuditEvent alongside that database entry. This could hold upward done yesteryear just putting a database index into a AuditEvent.entity.

So sometimes at that topographic point is a involve to tape a large sum of information along alongside your audit log entry... so, how should this involve hold upward handled?

FHIR offers an interesting solution. The Binary resource. That is to state you lot lay the large blob into a Binary, too accept the AuditEvent betoken at that Binary. There is an additional characteristic of Binary that is useful to position the safety that should hold upward applied to this Binary instance, the Binary.securityContext tin dismiss betoken at the AuditEvent instance.


More most FHIR and Audit Logging

Label:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Nama

lainnya,155,
ltr
item
Health caresec Exchange Standards: Big Audit Entries
Big Audit Entries
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit09qrpyxSgfKrcodww5ZJJAt_3-FvjJU-1aqt4kLaPHXjLB1sm22FEjZbdONAuY2phtSA-xTQDVNxYd-aph6y3BQdyEmgwE6MniQKDLezw0R61h4culgdzaJM8CQP8F1oTnFjUv6rnDMz/s400/AuditEvent_R4_ballot_UML.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit09qrpyxSgfKrcodww5ZJJAt_3-FvjJU-1aqt4kLaPHXjLB1sm22FEjZbdONAuY2phtSA-xTQDVNxYd-aph6y3BQdyEmgwE6MniQKDLezw0R61h4culgdzaJM8CQP8F1oTnFjUv6rnDMz/s72-c/AuditEvent_R4_ballot_UML.png
Health caresec Exchange Standards
https://health-caresec.blogspot.com/2019/06/big-audit-entries_25.html
https://health-caresec.blogspot.com/
https://health-caresec.blogspot.com/
https://health-caresec.blogspot.com/2019/06/big-audit-entries_25.html
true
4438309625717369353
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy
close
Banner iklan disini