Page Comparison

...

The AuditTrail service Audit Trail Service should have been running for enough time for the collector to have collected audittrail audit trail events from the components prior to the test.

WebGUI

• First verify that audittrail audit trail events has have been collected . All audittrail events should be requested via the web interface.
  The returned list should contain entries from all the different components expected to deliver audit trail informationby expanding the Show collection schedule panel.
• Verify that new audit trails are collected:

1. 1. Put a new file.
   2. Trigger a new retrieval of audit trails.
   3. Verify that the Last collected number of audits-column of the Show collection schedule panel shows that a number of audit trails were collected from the relevant collection.

• Test the different filters
  
• Dates:
  
  • Filter on a valid date range
    
    • Only audit trail events from the date range should be present in the list of audit trail events.
  • Filter on an invalid date range (the start date being after the end date)
    
    • No change should happen to the list of events
  • Filter only on a start date
    
    • Only events from the start date and forward should be present in the event list
  • Filter only on a end date
    
    • Only event prior and up to the end date should be present in the event list
• Filter on a known fileID
  
  • Only events related to the specified fileID should be present in the event list.
• Filter on an unknown fileID
  
  • No events should be present in the event list
• Filter on a known component
  
  • Only events from the specified component should be present in the event list
• Filter on an unknown component
  
  • No events should be present in the event list
• Filter on a known actor
  
  • Only events related to the specified actor should be present in the event list
• Filter on an unknown actor
  
  • No events should be present in the event list
• Filter on the different action types
  
  • Only actions from the specified type should be present. "ALL" being the exception, as it should allow for any type.
• Filter a couple of collections and verify only audit trails for the selected collection is listed.
Change the number of listed event and verify the number of listed event changes accordingly: Set each filter to a given value and verify that the table filters correctly.

Audit trail preservation

This test is rather cumbersome, and should only be run in case of changes to the code affecting the audit trail preservation

1. Configure the audit trail preservation to run once every other minute and set the log level to debug. Also configure the audit trail collection grace period so the collection never starts (can't go above ~PT596H because of underlying conversion to int → overflow)

   Code Block
   <AuditTrailServiceSettings> ... <GracePeriod>PT500H</GracePeriod> <AuditTrailPreservation> <AuditTrailPreservationInterval>PT2M</AuditTrailPreservationInterval> .... </AuditTrailPreservation>

   
   

2. Clear the (audit trail service) database.
3. Restart the tomcat
4. Look in the audit trail service log to verify that:
   
   1. The audit trail preservation is scheduled to run every other minute
   2. The first preservation run should start quickly.
   3. The preservation should finish quickly packing 0 audit trails (no audits have been collected yet).
   4. All collections are preserved
5. Start the collection of audit trails.
6. Look in the audit trail service log to verify that:
   
   1. Some audit trails have been collected prior to the preserver running.
   2. The preserver starts as scheduled.
   3. A number of audit trail are packed and ingested.
   4. The contents of the audit trail files are correct.