Stream: connectathon mgmt
Topic: AuditEvent
John Moehrke (Apr 21 2021 at 12:40):
Are there any tracks that have participants that will be recording AuditEvent resources? This might be part of your Implementation Guide, or might be simply because of an app or server doing recording.
John Moehrke (Apr 21 2021 at 12:41):
Are there FHIR Servers that can turn on automatic AuditEvent logging during connectathon so that I can test?
John Moehrke (Apr 22 2021 at 11:53):
Connectathon Management -- (aka @Sandra Vance, @David Hay ) is it possible to have connectathon tooling provide insight into the connectathon available test servers and the resource types found on those servers? In my case, interested in any FHIR server that has AuditEvent resources.
John Moehrke (Apr 22 2021 at 11:54):
equally interesting to me... Clients/Servers that create AuditEvent resources.. but I am not sure how that could be discovered... so I simply ask the community to let me know if you have a client (or server0 that records AuditEvents.
Sandy Vance (Apr 22 2021 at 11:56):
Hi John - we can certainly look at this. Today ConMan simply lists the test servers but not which resource types are supported.
Michele Mottini (Apr 22 2021 at 13:14):
Our (CareEvolution) server supports AuditEvent: https://fhir.careevolution.com/
(It exposes as AuditEvent its internal audit log)
David Hay (Apr 22 2021 at 18:12):
Well, there's the facility for servers to be added to the connectathon (there's a short video on the process) which we're encouraging people to use, and I could easily add a 'query' function of some sort against the list of servers. How about:
The user enters a list of resource types / operations of interest
The app reads the CapabilityStatements of all known servers and assembles a list of all servers that claim to support them?
John Moehrke (Apr 22 2021 at 21:05):
Michele Mottini said:
Our (CareEvolution) server supports AuditEvent: https://fhir.careevolution.com/
(It exposes as AuditEvent its internal audit log)
@Daryl Moehrke connect to this server and see whats there.
Daryl Moehrke (Apr 22 2021 at 21:20):
It doesn't appear that i'm allowed to access any of the R4 servers, specifically the AuditEvent/_search path
David Hay (Apr 22 2021 at 21:36):
@Sandra Vance btw:
Today ConMan simply lists the test servers but not which resource types are supported.
Isn't quite right - there's a tab on the server details page that shows these - but this wouldn't meet Johns use case...
John Moehrke (Apr 22 2021 at 22:04):
Good start. Keeps me from trying servers that don't support auditEvent at all.
David Hay (Apr 22 2021 at 23:10):
OK - have added a search facility on servers (beginnings of one anyway). If you go to the servers tab, in conman there's now a sub-tab - the new one being 'Search' (oddly enough).
If you enter something into the search box, it will search for all servers where there is a match on rest.resource.type and rest.resource.operation.name. It also searches on rest.operation
The search is case insensitive, but must be a complete match - not substring...
Let me know if that works for you - and any enhancements you might have...
David Hay (Apr 22 2021 at 23:14):
@Michele Mottini - I took the liberty of adding CareQuality (R4) to the server list to check it out...
Michele Mottini (Apr 23 2021 at 12:47):
Thanks David! (it's CareEvolution actually, I fixed the server registration and put myself as contact). Search is cool.
John Moehrke (Apr 23 2021 at 13:06):
@Michele Mottini I would be very interested in the pattern you used for AuditEvent records. I have drafted an IG of what I think should be used for basic FHIR REST operations. I would be very interested in your input
http://build.fhir.org/ig/JohnMoehrke/BasicAudit/branches/main/index.html
John Moehrke (Apr 23 2021 at 13:07):
I am especially interested in improving the Search. I am adding the POST search with renewed vigor given discussions.
Michele Mottini (Apr 23 2021 at 13:36):
We have an existing system with an existing audit log (a common scenario I think). We cannot really change what gets written there, so what we did was map our existing audit log entries to AuditEvent - that unfortunately is a pretty bad match
Michele Mottini (Apr 23 2021 at 13:38):
This is what we have:
CREATE TABLE [dbo].[auditlogentries] (
[id] UNIQUEIDENTIFIER ROWGUIDCOL NOT NULL,
[timestamp] DATETIME NOT NULL,
[durationmilliseconds] INT NULL,
[screenname] NVARCHAR (128) NULL,
[event_id] INT NOT NULL,
[properties] XML NULL,
[application_id] SMALLINT NOT NULL,
[session_id] UNIQUEIDENTIFIER NULL,
[patient_id] UNIQUEIDENTIFIER NULL,
[user_id] UNIQUEIDENTIFIER NULL,
[inserteddate] DATETIME NOT NULL,
[insertedbyapplication_id] SMALLINT NOT NULL,
[insertedbyuser_id] UNIQUEIDENTIFIER NULL
);
Michele Mottini (Apr 23 2021 at 13:39):
properties are key-value pairs depending on the kind of event, and event_id is a reference to basically just a string describing the event.
John Moehrke (Apr 23 2021 at 14:40):
understandable. Yes, it is not unexpected that basic http REST logging would be done only using built in log system. The AuditEvent is more available for session/application level logic.
John Moehrke (Apr 23 2021 at 14:41):
your situation is a good reminder that audit log analysis is really analysis of patterns, less than use of well-formed entries.
John Moehrke (Apr 29 2021 at 13:09):
@Sandra Vance is there a mechanism to create an adhoc track?
Sandy Vance (Apr 29 2021 at 19:29):
John Moehrke said:
Sandra Vance is there a mechanism to create an adhoc track?
You're killin me Moehrke. :-) I don't think I've ever had that request before so do not have a plan for that. Tell me more and perhaps we can help you get meetings scheduled. Is it something that could fit as a session under another track?
John Moehrke (Apr 29 2021 at 19:36):
well, all tracks should have good audit logging... but few do... :-)
John Moehrke (Apr 29 2021 at 19:36):
isn't there a general track... where all the FHIR Servers sit?
Last updated: Apr 12 2022 at 19:14 UTC
