Database Schema
High Assurance Audit Log Database
This document describes the sqlite3 database created by the globus-connect-server audit load command.
Schema
The database consists of a session table, which holds the session login records, and an operation table, which holds the operation records. The schema is a simplified representation of the audit log file format. Refer to that document for additional information on the referenced Source Keys.
Name |
Type |
Source Key |
Description |
id |
TEXT |
ref |
Session ID |
ts |
DATETIME |
ts |
Login timestamp |
client_addr |
TEXT |
c_ip |
Client IP |
auth_type |
TEXT |
auth |
Authentication method |
process_user |
TEXT |
p_usr |
Process user |
storage_user |
TEXT |
s_usr |
Storage user |
root_path |
TEXT |
r |
Root path of collection |
task_id |
TEXT |
g_tid |
Globus transfer task ID |
collection_id |
TEXT |
g_eid |
Globus collection ID |
identity_id |
TEXT |
g_uid |
Globus identity ID |
Name |
Type |
Source Key |
Description |
session_id |
TEXT |
ref |
Session this operation occurs in, references session.id |
start_ts |
DATETIME |
ts |
Operation start timestamp |
end_ts |
DATETIME |
ts |
Operation end timestamp |
path |
TEXT |
s_path |
Path of file or directory accessed |
peer_addr |
TEXT |
d_ip |
IP address of source or destination endpoint |
length |
BIGINT |
len |
Amount of data transferred |
result |
TEXT |
res |
Operation result |
Example queries
Query all paths accessed by a given identity_id:
sqlite3 ~/.globus/audit-logs.db 'select path from operation,session where session_id=session.id and session.identity_id="8638b438-9e57-4de9-aca7-727f0a28070c"'
Query all identities that accessed a given partial path:
sqlite3 ~/.globus/audit-logs.db 'select session.identity_id from operation,session where operation.session_id=session.id and operation.path like "/data/research/%"'