Customizing the audit log

If you customized WebSphere Commerce to collect more personal information, you can extend the AuditLogging helper to record details in the audit log about the actions that are completed against your additional collected data.

About this task

When the AuditLogging helper is enabled, audit log information is made available in the WC_profiledir/logs/server_name/trace.log file. Both REST resources and commands are tracked.

You can use the audit logging API to adjust the behavior of the AuditLogging helper. The following access methods and resources are available.
Access method Resource or service name
REST resource handlers
  • PersonHandler
  • PersonContactHandler
  • PersonCheckoutProfileHandler
  • WishListHandler
  • OrderHandler
  • SubscriptionHandler
  • CouponHandler
  • RequisitionListHandler
Administrative and WebSphere Commerce Accelerator commands
  • OrderCreateCmdImpl
  • OrderItemBaseCmdImpl
  • AdminOrderCancelCmdImpl
  • OrderDataBean
  • UserRegistrationDataBean
  • UserDisplayDataBean
  • UserRegistrationAdminUpdateCmdImpl
  • UserRegistrationAdminAddCmdImpl

Procedure

Create your own REST request handler. For more information, see Creating and customizing REST services.
The audit logging API provides the following request handler.
com.ibm.commerce.businessaudit.util.AuditLoggingHelper
public void logPersonalDataAccess(String className, String methodName, 
String remoteAddress, String userId, String action, String forUserId, String data)
where:
className
The name of the class that is being used to access personal data.
methodName
The name of the method that is being used to access personal data.
remoteAddress
The remote address of the host that is accessing personal data.
userId
The unique id of the user who access personal data.
action
The action applied to the personal data. Accepted values are:
  • AuditLoggingHelper.ACTION_READ
  • AuditLoggingHelper.ACTION_CREATE
  • AuditLoggingHelper.ACTION_UPDDATE
  • AuditLoggingHelper.ACTION_DELETE
forUserid
The unique ID of the user whose personal data is being accessed.
data
The type of personal data being accessed, for example:
  • AuditLoggingHelper.PERSONAL_DATA
  • AuditLoggingHelper.PERSONAL_DATA_CONTACT
  • AuditLoggingHelper.PERSONAL_DATA_WISH_LIST
  • AuditLoggingHelper.PERSONAL_DATA_ORDER_HISTORY
You can add your own person data string here.