From: michaelbirnstiehl Date: Tue, 13 Jul 2021 20:02:22 +0000 (-0500) Subject: SONAR-15145 Add audit logs documentation X-Git-Tag: 9.1.0.47736~200 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=0957ea1b20b062a2419adcd2808390175b94c7ab;p=sonarqube.git SONAR-15145 Add audit logs documentation --- diff --git a/server/sonar-docs/src/pages/instance-administration/audit-logs.md b/server/sonar-docs/src/pages/instance-administration/audit-logs.md new file mode 100644 index 00000000000..bc736abda86 --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/audit-logs.md @@ -0,0 +1,26 @@ +--- +title: Audit Logs +url: /instance-administration/audit-logs/ +--- +_Audit logs are available starting in [Enterprise Edition](https://redirect.sonarsource.com/editions/enterprise.html)._ + +Administrators can download audit logs to maintain an audit trail of the security-related changes made to their SonarQube instance. See the following section for the types of changes tracked in the audit logs. + +## Tracked changes +Audit logs track the following changes in SonarQube: +- user accounts +- permissions +- global configuration of security-related settings +- creating, updating, or deleting of projects, applications, and portfolios +- installing or updating plugins +- setting or revoking licenses + +## Downloading audit logs +Administrators can download audit logs at **Administration > Audit logs**. From here, you can select the time period that you want to download audit logs for. This is limited by your housekeeping settings. See the following section for more on setting your audit log housekeeping settings. + +## Audit log housekeeping +You can set how often SonarQube deletes audit logs in the housekeeping settings at **[Administration > General > Housekeeping](/#sonarqube-admin#/admin/settings?category=housekeeping)**. By default, SonarQube deletes audit logs monthly. + +Setting your housekeeping policy to keep your audit logs for a long period of time (for example, only deleting logs yearly) can increase your database size and the amount of time it takes to download audit logs. To avoid this, we recommend downloading your audit logs at shorter intervals and storing them outside of SonarQube. + +We also recommend downloading and storing your audit logs outside of SonarQube if you need to maintain them for a longer period of time than can be set in the housekeeping settings. \ No newline at end of file diff --git a/server/sonar-docs/src/pages/instance-administration/housekeeping.md b/server/sonar-docs/src/pages/instance-administration/housekeeping.md index 196741e59af..9e871734225 100644 --- a/server/sonar-docs/src/pages/instance-administration/housekeeping.md +++ b/server/sonar-docs/src/pages/instance-administration/housekeeping.md @@ -5,15 +5,16 @@ url: /instance-administration/housekeeping/ When you run a new analysis of your project or its branches or pull requests(PRs), some data that was previously available is cleaned out of the database. For example the source code of the previous analysis, measures at directory and file levels, and so on are automatically removed at the end of a new analysis. Additionally, some old analysis snapshots, PR analyses, and branches are also removed. -Why? Well, it's useful to analyze a project frequently to see how its quality evolves. It is also useful to be able to see the trends over weeks, months, years. But when you look back in time, you don't really need the same level of detail as you do for the project's current state. To save space and to improve overall performance, the Database Cleaner deletes some rows in the database. Here is its default configuration: +Why? Well, it's useful to analyze a project frequently to see how its quality evolves. It is also useful to be able to see the trends over weeks, months, years. But when you look back in time, you don't really need the same level of detail as you do for the project's current state. To save space and to improve overall performance, the Database Cleaner deletes some rows in the database. Here is the default configuration: -* For each project: - * only one snapshot per day is kept after 1 day. Snapshots marked by an event are not deleted. - * only one snapshot per week is kept after 1 month. Snapshots marked by an event are not deleted. - * only one snapshot per month is kept after 1 year. Snapshots marked by an event are not deleted. - * only snapshots with version events are kept after 2 years. Snapshots without events or with only other event types are deleted. - * **all snapshots** older than 5 years are deleted, including snapshots marked by an event. -* All closed issues more than 30 days old are deleted -* History at package/directory level is removed +- Audit logs (available starting in [Enterprise Edition](https://redirect.sonarsource.com/editions/enterprise.html)) are deleted monthly. +- For each project: + - only one snapshot per day is kept after 1 day. Snapshots marked by an event are not deleted. + - only one snapshot per week is kept after 1 month. Snapshots marked by an event are not deleted. + - only one snapshot per month is kept after 1 year. Snapshots marked by an event are not deleted. + - only snapshots with version events are kept after 2 years. Snapshots without events or with only other event types are deleted. + - **all snapshots** older than 5 years are deleted, including snapshots marked by an event. +- All closed issues more than 30 days old are deleted +- History at package/directory level is removed These settings can be changed at [Administration > General > Housekeeping](/#sonarqube-admin#/admin/settings?category=housekeeping). diff --git a/server/sonar-docs/static/SonarQubeNavigationTree.json b/server/sonar-docs/static/SonarQubeNavigationTree.json index 4f329fcb861..3a916a7ce4c 100644 --- a/server/sonar-docs/static/SonarQubeNavigationTree.json +++ b/server/sonar-docs/static/SonarQubeNavigationTree.json @@ -155,8 +155,9 @@ "/instance-administration/look-and-feel/", "/instance-administration/marketplace/", "/instance-administration/housekeeping/", - "/instance-administration/notifications/", + "/instance-administration/audit-logs/", "/instance-administration/system-info/", + "/instance-administration/notifications/", "/instance-administration/license-manager/", "/instance-administration/monitoring/", "/instance-administration/project-move/", diff --git a/server/sonar-docs/static/StaticNavigationTree.json b/server/sonar-docs/static/StaticNavigationTree.json index 2e3ad679be3..6ee67d43156 100644 --- a/server/sonar-docs/static/StaticNavigationTree.json +++ b/server/sonar-docs/static/StaticNavigationTree.json @@ -178,8 +178,9 @@ "/instance-administration/marketplace/", "/instance-administration/plugin-version-matrix/", "/instance-administration/housekeeping/", - "/instance-administration/notifications/", + "/instance-administration/audit-logs/", "/instance-administration/system-info/", + "/instance-administration/notifications/", "/instance-administration/license-manager/", "/instance-administration/monitoring/", "/instance-administration/project-move/",