Posit Workbench (previously RStudio Workbench) can be optionally configured to write an audit log of session-related events (e.g. login/logout, session start/suspend/exit) to a central location (the /var/lib/rstudio-server/audit/r-sessions directory by default). This feature can be enabled using the audit-r-sessions setting. For
example:
/etc/rstudio/rserver.conf
audit-r-sessions=1
Data Format
The R session event log is written by default to the file at /var/lib/rstudio-server/audit/r-sessions/r-sessions.csv The following fields are included:
pid | Unix process ID the event is associated with (for auth events this will be the main rserver process, for session events the rsession process). |
username | Unix user the event is associated with |
timestamp | Timestamp of event in milliseconds since the epoch. |
type | Event Type (see documentation on event types below) |
data | Administrative user that initiated event (only applies to admin events and auth_login for login-as-user by admin). |
The following values are valid for the event type field:
auth_login | User logged in to Posit Workbench |
auth_logout | User logged out of Posit Workbench |
auth_login_failed | User login attempt failed |
session_start | R session started |
session_suicide | R session exiting due to suicide (internal error) |
session_suspend | R session exiting due to suspend |
session_quit | R session exiting due to user quit |
session_exit | R session exited |
session_admin_suspend | Administrator attempt to suspend R session |
session_admin_terminate | Administrator attempt to terminate R sessions |
The default format for the log file is CSV (Comma Separated Values). It’s also possible to write the data to Newline Delimited JSON by using the audit-r-console-format
option. For example:
audit-r-sessions-format=json
Note that when using the JSON format the entire file is not a valid JSON object but rather each individual line is one. This follows the Newline Delimited JSON specification supported by several libraries including the R jsonlite package.
Storage Options
You can customize both the location where audit data is written as well as the maximum amount of R session event data to log (by default this is set to 1 GB). To specify the root directory for audit data you use the audit-data-path
setting. For example:
/etc/rstudio/rserver.conf
audit-data-path=/audit-data
Note that this path affects the location of both R console auditing and R session auditing data.
To specify the maximum amount of R session event data to log you use the audit-r-sessions-limit-mb
setting. For example:
/etc/rstudio/rserver.conf
audit-r-sessions-limit-mb=2048
The default maximum R session event log file size is 1 GB (1024 MB). To configure no limit to the size of files which can be written you set the value to 0, for example:
/etc/rstudio/rserver.conf
audit-r-sessions-limit-mb=0
Note that there is no automatic rotation of the R session event log file as it gets larger. This means that you should either create a scheduled (e.g. cron) job to periodically move the file off the server onto auxiliary storage and/or ensure that the volume that it is stored on has sufficient capacity.
In any case, the amount of data written to the R session event log file is not large (less than 1 KB per session) so a large number of session events can be stored within the default 1 GB maximum log file size.
You may also be interested in:
Comments