Release 10.1A: OpenEdge Application Server:
Developing AppServer Applications

Audit trails

Certain classes of applications require audit trails to be generated to trace events such as:

Who connected to a particular service and when they connected.
What activity they performed during the life of the connection.
What breaches in security they tried to perform during the life of the connection.
Note: Audit trails based on a client connection do not apply for a session-free application, because there is no meaningful SERVER-CONNECTION-ID or CLIENT-CONNECTION-ID value for this purpose.

AppServer application audit trails

On a session-managed AppServer, you can access the current connection ID using the SERVER-CONNECTION-ID attribute on the SESSION handle.

Ideal locations to generate an audit trail on an AppServer include the AppServer Connect and Disconnect procedures. For example, your Connect procedure can use the user-id parameter and the SERVER-CONNECTION-ID attribute to write an audit trail record when a client application connects to the AppServer. Also, any code to create an audit trail record in the Disconnect procedure is always executed, since this procedure is guaranteed to run whether the connection is explicitly disconnected or forcibly disconnected in response to the QUIT condition.

On an AppServer operating in stateless operating mode, you can also use the AppServer Activate and Deactivate procedures to generate audit trails for each request. However, this use can reduce performance, depending on the load on your AppServer and the amount of information in the audit trail.

For more information on programming these procedures and on accessing the SERVER-CONNECTION-ID attribute, see Chapter 2, " Programming the AppServer."

Note: Audit information created in an AppServer agent using the MESSAGE statement or other external output syntax such as the DISPLAY statement, is sent to the AppServer log file unless otherwise directed.

Client application audit trails

On a session-managed Progress 4GL client session, you can access the current connection ID using the CLIENT-CONNECTION-ID attribute on the server object handle used to connect the AppServer. For an Open Client (.NET, Java, or Web service Open Client) application, OpenEdge provides appropriate methods for you to access the connection ID.

Typically, you might generate audit trail information on the client in code associated with AppServer connection and disconnection requests, or even with each remote procedure request, depending on how much information you need to capture.

For more information on accessing the CLIENT-CONNECTION-ID attribute from a Progress 4GL client application, see Chapter 3, " Programming Progress 4GL Client Applications." For information on the common methods for accessing the connection ID from an open client, see OpenEdge Development: Open Client Introduction and Programming .