Skip to main content

Introduction

This service provides streaming functionality for Audit Records. The service queries and sends Audit Records to an endpoint chosen in the subscription API call.

The service runs continuously once a subscription is activated. If the subscription endpoint becomes unreachable, the service will retry indefinitely (at one-minute intervals) until it can reach the endpoint again. It is important to note though that if the subscription endpoint goes offline for long periods of time, you run the risk of losing data to the data retention policy rule. LIVE Access will only keep data for as long as your data retention policy specifies, usually 30 days, so your subscription endpoint must be capable of consuming Audit Records faster than the rate at which they are produced.

Audit Records are filtered by domain. On deployment of your subscription service, you will be asked to choose which of those domains you want to receive records for.

Currently, the domains filters are:

LockEvent
KasEvent
KeyEvent
MobileEvent
RBEvent

You can think of this process as a queue. When you subscribe to the feed, you specify a start time/date. The subscription process will start sending events from this time/date indefinitely. If the process is interrupted, a pointer is kept internally that will ensure the process resumes at the same place it was stopped, thus acting as a lossless queue. You must keep up with the Audit Record production rate, though, as you could hit the data retention policy rules if your process is either too slow or stops for too long. Data loss will happen when the internal date/time pointer reaches beyond the retention policy time.

For example, if you stop the subscription endpoint for 31 days and your retention policy is 30 days, the current pointer will be beyond the policy limit. Every Audit Record beyond the data retention policy will be deleted and the process will return the next available Audit Record (the oldest within the policy limit). There will NOT be a warning this has happened.

Process Overview

At a high level, the process looks like this:

alt text

Every event producing an Audit Record persists that record to the Live Access Database. When the client process calls the subscription API, it chooses the start date/time from which the data subscription shall start. This date/time can be any time in the past even if it is earlier than the actual oldest Audit Record as it will get the records from that point on. It is important to note that the Data Retention Policy runs daily and removes any Audit Records from the database that are older than the agreed data retention time, typically 30 days.