Hi. Lookin for solutions/hints on how to capture various events going on in APS and deliver them to Splunk. The events which are not provided out of the box that we're looking for are:
1. Successful and unsuccessful authentication attempts. (Including source of authentication, reason for failure, authentication principal name, e.t.c)
2. Can we log configuration changes happening inside APS like changes to configuration of audit logging?
3. Logging changes in user db. Like creation/modification/deletion/activation/de-activation of user accounts & groups, user-group association changes, e.t.c and also the principal name who's doing these changes.
4. Does APS provide any security alerts or anti-tampering features that we can capture in logging?
It seems like there is no audit log that would contain such details. We could try to log those events using Spring AOP and put it manually in our logs, or we could try to periodically send data from e.g. tenant_event table from Activiti internal DB to Splunk, but both solutions are hacks that would be heavily dependent on your internal APS implementation... Do you have some recommended way to get this kind of audit/activity logs? Thank you.