Request: [POST] Audit Trail

[graham_mueller]

There currently exists an endpoint called SecurityLogs that I am able to read from. I would like to be able to write audit items to the system as well. Is this something that could be added?

[justine]

There currently exists an endpoint called SecurityLogs that I am able to read from. I would like to be able to write audit items to the system as well. Is this something that could be added?

Good morning graham_mueller,

No. SecurityLogs are created within Open Dental for audit purpose within the Open Dental program itself. They are not intended to be customized in anyway by a third-party.

Thanks!

[graham_mueller]

Hi Justine,

Could *some* sort of audit mechanism be exposed? It would be useful as a 3rd party to be able to say "here's a snapshot of an action we took" as well.

[justine]

Hi Justine,

Could *some* sort of audit mechanism be exposed? It would be useful as a 3rd party to be able to say "here's a snapshot of an action we took" as well.

Except for GET calls, every action that the API takes is recorded to the securitylog table. SecurityLogs GET was created for a third-party developer to be able to audit the changes made to their customer's database. SecurityLogs GET only returns data pertaining to the developer calling it and is optionally filtered by permission type, so this is a snapshot of the action you took.

Thanks!

[graham_mueller]

Hi Justine,

Back to ask about this again - as a third party, it would still be great for us to be able to write more detailed / specific audit entries to the audit trail. Haven't looked a bit more into what is being logged, it seems that what OD reports isn't super detailed in some cases and we'd prefer to do more (EG patient edit just reports that a patient was edited via API, not what fields, etc). We've also ran into an issue today with /Appointment/Break not logging any audit trail action.

Once again, any chance some sort of "audit" endpoint could be exposed? We can write to patient commlogs, but that isn't a good way of doing things. We want some mechanism to give more detailed audit info, though.

[SLeon]

Open Dental makes Audit Trail entries ("securitylog"s in the database) for actions that occur in Open Dental. These can include opening certain windows, logging off, or modifying the database. I know you said you haven't looked into what is specificly being logged, but I would encourage you to do so, with some information found here.

The API makes Audit Trail entries practically identical to those made within Open Dental. Some are simple, and state that an object was created, but others are more specific. Here is an example of changing the appointment start time via the UI and via the API:

AuditTrail.png (12.96 KiB) Viewed 17936 times

It is very important for these logs to match what is already made in Open Dental. We do not permit anyone to create custom Audit Trail entries or otherwise modify them. From the manual page I linked above:

Audit Trail entries are never changed within Open Dental and should never be changed outside of Open Dental.

As Justine has stated above, and other engineers elsewhere in these forums, you are more than welcome to create your own logs that suit your own purposes. Logging is a best practice for software development, and I am sure all developers do so to some extent. These just need to be oustide of the securitylog table.

[SLeon]

I realize I didn't address your note about Appointments PUT Break not logging. I just called this endpoint for the above appointment and see a log created.

AuditTrail_BrokenAppointment.png (7 KiB) Viewed 17929 times

[graham_mueller]

Unfortunately the group that told me that the Break didn't log was apparently mistaken, I've tried now and see the same.

I looked at the security log table now, and it is what I thought, just a message and a patient link more or less. Their initial complaint was the lack of detail in the messages. I see that the table has an FK field which links to the item the action was taken on, but from the audit trail page, you're not able to get to that, or see the details of the action that took place. In the Appointment Broken case, the action itself is sufficiently explanatory, but another example is the ApptConfirmStatusEdit log which says it was "changed," and not in which direction. Things like that. Perhaps a data column with a { previous, current } type entry could also be of value.

[justine]

Unfortunately the group that told me that the Break didn't log was apparently mistaken, I've tried now and see the same.

I looked at the security log table now, and it is what I thought, just a message and a patient link more or less. Their initial complaint was the lack of detail in the messages. I see that the table has an FK field which links to the item the action was taken on, but from the audit trail page, you're not able to get to that, or see the details of the action that took place. In the Appointment Broken case, the action itself is sufficiently explanatory, but another example is the ApptConfirmStatusEdit log which says it was "changed," and not in which direction. Things like that. Perhaps a data column with a { previous, current } type entry could also be of value.

Hi graham_mueller,

Open Dental's audit trail (securitylogs) is designed to provide a consistent and secure method of tracking changes across the system. The design philosophy behind these logs is to keep them simple yet effective, which is why they typically focus on capturing the action that occurred rather than the before-and-after details. While I understand the desire for more granular data, such as a {previous, current} type entry, implementing these features would require a significant overhaul of our existing logging system. This isn't planned at the moment, but I will pass along your suggestion to the development team for consideration in future updates.

In the meantime, as SLeon mentioned, you can create your own logs outside of the securitylog table that capture the level of detail you're looking for. This approach would allow you to maintain the specificity you need without interfering with the existing audit trail.

Thanks!

[graham_mueller]

Hello, just wanted to bump a need for some additional context again. We had a situation today where a procedure was booked via our application as a new patient, but for a two year old. We explicitly disallow child sign up right now, so there was concern at the clinic as to how this happened. Unfortunately, the best I am able to show them within OpenDental is that the patient was created and updated via api, and none of the details of those events.

Screenshot 2024-12-19 122212.png (75.85 KiB) Viewed 5967 times

Would be great if there was an additional "data" column for a lot of these audit events, to get a concept of what has changed.

[justine]

Hello, just wanted to bump a need for some additional context again. We had a situation today where a procedure was booked via our application as a new patient, but for a two year old. We explicitly disallow child sign up right now, so there was concern at the clinic as to how this happened. Unfortunately, the best I am able to show them within OpenDental is that the patient was created and updated via api, and none of the details of those events.Screenshot 2024-12-19 122212.png
Would be great if there was an additional "data" column for a lot of these audit events, to get a concept of what has changed.

Hello graham_mueller,

Open Dental's audit trail system is designed for Open Dental. API specific entries are implemented in a way that closely mimic Open Dental entries. You are free to design and implement a logging system within your app however you'd like. At this time, we have no plans to add an additional data column to the securitylog table.