Information Technology (IT) systems are widely used. There are several types of IT systems such as, for example, systems related to organizational functions and analytical application systems. Several operations can be performed in an IT system and different users use the system in different ways. Information about usage of an IT system may be required for various purposes such as compliance requirements. The system usage information may also be required for user profiling, which can be utilized to provide users with information that is relevant and is of interest to them. Tracking usage of an IT system is therefore a useful and important activity.
A common solution to track usage of an IT system is by creating log files. However, data in the log files is usually inconsistent and not flexible enough for reporting. For example, a large number of components may write to a log file. Each component may log a different message for the same event or action. For example, a first component may write “At 11:29:03 a document ‘Quarterly Sales’ was retrieved by user U1,” a second component may write “Report R1.rpt viewed,” and a third component may write “User U2 accessed sales.pdf”. These events may have the same meaning, i.e., a user had accessed a particular piece of information, namely, accessing a Quarter 1 sales report. However, it is not clear from the corresponding log files that these events are same. Also, some components may not write the details about time at which the operation is performed or the user who performed the operation. There is no consistency in the way components write to a log file.
Some types of event logging frameworks allow slightly more structural data. For example, time, user, and process name can be always recorded. However, the content of the logged message can still be difficult to interpret and consistency of the message cannot be ensured. The data in the log files may not be readily useful for reporting purposes. Some usage tracking frameworks format event data and store in a database. This stored event data can be used for reporting. However, such event tracking frameworks are not expandable in that new events can only be added in a new version of the framework. Also, the consistency of events cannot be ensured. Some expandable systems may allow addition of new events. However, in such expandable systems, it is difficult to enforce consistency of events generated by each of the several components.
It would therefore be desirable to provide an expandable auditing system that ensures consistency of events so that data can be readily consumed for reporting purposes.