The invention relates to computer systems, and more particularly to a method and mechanism for implementing an extensible audit trail.
Many business and personal activities in the modem world result in interactions with computerized systems. Even the simplest activities may result in interactions with a varied chain of interrelated computerized systems. In many cases, a first computerized system may jump to one or more other computerized systems or “hubs” to perform a requested activity. For example, a consumer performing the activity of making a purchase at a store may result in a first operation at a cashier computing system, which interacts with an inventory tracking system as well as a credit card authorization system, with the credit card authorization system interacting with the banking system for the consumer's credit card issuer, with the banking system interacting with one or more back-end database systems that track the consumer's account balance and credit limit, etc.
It is often desirable to allow auditing operations to be performed against these computerized interactions. Such auditing operations will attempt to obtain and correlate the set of interrelated records resulting from a given activity or set of activities. This type of auditing is particularly useful for businesses that seek to investigate cases of error, crime, or fraud that occur against computerized systems, e.g., to investigate improper or illegal credit card use.
A significant hurdle faced by most organizations seeking to perform auditing operations is that different systems may record information about events or operations in many different ways and in many different data formats. Moreover, the set of information that is recorded may differ from system to system. In addition, it may be difficult or impossible to correlate the information from the different systems to a related activity or set of activities, since multiple jumps between systems may result in loss of information about the original requestor for the activity.
Accordingly, the present invention provides a method and system for implementing an extensible audit trail for electronic and computerized systems. In one embodiment, a defined audit ID is assigned to a given activity, and that audit ID is distributed along with each jump between systems when performing the activity. In addition, a set of mandatory attribute information is recorded at each system involved in the activity. Each system may also record a set of system specific attribute information. During the audit process, records are searched and collected for the appropriate audit ID value. Further details of aspects, objects, and advantages of the invention are described below in the detailed description, drawings, and claims.