APIDownloadsIndex of dx CommandsLegal

Audit Trail

Access complete, human- and machine-readable logs of all activities, to maintain compliance with 21 CFR Part 11 (Annex 11).

A license is required to use the DNAnexus Audit Trail feature. Contact DNAnexus Sales for more information.

The DNAnexus Audit Trail feature fulfills the 21 CFR Part 11 requirement for human-readable audit trails for electronic records. The Audit Trail feature provides human and machine-readable daily log of all activities (login, upload/download, run analysis, sharing etc) related to all the users and all the projects of the organization.

Enable Audit Trail

As an organization admin:

  • Create a new project for storing audit log files

  • Send a request to DNAnexus Support or a point of contact at DNAnexus and with the organization name and project ID to enable the feature

Once activated, a comma-delimited text file of the audit log will be deposited daily in designated project. Until the feature is activated, no data is being tracked. The organization administrator can subsequently provide other members of their organization with access to this project.

These audit log files can be downloaded for further analysis.

DNAnexus is not able to access these files or restore them if deleted. It is therefore recommended to disallow deletion from this project to prevent this.

Audit trails cannot be turned off except by sending a request and rationale to DNAnexus Support. Only administrators can send requests.

Audit Trail File Format

  • Timestamp - Date in ISO format i.e. 2018-03-14T00:00:00Z (UTC timezone) of the action

  • IP Address- IP Address of the agent i.e. user

  • User Agent - HTTP User Agent string

  • Acting User ID - Id of the user who made the API call

  • Action - Action for the API call. i.e. project-describe, file-close, etc.

  • Object ID - Id of the object i.e. project-xxxx if a project was described

  • Object Name - Name of the object

  • Project ID - The id of the project related to the object. Blank if an object is not related to a project i.e. globalworkflow

  • Project Name - Name of the project

  • Success Status - "Yes" if the API call succeeded, "No", otherwise

  • Info - Input to the API call. A JSON string

  • Label: The name of the user's authentication token

  • Auth Token: The 4 last letters of the user's authentication token

An example of a Project with Audit Logs is shown below:

If the org covers multiple regions (e.g. AWS-East and AWS-Frankfurt), the log files covering all activities in the org will be placed in a project which is the default region of the org. To determine the specific region where the audit activity occurred, map the IP address to a geographic address.

Last updated

Copyright 2024 DNAnexus