Fixes #28770: write server audit entries to audit.log (#28771) [1.12.11]

[harshach]

Backport of #28771 to the 1.12.11 release branch.

Original fix (#28770 / #28771)

Audit-to-file logging silently broke in #23733: gutting AuditEventHandler removed the only emitter of the AUDIT log marker, so the audit.log appender created the file but never wrote to it.

This re-emits each audit entry through the AUDIT-marked logger from AuditLogRepository.write(), gated on a successful (non-duplicate) DB insert so the publisher+consumer dual-write path does not double-log. Emits a compact one-line summary at INFO. Hardens conf/openmetadata.yaml: pins the audit logger to INFO so capture is independent of LOG_LEVEL, and excludes audit lines from the console appender so they land only in audit.log.

Cherry-pick adjustments for 1.12.11

• Dropped the lineage test — 1.12.11 does not have the EventType.ENTITY_LINEAGE_ADDED/UPDATED/DELETED values (that feature is only on main), so writePersistsLineageChangeEvents (and its now-unused imports) was removed. No ENTITY_LINEAGE enum values were added. The two audit-marker tests (writeEmitsAuditMarkerWhenRowInserted, writeSkipsAuditMarkerWhenRowDeduplicated) are retained and use ENTITY_CREATED, which is in 1.12.11's SUPPORTED_EVENT_TYPES.
• conf/openmetadata.yaml — 1.12.11's console appender uses logFormat: (not the layout: block on main), so its structure was preserved and only the intended filterFactories: audit-exclude-filter-factory was added. The audit-logger level: INFO pin applied unchanged.

The three production files (AuditLogRepository, AuditLogger, CollectionDAO) match the original commit exactly.

Verification

• mvn -pl openmetadata-service test-compile → BUILD SUCCESS
• mvn -pl openmetadata-service spotless:check → BUILD SUCCESS
• AuditLogRepositoryTest → Tests run: 2, Failures: 0, Errors: 0

🤖 Generated with Claude Code

[gitar-bot]

💡 Quality: Pinning AuditLogRepository logger to INFO suppresses its DEBUG logs

The new org.openmetadata.service.audit.AuditLogRepository: level: INFO config pins the logger level so audit capture is independent of the global LOG_LEVEL. This is the intended behavior for audit capture, but a side effect is that the several LOG.debug(...) statements inside AuditLogRepository.write() (e.g. "Writing audit log for change event", "Inserting audit log record", "Successfully inserted audit log") will now be permanently suppressed even when an operator sets LOG_LEVEL=DEBUG to troubleshoot audit persistence. Since the same logger name is shared by both the @slf4j LOG instance and the AUDIT_LOGGER, the level pin cannot distinguish them. Consider documenting this trade-off, or routing the AUDIT marker emission through a dedicated logger name (e.g. a fixed "AUDIT" logger) pinned to INFO, leaving AuditLogRepository's own diagnostic logger free to follow the global level.

_{Was this helpful? React with 👍 / 👎}

[gitar-bot]

Code Review 👍 Approved with suggestions 0 resolved / 1 findings

Restores server audit logging by re-emitting audit entries through the AUDIT marker, ensuring entries reach audit.log as intended. Consider if pinning the AuditLogRepository logger to INFO permanently suppresses necessary DEBUG-level troubleshooting logs.

💡 Quality: Pinning AuditLogRepository logger to INFO suppresses its DEBUG logs

📄 conf/openmetadata.yaml:182-185 📄 openmetadata-service/src/main/java/org/openmetadata/service/audit/AuditLogRepository.java:74-78 📄 openmetadata-service/src/main/java/org/openmetadata/service/audit/AuditLogRepository.java:107-117

The new org.openmetadata.service.audit.AuditLogRepository: level: INFO config pins the logger level so audit capture is independent of the global LOG_LEVEL. This is the intended behavior for audit capture, but a side effect is that the several LOG.debug(...) statements inside AuditLogRepository.write() (e.g. "Writing audit log for change event", "Inserting audit log record", "Successfully inserted audit log") will now be permanently suppressed even when an operator sets LOG_LEVEL=DEBUG to troubleshoot audit persistence. Since the same logger name is shared by both the @Slf4j LOG instance and the AUDIT_LOGGER, the level pin cannot distinguish them. Consider documenting this trade-off, or routing the AUDIT marker emission through a dedicated logger name (e.g. a fixed "AUDIT" logger) pinned to INFO, leaving AuditLogRepository's own diagnostic logger free to follow the global level.

🤖 Prompt for agents

Code Review: Restores server audit logging by re-emitting audit entries through the AUDIT marker, ensuring entries reach audit.log as intended. Consider if pinning the AuditLogRepository logger to INFO permanently suppresses necessary DEBUG-level troubleshooting logs.

1. 💡 Quality: Pinning AuditLogRepository logger to INFO suppresses its DEBUG logs
   Files: conf/openmetadata.yaml:182-185, openmetadata-service/src/main/java/org/openmetadata/service/audit/AuditLogRepository.java:74-78, openmetadata-service/src/main/java/org/openmetadata/service/audit/AuditLogRepository.java:107-117

   The new `org.openmetadata.service.audit.AuditLogRepository: level: INFO` config pins the logger level so audit capture is independent of the global `LOG_LEVEL`. This is the intended behavior for audit capture, but a side effect is that the several `LOG.debug(...)` statements inside `AuditLogRepository.write()` (e.g. "Writing audit log for change event", "Inserting audit log record", "Successfully inserted audit log") will now be permanently suppressed even when an operator sets `LOG_LEVEL=DEBUG` to troubleshoot audit persistence. Since the same logger name is shared by both the @Slf4j `LOG` instance and the `AUDIT_LOGGER`, the level pin cannot distinguish them. Consider documenting this trade-off, or routing the AUDIT marker emission through a dedicated logger name (e.g. a fixed "AUDIT" logger) pinned to INFO, leaving `AuditLogRepository`'s own diagnostic logger free to follow the global level.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact

gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}

[github-actions]

The Python checkstyle failed.

Please run make py_format and py_format_check in the root of your repository and commit the changes to this PR.
You can also use pre-commit to automate the Python code formatting.

You can install the pre-commit hooks with make install_test precommit_install.