Audit Trail Design using Table Storage

0
votes

I'm considering implementing an Audit Trail for my application in using Table Storage.

I need to be able to log all actions for a specific customer and all actions for entities from that customer.

My first guess was creating a table for each customer (Audits_CustomerXXX) and use as a partition key the entity id and row key the (DateTime.Max.Ticks - DateTime.Now.Ticks).ToString("D19") value. And this works great when my question is what happened to certain entity? For instance the audit of purchase would have PartitionKey = "Purchases/12345" and the RowKey as the timestamp.

But when I want a birds eye view from the entire customer, can I just query the table sorting by row key across partitions? Or is it better to create a secondary table to hold the data with different partition keys? Also when using the (DateTime.Max.Ticks - DateTime.Now.Ticks).ToString("D19") is there a way to prevent errors when two actions in the same partition happen in the same tick (unlikely but who knows...).

Thanks

1
azureazure-table-storage
Can you describe what you mean by entity id?Gaurav Mantri
Yeah, it's a string id like "pictures/1234" or "purchase/5221"Felipe Leusin
One more question: Regarding the birds eye view, you would want to see all the actions between certain date/time ranges. Is that correct?Gaurav Mantri
Exactly. Regardless of what entityFelipe Leusin

1 Answers

1
votes

You could certainly create a separate table for the birds eye view but you really don't have to. Considering Azure Tables are schema-less, you can keep this data in the same table as well. You would keep the PartitionKey as reverse ticks and RowKey as entity id. Because you would be querying only on PartitionKey, you can also keep RowKey as GUID as well. This will ensure that all entities are unique. Or you could append a GUID to your entity id and use that as RowKey.

However do keep in mind that because you're inserting two entities with different PartitionKey values, you will have to safegaurd your code against possible network failures as each entry will be a separate request to Table service. The way we're handling this in our application is we write this payload to a queue message and then process that message through a background process.