Audit

Audit trail allows an administrator to record user activity in the system. An audit trail typically captures the who, what, when and where. The default implementation is based on Log4j 2 and the files used for logging can be configured to suit your requirements. Magnolia also provides a Log Viewer tool, located in the Tools menu, to visualize these and other log files.

Configuration

This feature is configured in the log4j2.xml file and in the auditLogging configuration.

log4j2.xml

Here you define the loggers to be used by the audit logging. Here is an example extracted from the application log4j2.xml :

<RollingFile name="sync-log-audit"
             fileName="${magnolia.logs.dir}/magnolia-audit.log"
             filePattern="${magnolia.logs.dir}/magnolia-audit-%i.log"
             append="true">
   <PatternLayout pattern="%d{dd.MM.yyyy HH:mm:ss}%m%n"/>
  <Policies>
    <SizeBasedTriggeringPolicy size="1MB"/>
  </Policies>
  <DefaultRolloverStrategy max="5"/>
</RollingFile>
<Async name="log-audit">
  <AppenderRef ref="sync-log-audit"/>
</Async>

auditLogging configuration

Define the actions you want to log in auditLogging configuration. You can enable the preconfigured actions and define which logger they should use. Define separators for each action or use the default separator (comma) for all of them.

Defining the actions to log in auditLogging configuration

Below is an extract of the log output. The general pattern is when, what, who, where.

20.10.2008 11:59:33 , create , superuser , website , /untitled4

The move and copy actions log the source node path and the destination node path.

The login action logs the IP address and the result.

21.10.2008 12:21:59, logout, anonymous
21.10.2008 12:22:05, login, superuser, 127.0.0.1, Success

Excluding workspaces from auditLogging

To reduce the amount of noise in your logs, you way want to exclude certain workspaces in the auditLogging configuration even when logging is activated for a certain action. Examples:

  • If you have logging activated for the create action, you may want to exclude the messages workspace from the logs so that the creation of messages isn’t logged.

  • If you have logging activated for the modify action, you may want to exclude the userranking workspace from the logs to avoid the log being flooded with entries every minute when users search for terms.

To exclude a workspace from auditLogging:

  1. In the Configuration app, go to server/auditLogging.

  2. Add a content node named excludeWorkspaces.

  3. Under that node, add a property for each workspace you want to exclude. The value of the node should be the workspace name.

    AuditLogging configuration excluding messages and userranking workspaces

Related topics
Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules