Audit
Audit trail allows an administrator to record user activity in the system. An audit trail typically captures the who, what, when and where. The default implementation is based on Log4j 2 and the files used for logging can be configured to suit your requirements. Magnolia also provides a Log Viewer tool, located in the Tools menu, to visualize these and other log files.
auditLogging
configuration
This feature is configured in the log4j2.xml
file and in the auditLogging
configuration.
Defining loggers
Here you define the loggers to be used by the audit logging.
Here is an example extracted from the application log4j2.xml
:
<RollingFile name="sync-log-audit"
fileName="${magnolia.logs.dir}/magnolia-audit.log"
filePattern="${magnolia.logs.dir}/magnolia-audit-%i.log"
append="true">
<PatternLayout pattern="%d{dd.MM.yyyy HH:mm:ss}%m%n"/>
<Policies>
<SizeBasedTriggeringPolicy size="1MB"/>
</Policies>
<DefaultRolloverStrategy max="5"/>
</RollingFile>
<Async name="log-audit">
<AppenderRef ref="sync-log-audit"/>
</Async>
Defining actions
Define the actions you want to log in auditLogging
configuration.
You can enable the preconfigured actions and define which logger they should use.
Define separators for each action or use the default separator (comma) for all of them.
Node name |
Value |
📁 server |
|
📁 auditLogging |
|
⸬ logConfigurations |
|
⸬ deactivate |
|
⸬ activate |
|
⬩ active |
false |
⬩ logName |
log-audit |
⸬ copy |
|
⸬ login |
|
⸬ logout |
|
⸬ move |
|
⸬ modify |
|
⸬ create |
|
⸬ delete |
|
⬩ class |
info.magnolia.audit.AuditLoggingManager |
⬩ defaultSeparator |
, |
Below is an extract of the log output.
The general pattern is when, what, who, where
.
20.10.2008 11:59:33 , create , superuser , website , /untitled4
The move
and copy
actions log the source node path and the destination
node path.
The login
action logs the IP address and the result.
21.10.2008 12:21:59, logout, anonymous
21.10.2008 12:22:05, login, superuser, 127.0.0.1, Success
Excluding workspaces
To reduce the amount of noise in your logs, you way want to exclude certain workspaces in the auditLogging configuration even when logging is activated for a certain action. Examples:
-
If you have logging activated for the
create
action, you may want to exclude themessages
workspace from the logs so that the creation of messages isn’t logged. -
If you have logging activated for the
modify
action, you may want to exclude theuserranking
workspace from the logs to avoid the log being flooded with entries every minute when users search for terms.
To exclude a workspace from auditLogging:
-
In the Configuration app, go to
server/auditLogging
. -
Add a content node named
excludeWorkspaces
. -
Under that node, add a property for each workspace you want to exclude. The value of the node should be the workspace name.
Node name
Value
Type
📁 server
…
📁 auditLogging
📁 logConfigurations
⸬ excludeWorkspaces
⬩ Messages workspace
messages
String
⬩ User Based Ranker
userranking
String
⬩ class
info.magnolia.audit.AuditLoggingManager
String
⬩defaultSeparator
,
String
…
Including metadata
By default, auditLogging
ignores changes to properties and nodes prefixed with jcr:
or mgnl:
.
You can configure a list of properties to audit those property changes.
In the example configuration below, page template modifications are included.
To whitelist a property:
-
In the Configuration app, go to
/server/auditLogging
. -
Add a content node named
includeMetadata
. -
Under that node, add a property for each node/property name you want to include.
/server/auditLogging Node name Value 📁 auditLogging
⬩ defaultSeparator
,
⬩ class
info.magnolia.audit.AuditLoggingManager
📁 logConfigurations
⸬ includeMetadata
⬩ template
mgnl:template
The
mgnl:template
property is included in the audit logging.