Audit log folder access

cancel
Showing results for 
Search instead for 
Did you mean: 
akring
Active Member II

Audit log folder access

I cannot see audit log entries for folder access of normal users (user access to content nodes is available in the audit logs). I am using the following audit settings:

 

audit.alfresco-access.enabled=true
audit.filter.alfresco-access.default.enabled=true
audit.filter.alfresco-access.transaction.path=/app:company_home/st:sites/.*
audit.filter.alfresco-access.default.path=/app:company_home/st:sites/.*

apart from these default setting provided by the repository.properties file:

 

# Audit configuration
audit.enabled=true
audit.tagging.enabled=true
audit.alfresco-access.enabled=false
audit.alfresco-access.sub-actions.enabled=false
audit.cmischangelog.enabled=false
audit.dod5015.enabled=false
# Setting this flag to true will force startup failure when invalid audit configurations are detected
audit.config.strict=false
# Audit map filter for AccessAuditor - restricts recorded events to user driven events 
audit.filter.alfresco-access.default.enabled=false
audit.filter.alfresco-access.transaction.user=~System;~null;.*
audit.filter.alfresco-access.transaction.type=cm:folder;cm:content;st:site
audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.*

As I understand it the setting above should ensure that user access to folders is audit logged, but doing a

 

 

$ curl -X GET -u admin:admin 'http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/audit-entries?maxItems=100'

where a9099aa6-25eb-4b2d-98c3-f234ceaed2b8 is the nodeId of a folder just returns a single entry which is a result of the creation of the node by the admin user. The following calls from the network tab in the browser inspector reveals that the folder node actually has been visited by a normal user (username = bruce):

 

https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?fields=isFile%2CparentId%2Cid
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8?include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames
https://some.domain/alfresco/api/-default-/public/alfresco/versions/1/nodes/a9099aa6-25eb-4b2d-98c3-f234ceaed2b8/children?maxItems=2147483647&orderBy=isFolder%20desc%2Cname%20asc&include=path%2Cproperties%2CallowableOperations%2Cpermissions%2CaspectNames&includeSource=true

So I am a bit puzzled why the above folder access from the user bruce is not shown in the audit log. Any ideas why this could be?

 

 

 

2 Replies
afaust
Master

Re: Audit log folder access

Regular read access to nodes is not logged via alfresco-access - neither for content nor folders. The only read-access that is logged is an explicit content access, which obviously only applies to nodes of type content or which have any other type/aspect defining a content property. In the audit entry this content access should be appropriately be listed as a "readContent" action / event, not to be confused with a metadata / listing read access.

akring
Active Member II

Re: Audit log folder access

Ok - thanks a lot for clearifying this