I want Alfresco to audit document changes but not folder changes. For instance, if a folder containing a document is deleted, only the document deletion should show up in audit.
In Alfresco 5.1.0 I defined a single audit application `myapp` with this configuration:
audit.tagging.enabled=false
audit.myapp.enabled=true
audit.myapp.sub-actions.enabled=false
audit.filter.myapp.default.enabled=true
audit.filter.myapp.transaction.type=cm:content
audit.filter.myapp.transaction.path=/app:company_home/app:shared/.*
audit.filter.myapp.transaction.action=CREATE|READ|UPDATE CONTENT|CHECK IN|DELETE|COPY|MOVE|DOWNLOAD|addNodeAspect|deleteNodeAspect
If my understanding is correct, `type=cm:content` limits audit events to only those about Alfresco **documents**? If I wanted events about folders too I would write `cm:folder;cm:content` there.
Despite this code, when querying `http://localhost:8080/alfresco/service/api/audit/query/myapp` I still get audit events whenever a **folder** is created or deleted.
What am I doing wrong?
Audit after folder creation:
{
"id":945,
"application":"myapp",
"user":"user1",
"time":"2017-03-16T13:20:59.480+09:00",
"values":
{
"\/bmyapp\/transaction\/action":"CREATE"
,"\/myapp\/transaction\/path":"\/app:company_home\/app:shared\/cm:folder1"
}
},
Audit after folder deletion:
{
"id":947,
"application":"myapp",
"user":"user1",
"time":"2017-03-16T13:24:51.098+09:00",
"values":
{
"\/myapp\/transaction\/action":"DELETE"
,"\/myapp\/transaction\/path":"\/app:company_home\/app:shared\/cm:folder1"
}
},
I am currently reading the Alfresco source code, but I can't find the method where type=cm:content gets parsed/used, if you know where it is the info would be very welcome :-)
Thanks a lot!
Solved! Go to Solution.
The most important thing you have to understand about audit filters is that they work only on "inbound" data. They are not meant to work on data mapped into a specific audit application. By default Alfresco has two major audit producers that can be filtered - "alfresco-access" and "alfresco-api". If you map e.g. "alfresco-access" into your own audit application, you'd have to filter "alfresco-access" and not "myapp". This will also filter data from "alfresco-access" that may be mapped into another audit application "myapp2", but that is one of the long standing drawbacks of audit filtering (described among other issues in MNT-10070 which was closed as "fixed" despite not fixing anything in the actual description).
The most important thing you have to understand about audit filters is that they work only on "inbound" data. They are not meant to work on data mapped into a specific audit application. By default Alfresco has two major audit producers that can be filtered - "alfresco-access" and "alfresco-api". If you map e.g. "alfresco-access" into your own audit application, you'd have to filter "alfresco-access" and not "myapp". This will also filter data from "alfresco-access" that may be mapped into another audit application "myapp2", but that is one of the long standing drawbacks of audit filtering (described among other issues in MNT-10070 which was closed as "fixed" despite not fixing anything in the actual description).
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.