Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-1880

Need clarification of audit filter syntax and usage and share audit logging on custom audit application

    Details

    • Type: Information
    • Status: Closed (View Workflow)
    • Resolution: Not a bug
    • Affects Version/s: 4.0.2
    • Fix Version/s: 4.1.4
    • Component/s: Auditing
    • Labels:
      None
    • Environment:
      RHEL, v4.0.2.9 Alf, Oracle 11g, tomcat
    • ACT Numbers:

      47982

      Description

      1. Based on documents and wikis, we can not determine correct syntax to define a filter for custom audit application. It does not seem to work as expected (audit.filter.<application>.path.property). We need clarification on how to and what can be used for filter parameter, syntax, and whether or not it can be based on the "extracted audit data", "new data", "new audit entry Audit Data" or?

      2. The second issue is related to Share UI which seems to be throwing null http parameter messages when testing custom audit application (click any audited action) and not logging the repo.audit.AuditComponentImpl as expected in application server log and seen when using OOTB alfresco-access audit application. custom-log4j.properties is in both extensions and web-extensions directories with "log4j.logger.org.alfresco.repo.audit.AuditComponentImpl=debug" set.

      side test notes:
      auditing is enabled by default in standard install (see repository.properties) only need to enable application
      extra user created in system usr1

      Case scenario 1:

      > enable OOTB alfresco-access audit application - add to alfresco-global.properties
      audit.alfresco-access.enabled=true
      > increase logging to view auditing actions
      log4j.logger.org.alfresco.repo.audit.AuditComponentImpl=debug
      > restart application server
      > monitor catalina.out log during actions see logging for alfresco-access audit application for admin and usr1
      > implement filter to restrict logging not occur on System, null, admin users - add to alfresco-global.properties

      1. reject any transactions by System, null, admin
        audit.filter.alfresco-access.transaction.user=~System;~null;~admin;.*
        > restart application server
        > monitor catalina.out during actions, note no logging or systsem,null, and admin
        Result see no logging when logged in as admin, see logging when logged in as usr1

      (see logging after restart on timestamp Sep 19, 2012 9:03:50 AM, no issues visualizing logging via alfresco or share interface usr1 access actions)

      Case scenario 2:

      > disable alfresco-access application set in alfresco-global.properties
      audit.alfresco-access.enabled=false

      > enable custom audit application
      audit.AuditNodeData.enabled=true

      > add custom application file to

      {tomcat}

      /shared/classes/alfresco/extension/audit/alfresco-audit-node.xml
      with application <Application name="AuditNodeData" key="node-data">

      records nodeRef,fileName,personFullName,currentUser,systemTime on setProperties/no-error and error, create/no-error and error

      > leave logging at debug - "log4j.logger.org.alfresco.repo.audit.AuditComponentImpl=debug"
      > restart application server
      > monitor catalina.out log during actions see logging for AuditNodeData audit application for admin and usr1 on create and any setProperties action as expected

      ex.
      >>seen on startup>>>
      2012-09-19 08:49:36,340 DEBUG [repo.audit.AuditComponentImpl] [main]
      Extracted audit data:
      Application: AuditApplication[ name=AuditNodeData, id=4, disabledPathsId=565]
      Values:
      /node-data/setProperties/no-error=null
      /node-data/setProperties/args/nodeRef=workspace://SpacesStore/46986a62-803a-4acb-a220-80db373d5a4f
      /node-data/setProperties/args/properties={{http://www.alfresco.org/model/content/1.0}name=46986a62-803a-4acb-a220-80db373d5a4f,

      {http://www.alfresco.org/model/system/1.0}

      node-dbid=808,

      {http://www.alfresco.org/model/system/1.0}

      store-identifier=SpacesStore,

      {http://www.alfresco.org/model/action/1.0}

      parameterName=pageLimit,

      {http://www.alfresco.org/model/system/1.0}

      locale=en_US,

      {http://www.alfresco.org/model/system/1.0}

      node-uuid=46986a62-803a-4acb-a220-80db373d5a4f,

      {http://www.alfresco.org/model/content/1.0}

      modified=Tue Aug 28 11:18:02 EDT 2012,

      {http://www.alfresco.org/model/content/1.0}

      created=Tue Aug 28 11:18:02 EDT 2012,

      {http://www.alfresco.org/model/system/1.0}

      store-protocol=workspace,

      {http://www.alfresco.org/model/action/1.0}

      parameterValue=-1,

      {http://www.alfresco.org/model/content/1.0}

      creator=System,

      {http://www.alfresco.org/model/content/1.0}

      modifier=System}

      New Data:
      /node-data/setProperties/no-error/fileName=46986a62-803a-4acb-a220-80db373d5a4f
      /node-data/setProperties/no-error/nodeRef=workspace://SpacesStore/46986a62-803a-4acb-a220-80db373d5a4f

      2012-09-19 08:49:36,348 DEBUG [repo.audit.AuditComponentImpl] [main]
      New audit entry:
      Application ID: 4
      Entry ID: 4663
      Values:
      /node-data/setProperties/no-error=null
      /node-data/setProperties/args/nodeRef=workspace://SpacesStore/46986a62-803a-4acb-a220-80db373d5a4f
      /node-data/setProperties/args/properties={{http://www.alfresco.org/model/content/1.0}name=46986a62-803a-4acb-a220-80db373d5a4f,

      {http://www.alfresco.org/model/system/1.0}

      node-dbid=808,

      {http://www.alfresco.org/model/system/1.0}

      store-identifier=SpacesStore,

      {http://www.alfresco.org/model/action/1.0}

      parameterName=pageLimit,

      {http://www.alfresco.org/model/system/1.0}

      locale=en_US,

      {http://www.alfresco.org/model/system/1.0}

      node-uuid=46986a62-803a-4acb-a220-80db373d5a4f,

      {http://www.alfresco.org/model/content/1.0}

      modified=Tue Aug 28 11:18:02 EDT 2012,

      {http://www.alfresco.org/model/content/1.0}

      created=Tue Aug 28 11:18:02 EDT 2012,

      {http://www.alfresco.org/model/system/1.0}

      store-protocol=workspace,

      {http://www.alfresco.org/model/action/1.0}

      parameterValue=-1,

      {http://www.alfresco.org/model/content/1.0}

      creator=System,

      {http://www.alfresco.org/model/content/1.0}

      modifier=System}

      Audit Data:
      /node-data/setProperties/no-error/fileName=46986a62-803a-4acb-a220-80db373d5a4f
      /node-data/setProperties/no-error/currentUser=System
      /node-data/setProperties/no-error/nodeRef=workspace://SpacesStore/46986a62-803a-4acb-a220-80db373d5a4f
      /node-data/setProperties/no-error/systemTime=Wed Sep 19 08:49:36 EDT 2012
      /node-data/setProperties/no-error/personFullName=System

      >>test1>>>
      Login SHARE as usr1 navigate to document in site area51 documentlibrary

      • note invalid chunk starting at byte [94] message on clicking documentlibrary link
        INFO: Invalid chunk starting at byte [94] and ending at byte [94] with a value of [null] ignored
      • modify title - no logging except
        Sep 19, 2012 8:58:48 AM org.apache.tomcat.util.http.Parameters processParameters
        INFO: Invalid chunk starting at byte [12] and ending at byte [12] with a value of [null] ignored

      >>test2>>>
      Login ALFRESCO usr1 navigate to same document in site area51 documentlibrary modify name - logging see 2012-09-19 09:00:25,927 DEBUG [repo.audit.AuditComponentImpl] [http-8080-10]

      Note: logging test going forward with custom audit application in alfresco UI to monitor logging proper in test. Should not see logging of no-error on set properties for admin/system/null currentUsers

      FILTER Test
      > implement filter to restrict Not occur on currentUser=admin, system, null users on no-error setProperties, add to alfresco-global.properties

      1. reject any transactions by System, null, admin
        audit.filter.AuditNodeData.setProperties.no-error.currentUser=~System;~null;~admin;.*

      > restart application server
      > repeat test1, test2
      Results: still see new audit entry for usr1,admin,System currentUser via alfresco UI, no logging still vi share UI

      see 2012-09-19 09:46:24,781 DEBUG

      The following will be attached, custom application xml file, copy of alfresco-global.properties, copy of referenced catalina.out log from testing environment.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedissues Closed Issues
                  Reporter:
                  jsoria Jennie Soria [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel