AnsweredAssumed Answered

Auditing search queries

Question asked by florentdelannoy on Oct 10, 2014
Latest reply on Oct 15, 2014 by florentdelannoy
Hi,

As part of a project, I need to be able to audit searches performed by users in Alfresco (running 4.2.f from the maven archetype).

I've set up the Auditing subsystem, which works as advertised, but the SearchService is not part of the default alfresco-access application so I set out to create my own audit application:


  <PathMappings>
    <PathMap source="/alfresco-api/post/SearchService/query" target="/searchaudit/query" />
  </PathMappings>


  <Application name="SearchAudit" key="searchaudit">
    <AuditPath key="query">
      <AuditPath key="no-error">
        <RecordValue key="args" dataExtractor="simpleValue" dataSource="/searchaudit/query/args" />
        <GenerateValue key="user" dataGenerator="personFullName" />
      </AuditPath>
    </AuditPath>
  </Application>


I got those paths by turning on the extended audit logging which showed me these values when doing a search:


2014-10-10 15:16:51,719  DEBUG [repo.audit.inbound] [http-bio-8080-exec-4]
Inbound audit values:
   /alfresco-api/post/SearchService/query/args=null
   /alfresco-api/post/SearchService/query/no-error=null
   /alfresco-api/post/SearchService/query/result=org.alfresco.repo.search.impl.lucene.PagingLuceneResultSet@109d90ef


The application is loaded properly and appears as started in http://localhost:8080/alfresco/service/api/audit/control

And values appear when fetching http://localhost:8080/alfresco/service/api/audit/query/SearchAudit?verbose=true

However, no matter how I try, I cannot get this to record the terms that have been searched for (which I gather are in the /args part of the query?), only the user shows. Actually it appears as if the args are never recorded - 'args' always appear to be null both in the logs and when passing it to a custom dataExtractor I wrote and wired in for debugging purpose.

Obviously the SearchService has to be passed some sort of arguments to perform a search, so these cannot be null under the hood.

Looking at the code for SearchService.java, we can see the proper @Auditable annotations are set up where needed, so it looks like there's no problem here.

So my questions are…

- Am I doing something obviously wrong with the auditing subsystem?
- If not, how can I actually record the search terms though the auditing system?

Thanks in advance,
Florent

Outcomes