AnsweredAssumed Answered

Alfresco 4.2 Audit Filter

Question asked by luca on Feb 1, 2017
Latest reply on Feb 3, 2017 by luca

Hi,

I'm trying to filter data in the build in alfresco-access audit application, but it's not working.

I want to audit only READ and DELETE actions and exclude one particular user called synchronizer, so in my alfresco-global.properties I put this:

# Audit
audit.enabled=true
audit.tagging.enabled=false
audit.alfresco-access.enabled=true

# audit access-filter
audit.filter.alfresco-access.default.enabled=false
audit.filter.alfresco-access.default.user=~System;~null;~synchronizer;.*
audit.filter.alfresco-access.default.type=cm:folder;cm:content
audit.filter.alfresco-access.default.path=/app:company_home/.*
audit.filter.alfresco-access.transaction.user=~System;~null;~synchronizer;.*
audit.filter.alfresco-access.transaction.action=READ;DELETE
audit.filter.alfresco-access.login.user=~System;~null;~synchronizer;.*

In the log I see that login from synchronizer user are stored in the audit tables:

2017-02-01 18:18:45,067  DEBUG [repo.audit.AuditComponentImpl] [http-bio-8881-exec-5]
Extracted audit data:
        Application:    AuditApplication[ name=alfresco-access, id=2, disabledPathsId=5694]
        Values:
                /alfresco-access/login=null
                /alfresco-access/loginUser=synchronizer




        New Data:
                /alfresco-access/login/user=synchronizer




 2017-02-01 18:18:45,070  DEBUG [repo.audit.AuditComponentImpl] [http-bio-8881-exec-5]
New audit entry:
        Application ID: 2
        Entry ID:       58797
        Values:
                /alfresco-access/login=null
                /alfresco-access/loginUser=synchronizer




        Audit Data:
                /alfresco-access/login/user=synchronizer

Outcomes