Audit Logs
Contents
XP registers successfully completed actions that affect content, applications, principals and ID providers in the system.auditlog
repository.
Principals and ID providers
In order to enable or disable audit logs for actions affecting ID providers and principal entities (such as users
, roles
and groups
) you have to modify configuration file com.enonic.xp.security.cfg
and set auditlog.enabled
option to true
to enable or false
to disable logging. Default value is true
.
auditlog.enabled = true
XP registers the following actions for principals and ID providers:
system.security.principal.create
- a principal (user, group or role) has been createdsystem.security.principal.update
- a principal (user, group or role) has been updatedsystem.security.principal.delete
- a principal (user, group or role) has been deletedsystem.security.principal.addRelationship
- a principal joins a group or a rolesystem.security.principal.removeRelationship
- a principal leaves a group or a rolesystem.security.principal.removeRelationships
- all group or role relationships have been removed (deprecated)system.security.principal.setPassword
- new password has been set for a usersystem.security.idProvider.create
- an ID provider has been createdsystem.security.idProvider.update
- an ID provider has been updatedsystem.security.idProvider.delete
- an ID provider has been deleted
Below you can see some examples of how data is stored for various actions:
system.security.principal.addRelationship
User user:system:username
has been added to group group:system:usergroup
.
{
"type": "system.security.principal.addRelationship",
"source": "com.enonic.xp.security",
"user": "user:system:admin",
"objects": ["user:system:username","group:system:usergroup"],
"data": {
"params": {
"principal": "user:system:username",
"joins": "group:system:usergroup"
}
}
}
Role role:system.admin
has been assigned to user user:system:username
.
{
"type": "system.security.principal.addRelationship",
"source": "com.enonic.xp.security",
"user": "user:system:admin",
"objects": ["user:system:username","role:system.admin"],
"data": {
"params": {
"principal": "user:system:username",
"joins": "role:system.admin"
}
}
}
Group group:system:group1
has been added to group group:system:group2
.
{
"type": "system.security.principal.addRelationship",
"source": "com.enonic.xp.security",
"user": "user:system:admin",
"objects": ["group:system:group1","group:system:group2"],
"data": {
"params": {
"principal": "group:system:group1",
"joins": "group:system:group2"
}
}
}
system.security.principal.removeRelationship
Role role:system.admin
has been unassigned from user user:system:username
.
{
"type": "system.security.principal.removeRelationship",
"source": "com.enonic.xp.security",
"user": "user:system:admin",
"objects": ["user:system:username","role:system.admin"],
"data": {
"params": {
"principal": "user:system:username",
"leaves": "role:system.admin"
}
}
}
Application
In order to enable or disable audit logs for application actions you have to modify configuration file com.enonic.xp.app.cfg
and set auditlog.enabled
option to true
to enable or false
to disable logging. Default value is true
.
auditlog.enabled = true
XP registers the following actions for applications:
system.application.start
- an application has been startedsystem.application.stop
- an application has been stoppedsystem.application.install
- an application has been installedsystem.application.uninstall
- an application has been uninstalled
Content
In order to enable or disable audit logs for content actions you have to modify configuration file com.enonic.xp.content.cfg
and set auditlog.enabled
option to true
to enable or false
to disable logging. Default value is true
.
auditlog.enabled = true
XP registers the following actions for content:
system.content.create
- a content has been created, for instance,content
,site
ormedia
system.content.update
- a content has been updatedsystem.content.delete
- a content has been deletedsystem.content.publish
- a content has been publishedsystem.content.unpublishContent
- a content has been unpublishedsystem.content.duplicate
- a content has been duplicatedsystem.content.move
- a content has been movedsystem.content.archive
- a content has been archivedsystem.content.restore
- a content has been restoredsystem.content.rename
- a content has been renamedsystem.content.setActiveContentVersion
- an activeContentVersion has been set for the contentsystem.content.setChildOrder
- achildOrder
has been setsystem.content.reorderChildren
- achildOrder
has been reorderedsystem.content.applyPermissions
- content permissions have been appliedsystem.content.reprocess
- a content has been reprocessed