Audit

Audit trail allows an administrator to keep track of user actions. The default implementation is based on log4j and the files used for logging can therefore be configured in any way you like. Magnolia also provides a Log Viewer tool, located in the Tools menu, to visualize these and other log files.

Configuration

This feature is configured in two places, log4j.xml file and in the application configuration section.

log4j.xml

Here you define the loggers to be used by the audit logging. Here is an example extracted from the application log4j:

<appender name="sync-log-audit" class="org.apache.log4j.RollingFileAppender">
    <param name="File" value="${magnolia.app.rootdir}/logs/magnolia-audit.log" />
    <param name="MaxFileSize" value="1MB" />
    <param name="MaxBackupIndex" value="5" />
    <param name="Append" value="true" />
    <layout class="org.apache.log4j.PatternLayout">
      <param name="ConversionPattern" value="%d{dd.MM.yyyy HH:mm:ss}%m%n" />
    </layout>
  </appender>
  <appender name="log-audit" class="org.apache.log4j.AsyncAppender">
    <appender-ref ref="sync-log-audit" />
  </appender>
<category name="log-audit" additivity="false">
    <appender-ref ref="log-audit" />
 </category>

Configuration section

Here you define the actions that will be logged. You can enable the preconfigured actions and define which logger they should use. Here you also define separators for each action or use the default separator for all of them.

Below is an extract of the output of the logs. Format is: date, action performed, user ID, workspace, nodepath.

20.10.2008 11:59:33 , create , superuser , website , /untitled4

For actions move and copy it will add the original node path and the destination node path.

For actions login and logout the output differs. Date, user IID, action, and for login also the IP and the result of the action are logged:

21.10.2008 12:21:59, logout, anonymous
21.10.2008 12:22:05, login, superuser, 127.0.0.1, Success