A data producer generates data that can potentially be audited. Data is generated from repository services and methods and sent to the Audit Component by calling its AuditComponent.recordAuditValues() method. The only requirement is that each packet of data is a Map of values keyed by logical path names, relative to a specified root path. These paths are specific to the producers and thus identify the unique data producer. There are three main data producers:
-
alfresco-api - all low-level events such as workflow actions, user creations and deletions. It records all values before and after the method invocation for all services/methods using org.alfresco.repo.audit.AuditMethodInterceptor.
The values passed to the audit component (assuming auditing is enabled) are:
/alfresco-api /pre /<service> /<method> /args /<arg-name>=<value> /<arg-name>=<value> ... /service /post /<service> /<method> /args /<arg-name>=<value> /<arg-name>=<value> ... /result=<value> /error=<value> /no-error=<null>
-
alfresco-access - all content related actions, such as node create, move, delete, aspect add and remove, content read, content update, check in, check out, cancel, and so on. The class is org.alfresco.repo.audit.access.AccessAuditor. It creates high level audit records on the creation, deletion, modification and access of content and folders. Lower level events are grouped together by transaction and node.
Node and Content changes generate the following audit structure. Elements are omitted if not changed by the transaction. The /sub-action/<sequence> structure holds details of each sub-action, but are only included if the global property audit.alfresco-access.sub-actions.enabled=true.
/alfresco-access /transaction /action=<actionName> /sub-actions=<sub action list> /path=<prefixPath> /type=<prefixType> /node=<nodeRef> /user=<user> /copy /from /node=<nodeRef> /path=<prefixPath> /type=<prefixType> /move /from /node=<nodeRef> /path=<prefixPath> /type=<prefixType> /properties /from=<mapOfValues> /<propertyName>=<propertyValue> /to=<mapOfValues> /<propertyName>=<propertyValue> /add=<mapOfValues> /<propertyName>=<propertyValue> /delete=<mapOfValues> /<propertyName>=<propertyValue> /aspects /add=<mapOfNames> /<aspectName>=null /delete=<mapOfNames> /<aspectName>=null /version-properties=<mapOfValues> /sub-action/<sequence> /action=<actionName> /move ... /properties ... /aspects ... Example data: /alfresco-access/transaction/action=MOVE /alfresco-access/transaction/node=workspace://SpacesStore/74a5985a-45dd-4698-82db-8eaeff9df8d7 /alfresco-access/transaction/move/from/node=workspace://SpacesStore/d8a0dfd8-fe45-47da-acc2-fd8df9ea2b2e /alfresco-access/transaction/move/from/path=/app:company_home/st:sites/cm:abc/cm:documentLibrary/cm:folder1/cm:Word 123.docx /alfresco-access/transaction/move/from/type=cm:folder /alfresco-access/transaction/path=/app:company_home/st:sites/cm:abc/cm:documentLibrary/cm:folder2/cm:Word 123.docx /alfresco-access/transaction/sub-actions=moveNode readContent /alfresco-access/transaction/type=cm:content /alfresco-access/transaction/user=admin /alfresco-access/transaction/sub-action/00/action=moveNode /alfresco-access/transaction/sub-action/00/move/from/node=workspace://SpacesStore/d8a0dfd8-fe45-47da-acc2-fd8df9ea2b2e /alfresco-access/transaction/sub-action/00/move/from/path=/app:company_home/st:sites/cm:abc/cm:documentLibrary/cm:folder1/cm:Word 123.docx /alfresco-access/transaction/sub-action/00/move/from/type=cm:folder /alfresco-access/transaction/sub-action/01/action=readContent
The trace output from this class may be useful to developers as it logs method calls grouped by transaction. The debug output is of the audit records written and full inbound audit data. However, for developers, trace will provide a more readable form. Set the following dev-log4j2.properties:
appender.rolling.filter.threshold.type=ThresholdFilter appender.rolling.filter.threshold.level=trace logger.alfresco-repo-audit-access-AccessAuditor.name=org.alfresco.repo.audit.access.AccessAuditor logger.alfresco-repo-audit-access-AccessAuditor.level=trace
-
alfresco-node - used to audit/track beforeDeleteNode policy. The class is org.alfresco.repo.node.NodeAuditor.