Confluence 4.0 : How to audit Confluence - enabling user access logging
This page last changed on Aug 17, 2011 by halatas@atlassian.com.
Often, for auditing purposes, administrators need to know who did what on their Confluence site. Notifications are not ideally suited for this purpose. Application servers are able to log the requested URL, but they cannot determine the currently logged in user. This log is not currently formatted to be accessible to web log analysis tools such as AwStats as it lacks a host and get method, so must be viewed manually. Instead, you can generate a basic log indicating which users are accessing which pages in Confluence. Confluence has a built-in access logging mechanism that shows the user and URL invoked. To enable it, you need to modify a couple of configuration files and restart Confluence. Configuring the AccessLogFilterThere is a simple AccessLogFilter in Confluence than can be enabled via Note: Please do not modify the application-wide web descriptor, To enable user access logging:
Logging information being stored in the Advanced configurationYou can choose to redirect the access log to a different file by adding a new RollingFileAppender at the top of log4j.appender.accesslog=org.apache.log4j.RollingFileAppender log4j.appender.accesslog.Threshold=DEBUG log4j.appender.accesslog.File=$\{catalina.home\}/logs/atlassian-confluence-access.log log4j.appender.accesslog.MaxFileSize=20480KB log4j.appender.accesslog.MaxBackupIndex=5 log4j.appender.accesslog.layout=com.atlassian.confluence.util.PatternLayoutWithStackTrace log4j.appender.accesslog.layout.ConversionPattern=%d %p \[%t\] \[%c\{4\}\] %M %m%n Find this line: \#log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO Change it to this: log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO, accesslog log4j.additivity.com.atlassian.confluence.util.AccessLogFilter=false The web.xml url-pattern given above only matches page views (/display/*). You could change the url-pattern, or duplicate the entire filter-mapping to log access for different kinds of access (/admin/* for admin functions, /pages/* for edits and creates, etc. Note that /pages/editpage.action* doesn't work). What is LoggedThe log file will contain the following values separated by spaces:
Example: 2008-08-08 10:33:05,359 INFO [atlassian.confluence.util.AccessLogFilter] init AccessLogFilter initialized. Format is: <user> <url> <starting memory free (kb)> +- <difference in free mem (kb)> <query time (ms)> <remote address> 2008-08-08 10:47:27,015 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds 42025-154 15 127.0.0.1 2008-08-08 10:47:27,187 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Confluence+Overview 41805+982 172 127.0.0.1 2008-08-08 10:47:36,296 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Breadcrumb+demonstration 42102-6660 156 127.0.0.1 2008-08-08 11:08:16,875 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/test+firelite 34362-1616 188 127.0.0.1 2008-08-08 11:47:01,890 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand 59711-148 0 127.0.0.1 2008-08-08 11:47:02,171 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand/Home 59497-2302 234 127.0.0.1 2008-08-08 11:47:04,500 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Tasklist 57124+155 1266 127.0.0.1 The above may be preceded by additional log4j-generated text, depending on the log4j pattern which is configured. Other OptionsGoogle AnalyticsGoogle Analytics can be easily integrated with Confluence for access tracking. After signing up, copy the Javascript and paste it into the 'Before end of <body>' section of Administration, Custom HTML. This will put the Javascript on every page generated by Confluence. This might not work correctly if your users are behind a firewall or authenticated proxy. For more information on using Google Analytics with Confluence you may wish to refer to this blog post by David Simpson. Tomcat Valve Component access logRefer to How to Audit Confluence Using Tomcat Valve Component. Notes
RELATED TOPICSWorking with Confluence Logs |
![]() |
Document generated by Confluence on Sep 19, 2011 02:50 |