Hyland Connect

thanakorn · ‎07-19-2016

Hi, I'm found a user access to alfresco in audit dashlet every morning.

[ sub-actions : readContent ]
[ action : READ ]
[ type : cm:thumbnail ]
[ path : /app:company_home/st:sites/cm

rivate-site/cm:documentLibrary/cm:XXX/cm:XXX.pdf/cm:doclib ]
[ user : xxx ]

today at time 04:57 am.
yesterday 05:55 am.

After that, I'm going to go check localhost_access_log

xx.xx.xx.xx - - [19/Jul/2016:04:57:50 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/ HTTP/1.1" 200 28973
xx.xx.xx.xx - - [19/Jul/2016:04:57:50 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/?repositoryId=-default- HTTP/1.1" 200 28973
xx.xx.xx.xx - - [19/Jul/2016:04:57:50 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/id?id=29b8a275-9626-4f93-9d74-8f6e3fe2bafe&filter=&includeAllowableActions=true&includeACL=false&includePolicyIds=false&includeRelationships=none&renditionFilter=cmis%3Anone HTTP/1.1" 200 7439
xx.xx.xx.xx - - [19/Jul/2016:04:57:50 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=cmis%3Afolder HTTP/1.1" 200 12331
xx.xx.xx.xx - - [19/Jul/2016:04:57:50 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=P%3Acm%3Atitled HTTP/1.1" 200 12317
xx.xx.xx.xx - - [19/Jul/2016:04:57:50 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=P%3Asys%3Alocalized HTTP/1.1" 200 11041
xx.xx.xx.xx - - [19/Jul/2016:04:57:51 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=P%3Aapp%3Auifacets HTTP/1.1" 200 12986
127.0.0.1 - - [19/Jul/2016:04:57:51 +0700] "POST /solr4/alfresco/cmis?wt=json&fl=DBID%2Cscore&rows=50&df=TEXT&start=0&locale=en&alternativeDic=DEFAULT_DICTIONARY&cmisVersion=CMIS_1_0&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON HTTP/1.1" 200 659
xx.xx.xx.xx - - [19/Jul/2016:04:57:51 +0700] "POST /alfresco/api/-default-/public/cmis/versions/1.0/atom/query HTTP/1.1" 201 4030
xx.xx.xx.xx - - [19/Jul/2016:04:57:51 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/path?path=%2FData%20Dictionary%2FMobile&filter=&includeAllowableActions=true&includeACL=false&includePolicyIds=false&includeRelationships=none&renditionFilter=cmis%3Anone HTTP/1.1" 404 7924
xx.xx.xx.xx - - [19/Jul/2016:04:57:51 +0700] "POST /alfresco/api/-default-/public/cmis/versions/1.0/atom/query HTTP/1.1" 201 735
xx.xx.xx.xx - - [19/Jul/2016:04:57:51 +0700] "POST /alfresco/api/-default-/public/cmis/versions/1.0/atom/query HTTP/1.1" 201 4584
xx.xx.xx.xx - - [19/Jul/2016:04:57:51 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/id?id=34601dcf-f38c-4f4f-a06c-689e2e97b527&filter=&includeAllowableActions=&includeACL=&includePolicyIds=&includeRelationships=&renditionFilter= HTTP/1.1" 200 7742
xx.xx.xx.xx - - [19/Jul/2016:04:57:52 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/children?id=34601dcf-f38c-4f4f-a06c-689e2e97b527&orderBy=cmis%3Aname%20ASC&includeAllowableActions=true&includeRelationships=none&renditionFilter=cmis%3Anone&includePathSegment=true&maxItems=100&skipCount=0 HTTP/1.1" 200 14947
xx.xx.xx.xx - - [19/Jul/2016:04:57:52 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=cmis%3Adocument HTTP/1.1" 200 21410
xx.xx.xx.xx - - [19/Jul/2016:04:57:52 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=P%3Arn%3Arenditioned HTTP/1.1" 200 11058
xx.xx.xx.xx - - [19/Jul/2016:04:57:52 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=P%3Acm%3Aauthor HTTP/1.1" 200 11635
xx.xx.xx.xx - - [19/Jul/2016:04:57:52 +0700] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/type?id=P%3Acm%3AthumbnailModification HTTP/1.1" 200 11943
xx.xx.xx.xx - - [19/Jul/2016:04:57:52 +0700] "GET /alfresco/api/-default-/public/alfresco/versions/1/people/xxx/favorites?where=(EXISTS(target/file))&maxItems=50&skipCount=0 HTTP/1.1" 200 112
xx.xx.xx.xx - - [19/Jul/2016:04:57:53 +0700] "GET /alfresco/api/-default-/public/alfresco/versions/1/people/xxx/favorites?where=(EXISTS(target/folder))&maxItems=50&skipCount=0 HTTP/1.1" 200 112

what does id mean??

thank you

thanakorn · ‎07-20-2016

Who can help me please.

afaust · ‎07-27-2016

Someone is likely using the Alfresco Mobile client (on Android / iOS) to access your Alfresco system. The audit entry you are seeing is just the client accessing a thumbnail of a document. Some of the entries in the access log point to a sub-folder of the Data Dictionary related to mobile clients, and it is showing access via the CMIS protocol which the mobile clients rely on.

So far, all perfectly normal.

thanakorn · ‎07-31-2016

Thankyou very much and i have 1 question

127.0.0.1 - - [18/Jul/2016:13:45:48 +0700] "GET /alfresco/s/remoteadm/has/alfresco/site-data/components/page.component-2-3.user~admin~dashboard%23default.xml?s=sitestore&alf_ticket=TICKET_834b8816f860b1fa63e45068ef8ac304dfbcdc11 HTTP/1.1" 200 5
127.0.0.1 - - [18/Jul/2016:13:45:52 +0700] "POST /alfresco/s/remoteadm/update/alfresco/site-data/components/page.component-2-3.user~admin~dashboard.xml?s=sitestore&alf_ticket=TICKET_834b8816f860b1fa63e45068ef8ac304dfbcdc11 HTTP/1.1" 200 -
xx.xx.xx.xx - - [18/Jul/2016:13:45:52 +0700] "POST /share/service/modules/dashlet/config/page.component-2-3.user~admin~dashboard%23default HTTP/1.1" 200 2

What does it mean ?

Thankyou

afaust · ‎08-01-2016

These are calls to get the definitions of the dashboard page and some of its components for the Share UI.

Hyland Connect

alfresco log and audit dashlet