03-17-2017 04:01 AM
I want Alfresco to audit document changes but not folder changes. For instance, if a folder containing a document is deleted, only the document deletion should show up in audit.
In Alfresco 5.1.0 I defined a single audit application `myapp` with this configuration:
audit.tagging.enabled=false
audit.myapp.enabled=true
audit.myapp.sub-actions.enabled=false
audit.filter.myapp.default.enabled=true
audit.filter.myapp.transaction.type=cm:content
audit.filter.myapp.transaction.path=/app:company_home/app:shared/.*
audit.filter.myapp.transaction.action=CREATE|READ|UPDATE CONTENT|CHECK IN|DELETE|COPY|MOVE|DOWNLOAD|addNodeAspect|deleteNodeAspect
If my understanding is correct, `type=cm:content` limits audit events to only those about Alfresco **documents**? If I wanted events about folders too I would write `cm:folder;cm:content` there.
Despite this code, when querying `http://localhost:8080/alfresco/service/api/audit/query/myapp` I still get audit events whenever a **folder** is created or deleted.
What am I doing wrong?
Audit after folder creation:
{
"id":945,
"application":"myapp",
"user":"user1",
"time":"2017-03-16T13:20:59.480+09:00",
"values":
{
"\/bmyapp\/transaction\/action":"CREATE"
,"\/myapp\/transaction\/path":"\/app:company_home\/app:shared\/cm:folder1"
}
},
Audit after folder deletion:
{
"id":947,
"application":"myapp",
"user":"user1",
"time":"2017-03-16T13:24:51.098+09:00",
"values":
{
"\/myapp\/transaction\/action":"DELETE"
,"\/myapp\/transaction\/path":"\/app:company_home\/app:shared\/cm:folder1"
}
},
I am currently reading the Alfresco source code, but I can't find the method where type=cm:content gets parsed/used, if you know where it is the info would be very welcome 🙂
Thanks a lot!
03-17-2017 04:26 AM
The most important thing you have to understand about audit filters is that they work only on "inbound" data. They are not meant to work on data mapped into a specific audit application. By default Alfresco has two major audit producers that can be filtered - "alfresco-access" and "alfresco-api". If you map e.g. "alfresco-access" into your own audit application, you'd have to filter "alfresco-access" and not "myapp". This will also filter data from "alfresco-access" that may be mapped into another audit application "myapp2", but that is one of the long standing drawbacks of audit filtering (described among other issues in MNT-10070 which was closed as "fixed" despite not fixing anything in the actual description).
03-17-2017 04:26 AM
The most important thing you have to understand about audit filters is that they work only on "inbound" data. They are not meant to work on data mapped into a specific audit application. By default Alfresco has two major audit producers that can be filtered - "alfresco-access" and "alfresco-api". If you map e.g. "alfresco-access" into your own audit application, you'd have to filter "alfresco-access" and not "myapp". This will also filter data from "alfresco-access" that may be mapped into another audit application "myapp2", but that is one of the long standing drawbacks of audit filtering (described among other issues in MNT-10070 which was closed as "fixed" despite not fixing anything in the actual description).
Explore our Alfresco products with the links below. Use labels to filter content by product module.