Audit log is not populated when artifacts are deployed

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.0-beta-3
  • Fix Version/s: 1.0-beta-4
  • Component/s: Users/Security
  • Labels:
    None

Description

The audit.log file should contain an entry when any of the following events occurs: create directory, remove directory, create file, modify file, remove file.

After a release, the audit.log file only contained:

2007-09-13 19:27:55 - Logging Initialized.

There are no other audit log files. (I would have expected to see some with dates in the filename, the others are configured to roll on a daily basis.)

(Needs to be verified with 1.0-beta-3 or later.)

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Joakim Erdfelt added a comment -

A fix has been committed to archiva/trunk revision 587908.

A review of the message text would be useful now.

Show
Joakim Erdfelt added a comment - A fix has been committed to archiva/trunk revision 587908. A review of the message text would be useful now.
Hide
Permalink
Wendy Smoak added a comment -

Where is the message text you would like reviewed? (I don't see it in r587908.)

Show
Wendy Smoak added a comment - Where is the message text you would like reviewed? (I don't see it in r587908.)
Hide
Permalink
Wendy Smoak added a comment -

From IRC:
joakim: wsmoak_, re MRM-564 (audit.log) - go ahead and deploy a few things on your copy of archiva/trunk (releases / snapshots / etc) and check out the message text.
wsmoak_: where in the code? it will be a lot faster
joakim: is there anything missing in the text that you think should be there? is there anything in the text that is too noisy?
joakim: AuditLog.java in archiva-webapp
wsmoak_: the next needs to say: who, what (artifact) where (repo? path?) and when
joakim: ok, that's a useful sentance. add it to that jira.

I'm not likely to have time to set up a test for this, but I can review it if you attach a log file.

I don't see anything in the AuditLog.java code that looks like it logs the user who performed the action.

Show
Wendy Smoak added a comment - From IRC: joakim: wsmoak_, re MRM-564 (audit.log) - go ahead and deploy a few things on your copy of archiva/trunk (releases / snapshots / etc) and check out the message text. wsmoak_: where in the code? it will be a lot faster joakim: is there anything missing in the text that you think should be there? is there anything in the text that is too noisy? joakim: AuditLog.java in archiva-webapp wsmoak_: the next needs to say: who, what (artifact) where (repo? path?) and when joakim: ok, that's a useful sentance. add it to that jira. I'm not likely to have time to set up a test for this, but I can review it if you attach a log file. I don't see anything in the AuditLog.java code that looks like it logs the user who performed the action.
Hide
Permalink
Joakim Erdfelt added a comment -

Committed fix to archiva/trunk at revision 593246.

Still need to hook up repository purge to audit log.

Unanswered questions.

Do we need audit logging for the following?
1) Repository Configuration Create
2) Repository Configuration Edit
3) Repository Configuration Delete
4) Proxy Connector Create
5) Proxy Connector Edit
6) Proxy Connector Delete
7) Metadata Merge
8) Auto-Remove Consumer
9) Auto-Rename Consumer
10) Scan Start
11) Scan End

In a discussion with Wendy on IRC the only concern would be what would we use for the userid / remote ip / and whatnot?

Moving this discussion over to mailing list.

Show
Joakim Erdfelt added a comment - Committed fix to archiva/trunk at revision 593246. Still need to hook up repository purge to audit log. Unanswered questions. Do we need audit logging for the following? 1) Repository Configuration Create 2) Repository Configuration Edit 3) Repository Configuration Delete 4) Proxy Connector Create 5) Proxy Connector Edit 6) Proxy Connector Delete 7) Metadata Merge 8) Auto-Remove Consumer 9) Auto-Rename Consumer 10) Scan Start 11) Scan End In a discussion with Wendy on IRC the only concern would be what would we use for the userid / remote ip / and whatnot? Moving this discussion over to mailing list.
Hide
Permalink
Joakim Erdfelt added a comment -

Closing this jira as fixed, as it only mentions logging Deployed content.

If we decide to log other content (see Mailing List) then we will open a new jira for that content.
Thread: http://www.nabble.com/-DISCUSS---MRM-564--Audit-Logging.-tf4772818.html

Show
Joakim Erdfelt added a comment - Closing this jira as fixed, as it only mentions logging Deployed content. If we decide to log other content (see Mailing List) then we will open a new jira for that content. Thread: http://www.nabble.com/-DISCUSS---MRM-564--Audit-Logging.-tf4772818.html
Hide
Permalink
Wendy Smoak added a comment -

The summary may only say 'deploy' but the description says 'create directory, remove directory, create file, modify file, remove file'.

I don't consider this fixed unless it logs files that change or disappear via automated processes. (There is no "undeploy" from the command line afaik...)

Show
Wendy Smoak added a comment - The summary may only say 'deploy' but the description says 'create directory, remove directory, create file, modify file, remove file'. I don't consider this fixed unless it logs files that change or disappear via automated processes. (There is no "undeploy" from the command line afaik...)

People

  • Assignee:
    Joakim Erdfelt
    Reporter:
    Wendy Smoak
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: