Introduction #

Many organizations have the need to produce a audit trail of user actions. In many countries this is mandated by law and the data might need to be stored for long time. Audit Service provides a pluggable way of storing the audit trail from Liferay Portal and plugins. The information is then processed by Audit Service plugin that can store the information into log files or database or both.

Architecture #

Audit Service leverages Liferays Lightweight Message Bus and Plugin architecture. The service itself is a plugin that handles the processing and logging of the audit messages sent through the Message Bus. Any plugin can then produce audit messages to the audit message bus destination. A set of audit message producers is implanted as a hook plugin to provide information on login, logout, user information changes, user role changes etc.

Figure 1. Audit Service Architecture

Audit Event Message #

The audit event message is pushed to the message bus in JSON format allowing the stored data to be easily extended. The table below describes the message fields and their data type.

Field Type Description
companyId LONG Portal instance companyId
userId LONG User ID of user performing the action
userName STRING Username of the user performing the action
className STRING Target object class name id
classPK STRING Target object primary key
type STRING Action type
sessionID STRING HTTP Session ID
clientIP STRING Remote client IP address
serverIP STRING Originating server IP
timestamp DATETIME Event timestamp
additionalInfo STRING Additional information for the action in JSON format

Audit Plugin #

Audit plugin registers a new destination (liferay/audit) and listener to the message bus. The listener dispatches the messages to the audit service for processing. Different processors can be registered with the audit service. By default the plugin comes with a Database Processor and Log4J Processor. Processors can be either be global or for a specific event type. For instance database processor would be global but Log processor would be only for login events.

Figure 2. Audit Service Class Diagram

Processors #

Database Processor #

Database processor stores all events to database for later analysis. This information could be searched through a portlet. The database size can quite quick become huge if lot of information is logged. Then an archival or cleanup task should be used to keep the table size reasonable.

Figure 3. Database Processor Class Diagram

Log4J Processor #

Log4J processor logs the event information using Log4J logging framework. With Log4J configuration the information can be directed to a log file or even to another system through JMS, SMTP or SysLog. If the information is logged to a log file the file rolling and archival can be configured through log4j configuration file. The default log formatter is CSV formatter that formats the messages in CSV for easy importing into Excel. Also a JSON formatter is provided and can be configured in WEB-INF/classes/META-INF/ext-spring.xml. With property audit.log.csv.columns you can control which fields from audit message are logged and what their order is. By default all fields are logged in the order defined in Table 1.

Audit Reports #

Audit plugin comes with a reporting portlet. It allows you to search and browse the audit events stored into database.

Audit Hooks #

Liferay provides a lot of places to hook for creating custom audit hooks. By default audit service comes with following hooks to provide information of services like authentication, authorization and user management:

Hook Event Type Description
Login login Logs all logins. Implemented by com.liferay.portal.audit.events.authentication.LoginAudit
Logout logout Logs all logouts. Implemented by com.liferay.portal.audit.events.authentication.LogoutAudit
Login Failure login-failure Logs all login failures. Implemented by com.liferay.portal.audit.events.authentication.LoginFailureAudit
Impersonation impersonate Logs when impersonation is started. Implemented by com.liferay.portal.audit.events.user.ImpersonationAudit
Role create role-create Logs removal of a role. Implemented by com.liferay.portal.audit.events.user.RoleModificationAudit
Role remove role-remove Logs removal of a role. Implemented by com.liferay.portal.audit.events.user.RoleModificationAudit
Role update role Logs update of a role. Implemented by com.liferay.portal.audit.events.user.RoleModificationAudit
Role grant role-grant Logs role assignment to User, User Group, Organization or Community. Implemented by com.liferay.portal.audit.events.user.RoleModificationAudit for regular roles and com.liferay.portal.audit.events.user.UserGroupRoleModificationAudit for Organization and Community roles. value.object.listener.com.liferay.portal.model.Role=com.liferay.portal.audit.events.user.RoleModificationAudit
Role revoke role-revoke Logs role removal to User, User Group, Organization or Community. Implemented by com.liferay.portal.audit.events.user.RoleModificationAudit for regular roles and com.liferay.portal.audit.events.user.UserGroupRoleModificationAudit for Organization and Community roles. value.object.listener.com.liferay.portal.model.Role=com.liferay.portal.audit.events.user.RoleModificationAudit
User create user-create
User remove user-remove
User update profile
User contact update profile
User address update profile
User Group create usergroup-create
User Group remove usergroup-delete
User Group update usergroup-update

Installation and Configuration Reference #

For auditing to work you need to install audit-portlet and audit-hook from plugins incubation and you need to use the portal trunk until 5.3 is released.

Future Improvements #

Archiving #

Database can quickly fill up with audit events if all the user activities are audited and thus a archiving solution needs to be developed.

More audit hooks #

More hooks need to developed for being able to audit all the user activities on the portal.

6 附件
76992 查看
平均 (0 票)
满分为 5,平均得分为 0.0。
评论
讨论主题回复 作者 日期
Nice feature, Thanks. Jonas Yuan 2009年9月8日 上午7:12
Really interesting. Is it avaliable only in... Denis Signoretto 2009年9月9日 上午9:10
Some of the audit hooks require Liferay 5.3. Mika Koivisto 2009年9月10日 下午2:06
Really good feature. Nagendra Kumar Busam 2009年9月11日 上午4:42
It is very useful features. please let us know ... Gnaniyar Zubair 2009年9月10日 上午4:40
You can download it from SVN... Mika Koivisto 2009年9月10日 下午2:03
You really need to add community and org for... Lisa Simpson 2009年9月11日 上午9:52
Nice Feature! Eagerly waiting!! Anand Abhyankar 2009年12月14日 上午3:47
Lots of customers ask for this! Looking forward... Juan Fernández 2009年12月15日 上午12:02
When can we expect 5.3 to arrive? Gunnar Velle 2010年1月8日 上午2:40
Hi Is this feature already available in... Renee Talabucon 2010年7月13日 上午12:01
Hello! I have few questions: 1) Is there is a... Sergei Shimanski 2010年11月15日 上午1:46
Yes, where can we find this functionality in... Peter Mesotten 2010年12月1日 上午1:46
The Audit portlet and hook will be available... Randall Hidajat 2010年12月20日 下午3:08
When 6.0.11 is expected to get released? Ahamed Hasan 2010年12月28日 上午10:00
This audit service is at least available in... David García González 2011年1月25日 上午2:09
Is there any documentation on how we can create... Chris Chan 2011年2月2日 下午6:47
Is there any documentation at all besides this... Jake Abernathy 2011年4月22日 下午3:33
HI All! I want use audit -portlet in... Miller Huang 2011年9月13日 上午12:19
I have Liferay EE 6.0 SP1. How do I install or... James Cameron 2011年10月24日 下午11:38
Hi David, You can download it from the same... Christopher Lui 2011年11月2日 下午2:28
Thanks Christopher. Where may documentation on... James Cameron 2011年11月9日 下午5:08
cool feature......., but where can we get its... Amey Panke 2012年1月5日 下午8:22
Want to use this feature. Where to find this... Mihir Jha 2012年1月16日 下午10:27
It would be helpful to have some more in-depth... Adam Spence 2012年1月26日 下午1:07

在 09-9-8 上午7:12 发帖。
Really interesting. Is it avaliable only in Lifera 5.3? Where can I download it?
在 09-9-9 上午9:10 发帖。
It is very useful features. please let us know where can we download this Audit Plugin?
在 09-9-10 上午4:40 发帖。
You can download it from SVN svn://svn.liferay.com/repos/public/plugins/incubation
在 09-9-10 下午2:03 发帖以回复 Gnaniyar Zubair
Some of the audit hooks require Liferay 5.3.
在 09-9-10 下午2:06 发帖以回复 Denis Signoretto
在 09-9-11 上午4:42 发帖以回复 Mika Koivisto
You really need to add community and org for the CREATE, REMOVE, and UPDATE. Not just the User Group.
在 09-9-11 上午9:52 发帖。
Nice Feature!
Eagerly waiting!!
在 09-12-14 上午3:47 发帖。
Lots of customers ask for this! Looking forward to using it.

By the way, thanks for documenting its implementation (class diagrams finally! emoticon)

A nice article would be "how to improve/customize the audit service portlet" so that we can do what Lisa Simpson says or to audit whatever we want (for example docs edit or blog posting)
Regards
在 09-12-15 上午12:02 发帖。
When can we expect 5.3 to arrive?
在 10-1-8 上午2:40 发帖。
Hi

Is this feature already available in Liferay 6? (i'm using RC 1)
在 10-7-13 上午12:01 发帖。
Hello!
I have few questions:
1) Is there is a link between this feature and User Behaviour Tracking (
http://www.liferay.com/community/wiki/-/wiki/Main/User+Behavior+Tracking)?
2) I have a licensed EE6, but 'Audit' tab doesn't appear in Control Panel. So where i can download audit-portlet to install?
在 10-11-15 上午1:46 发帖以回复 Renee Talabucon
Yes, where can we find this functionality in Liferay 6 EE?
在 10-12-1 上午1:46 发帖以回复 Sergei Shimanski
The Audit portlet and hook will be available with Liferay 6.0.11
在 10-12-20 下午3:08 发帖以回复 Peter Mesotten
When 6.0.11 is expected to get released?
在 10-12-28 上午10:00 发帖以回复 Randall Hidajat
This audit service is at least available in Liferay 6 SP1 EE. I dont know if it is available in the CE.
在 11-1-25 上午2:09 发帖。
Is there any documentation on how we can create our own audit hooks?

Thanks in advance,
Chris
在 11-2-2 下午6:47 发帖。
Is there any documentation at all besides this wiki?
在 11-4-22 下午3:33 发帖以回复 Chris Chan
HI All!
I want use audit -portlet in liferay6.0.5CE,but when i deploy it to liferay and use it ,i see the logs

07:20:38,004 ERROR [jsp:154] com.liferay.portal.kernel.bean.BeanLocatorException: BeanLocator has not been set
at com.liferay.portal.kernel.bean.PortletBeanLocatorUtil.locate(PortletBeanLocatorU­til.java:40)
at com.liferay.portal.audit.service.AuditEventLocalServiceUtil.getService(AuditEven­tLocalServiceUtil.java:149)
at com.liferay.portal.audit.service.AuditEventLocalServiceUtil.countEvents(AuditEve­ntLocalServiceUtil.java:121)
at org.apache.jsp.view_jsp._jspService(view_jsp.java:627)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
­at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilt­erChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.­java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java­:646)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.j­ava:551)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.jav­a:488)
at com.liferay.portlet.PortletRequestDispatcherImpl.dispatch(PortletRequestDispatch­erImpl.java:315)
at com.liferay.portlet.PortletRequestDispatcherImpl.include(PortletRequestDispatche­rImpl.java:104)
at com.liferay.util.bridges.mvc.MVCPortlet.include(MVCPortlet.java:328)
at com.liferay.util.bridges.mvc.MVCPortlet.include(MVCPortlet.java:343)
at com.liferay.util.bridges.mvc.MVCPortlet.doView(MVCPortlet.java:127)

i do not know why ?anybody know this???

Thanks....
在 11-9-13 上午12:19 发帖以回复 Jake Abernathy
I have Liferay EE 6.0 SP1. How do I install or enable the Audit Plugin? I can't seem to find any documentation on this.
在 11-10-24 下午11:38 发帖以回复 huang Miller min
Hi David,

You can download it from the same customer portal where the EE bundles are stored. Please find the Audit Plugin and Audit Hook.
在 11-11-2 下午2:28 发帖以回复 David Munro-Ford
Thanks Christopher. Where may documentation on configuring this plugin, and a definitive list of all events that can be logged / audited?
在 11-11-9 下午5:08 发帖以回复 Christopher Lui
cool feature......., but where can we get its proper documentation??
在 12-1-5 下午8:22 发帖以回复 David Munro-Ford
Want to use this feature. Where to find this plugin and other detail?
在 12-1-16 下午10:27 发帖以回复 Amey Panke
It would be helpful to have some more in-depth documentation on how to actually use the Audit portlet. I'm not able to deploy the portlet(I believe because the display category is set to "category.hidden", I tried changing this to "Audits" to no avail, it still doesn't show up in the menu).
在 12-1-26 下午1:07 发帖。