This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Enabling Audit Logs
Audit logs contain log information of all security related user activities that occurred in the WSO2 App Manager server. User activities that affect operations/procedures, events and files are listed along with the user responsible and the time stamp. Audit logs can be used to trace missing records (e.g. to identify compliance issues or to investigate fraudulent activities).
Audit logs can be enabled for the following user actions in the App Publisher and App Store,
App Publisher | App Store |
---|---|
|
|
To enable audit logs, open the
<APPM_HOME>/repository/conf/log4j.properties
file and append the following audit log configurations,Â# Configure audit log for auditing purposes log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log log4j.appender.AUDIT_LOGFILE.Append=true log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S] log4j.appender.AUDIT_LOGFILE.threshold=INFO log4j.additivity.AUDIT_LOG=false
- If the WSO2 App Manager server is already running, restart the server.
- Notice that an
audit.log
file is created in the<APPM_HOME>/repository/logs
 folder. Once any of the above user actions occur, the relevant logs are generated and persisted in the
audit.log
file. User log in, app creation, update and delete actions contain audit logs similar to the example below,[2016-06-22 09:47:24,242] INFO - Initiator : admin@carbon.super | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "6003337f-ec87-4bbb-8ada-32a89ba1c99a","AuthenticatedUser" : "admin@carbon.super","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "publisher","RequestType" : "samlsso","RelyingParty" : "publisher","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNDY2NTY5MDQ0MjI4MzAwMCwiaWF0IjoxNDY2NTY5MDQ0MjI4LCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19." } | Result : Success [2016-06-22 09:47:24,619] INFO - "Time" : "2016-06-22 09:47:24 +0530 ", "Action" : "User SignedIn ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "", "SubjectID" : "" [2016-06-22 09:47:30,061] INFO - "Time" : "2016-06-22 09:47:30 +0530 ", "Action" : "NewPolicyCreated ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "", "SubjectID" : "" [2016-06-22 09:48:00,371] INFO - "Time" : "2016-06-22 09:48:00 +0530 ", "Action" : "NewAssetAdded ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "webapp", "SubjectID" : "{providerName='admin', apiName='travelApp', version='v1'}" [2016-06-22 09:48:00,580] INFO - Initiator : admin | Action : create | Target : 0 | Data : { travelApp-v1 } | Result : Success [2016-06-22 09:48:00,689] INFO - Initiator : admin | Action : update | Target : 21 | Data : { travelApp-v1 } | Result : Success [2016-06-22 09:49:37,522] INFO - "Time" : "2016-06-22 09:49:37 +0530 ", "Action" : "AssetUpdated ","TenantID" : "-1234","UserName" : "admin ", "Subject" : "webapp", "SubjectID" : "{providerName='admin', apiName='travelApp', version='v1'}" [2016-06-22 09:50:03,527] INFO - "Time" : "2016-06-22 09:50:03 +0530 ", "Action" : "AssetDeleted ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "webapp", "SubjectID" : "{providerName='admin', apiName='travelApp', version='v1'}"