Audit Confluence Using the Tomcat Valve Component
プラットフォームについて: サーバーと Data Center のみ。この記事は、サーバーおよび Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Enable access logging int Confluence 7.11 and later
From Confluence 7.11 access logging is enabled by default.
The log file is saved in <confluence install>/logs/conf_access_log<date>.log
.
Enable access logging in Confluence 7.10 and earlier
In addition to the access logging built into Confluence's audit log, you can also configure Tomcat's Valve Component to log access.
Below are the steps on how to do this in a Confluence instance:
- Edit
<confluence install>/conf/server.xml
. Add the following line within the
<Context > ... </Context>
tags declaration:<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" maxDays="30" pattern="%t %{X-Forwarded-For}i %{X-AUSERNAME}o %I %h %r %s %Dms %b %{Referer}i %{User-Agent}i" prefix="conf_access_log" requestAttributesEnabled="true" rotatable="true" suffix=".log" />
This will log the date and time (%t), the username (%{X-AUSERNAME}o), reverse proxy or load balancer IP (%h) with the client IP (%{X-Forwarded-For}i), request, and type (%s %r), the HTTP status code of the response, time taken to process the request (in milliseconds), bytes sent (excluding headers - %b), the referer (%{Referer}i), and user agent (%{User-Agent}i).
See Access Log valve attributes in the Tomcat 9 documentation for more information on additional attributes.
You can access the log file at <confluence install>/logs/conf_access_log.<date>.log
.
Here is an example of the log output:
[18/Dec/2020:12:57:26 +1100] 192.168.1.15 testuser http-nio-8090-exec-6 0:0:0:0:0:0:0:1 GET /index.action HTTP/1.1 200 1020ms 7881 http://localhost:8090/login.action?os_destination=%2Findex.action&permissionViolation=true Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
To configure AccessLogValve to accept the substituted IP from RemoteIpValve the requestAttributesEnabled attribute also should be enabled (true) as shown below:
<Valve className="org.apache.catalina.valves.AccessLogValve"
requestAttributesEnabled="true"
... EXISTING_ATTRIBUTES ...
/>
See Access Log valve attributes in the Tomcat 9 documentation for more information on the requestAttributesEnabled attribute.
Earlier access log pattern
If you configured the access log valve prior to Confluence 7.11, your log syntax may be different from the suggested pattern above.
Here is our previous recommendation.
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="conf_access_log"
suffix=".log"
pattern="%t %{X-AUSERNAME}o %{User-Agent}i %h %m %r %b %s %D %I"
/>
See Access Log valve attributes in the Tomcat 9 documentation for more information on each of the attributes.