Often, for auditing purposes, administrators need to know who did what. Notifications are not ideally suited for this purpose. Instead, you can generate a basic log indicating which users are accessing which pages in Confluence. Application servers are able to log the requested URL, but they cannot determine the currently logged in user. This log is not currently formatted to be accessible to web log analysis tools such as AwStats as it lacks a host and get method, so must be viewed manually.

Similar to JIRA, Confluence has a built-in access logging mechanism, which shows the user and URL invoked. To enable it, you need to modify a couple of configuration files and restart Confluence.

AccessLogFilter の構成

There is a simple AccessLogFilter in Confluence than can be enabled via confluence/WEB-INF/classes/log4j.properties and confluence/WEB-INF/web.xml.

アプリケーション全体の web ディスクリプタである $server/conf/web.xml は変更しないでください。これを行っても効果はなく、Confluence が破壊される可能性があります。

  1. Uncomment these line in log4j.properties: 
    log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO
  2. Enable the filter in web.xml by removing the comments around these lines: 
    <filter-mapping>
    <filter-name>AccessLogFilter</filter-name>
    <url-pattern>/display/*</url-pattern>
    <url-pattern>*.action</url-pattern>
</filter-mapping>
    Notice that the *.action pattern is added optionally to log the actions of Confluence in addition to the page views, such as user logins by specifying login.action. This combination of URL patterns will work for all URLs. You can further modify the pattern by adjusting the url-pattern field.

    For troubleshooting purposes, often it is useful to capture all accesses to Confluence. To do this use this filter mapping in web.xml instead of the above:

    <filter-mapping>
   <filter-name>AccessLogFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
  3. Confluence を再起動します。

This will result in logging information being stored in the atlassian-confluence.log file in the confluence-home directory.

高度な設定

After this is working, you could redirect the access log to a different file by adding a new RollingFileAppender at the top of log4j.properties:

log4j.appender.accesslog=org.apache.log4j.RollingFileAppender
log4j.appender.accesslog.Threshold=DEBUG
log4j.appender.accesslog.File=${catalina.home}/logs/atlassian-confluence-access.log
log4j.appender.accesslog.MaxFileSize=20480KB
log4j.appender.accesslog.MaxBackupIndex=5
log4j.appender.accesslog.layout=com.atlassian.confluence.util.PatternLayoutWithStackTrace
log4j.appender.accesslog.layout.ConversionPattern=%d %p [%c{4}] %M %m%n

次の行を見つけます。

#log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO

次のように変更します。

log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO, accesslog
log4j.additivity.com.atlassian.confluence.util.AccessLogFilter=false

上述の web.xml の url-pattern はページ ビュー (/display/*) にのみマッチします。url-pattern を変更したり、別の種類のアクセスをログするようにフィルターマッピング全体を複製したりすることができます (管理機能については /admin/*、編集および作成については /pages/* など。/pages/editpage.action* は動作しない点にご注意ください)。

What is logged

The format produced is the following values separated by spaces:

  1. ユーザー名。ユーザーが存在しない場合は "-"
  2. URL
  3. リクエスト開始時の VM の空きメモリ (KB 単位)
  4. リクエスト完了後の空きメモリの変更量 (KB 単位)
  5. リクエストにかかった時間 (ミリ秒単位)
  6. リモート アドレス

例: 

2008-08-08 10:33:05,359 INFO [atlassian.confluence.util.AccessLogFilter] init AccessLogFilter initialized. Format is: <user> <url> <starting memory free (kb)> +- <difference in free mem (kb)> <query time (ms)> <remote address>
2008-08-08 10:47:27,015 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds 42025-154 15 127.0.0.1
2008-08-08 10:47:27,187 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Confluence+Overview 41805+982 172 127.0.0.1
2008-08-08 10:47:36,296 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Breadcrumb+demonstration 42102-6660 156 127.0.0.1
2008-08-08 11:08:16,875 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/test+firelite 34362-1616 188 127.0.0.1
2008-08-08 11:47:01,890 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand 59711-148 0 127.0.0.1
2008-08-08 11:47:02,171 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand/Home 59497-2302 234 127.0.0.1
2008-08-08 11:47:04,500 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Tasklist 57124+155 1266 127.0.0.1

構成されている log4j パターンによっては、上述のログでは追加の log4j 生成テキストが先行している可能性があります。

Another option: Google Analytics

Google Analytics can be easily integrated with Confluence for access tracking.

サインアップ後、JavaScript をコピーし、[管理] > [カスタム HTML] の "Before end of <body>" セクションにペーストします。これにより、Confluence が生成するすべてのページに JavaScript が含まれます。

ユーザーがファイアウォールや認証済みのプロキシの背後にいる場合、これは適切に動作しない可能性があります。

For more information on using Google Analytics with Confluence you may wish to refer to this blog post by David Simpson.

関連トピック

Working with Confluence Logs
How to Audit Confluence Using Tomcat Valve Component

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.