Configure Audit Logs on AEMaaCS

Hello @daniel-strmecki  You can find all the details specific to AEM as a Cloud Service here - https://developer.adobe.com/events/docs/guides/using/aem/cloud-native/

https://medium.com/tech-learnings/a-comprehensive-guide-to-event-driven-architecture-in-aem-as-a-cloud-from-local-events-to-adobe-a4f59e1193fd

Hope this helps!

Thanks

Narendra

Hello @daniel-strmecki 

Option-1:

To capture audit events on AEM Instance, we can use Day CQ DAM Event Recorder configuration https://techrevel.blog/2019/10/13/aem-asset-reports/

Option-2:

To process events using Adobe I/O: https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/aem-eventing/overview 

Hi @daniel-strmecki 

To configure audit logs in AEMaaCS for operations such as creating, updating, moving, publishing, unpublishing, and deleting assets and pages, follow these steps:

1. Enable the Adobe CQ DAM Event Audit Listener:

   • Access the AEM System Console.
   • Navigate to the "Adobe CQ DAM Event Audit Listener" configuration.
   • Ensure it is enabled. If not, enable it.

2. Configure the Day CQ DAM Event Recorder:

   • In the System Console, locate the "DAMEventRecorderImpl" configuration.
   • Select the events you wish to audit. By default, some events are pre-selected; you can customize this selection based on your requirements.

These configurations will enable audit logging for the specified events in the Digital Asset Management (DAM) system. You can test the setup by performing operations such as modification, replication, or deletion on any asset or page through the AEM console.

Audit logs are stored in the repository under the path /var/audit/. To access them:

• Use CRXDE Lite to navigate to /var/audit/ and review the logs.
• Alternatively, you can enable audit logging to the file system:
  • Go to http://localhost:4502/system/console/slinglog.
  • Locate the audit.log entry (not auditlog.log) and set the log level to DEBUG or TRACE.
  • Save the changes. The audit logs will then be recorded in the /crx-quickstart/logs directory.

Regarding access to audit logs in AEMaaCS, they are not directly available through the Cloud Manager UI. Instead, you can access them via the Cloud Manager API or command-line interface (CLI):

• Using the Cloud Manager API:

  • Set up an integration with Adobe I/O to access Cloud Manager programmatically.
  • Use the API to download or tail logs for specific environments.

• Using the Adobe I/O CLI:

  • Install the Adobe I/O CLI and the Cloud Manager plugin.
  • Authenticate using your Adobe I/O credentials.
  • Use commands like aio cloudmanager:download-logs or aio cloudmanager:tail-log to access logs.

For detailed instructions on accessing and managing logs via the Cloud Manager UI and API, refer to Adobe's documentation.

Additionally, the ACS AEM Commons library provides an Audit Log Search tool that can help in searching and analyzing audit logs within AEM.

Please note that audit logs can consume significant disk space. It's essential to configure audit log purging in AEM to manage and minimize space usage. Regular maintenance tasks, such as the Audit Log Purge, help keep the author instance performant by removing older audit logs.

By following these steps and utilizing the available tools, you can effectively configure and manage audit logs for your AEMaaCS instance.

- Sravan

If you are looking to search or pull up a report based on the audit log events, I recommend using https://adobe-consulting-services.github.io/acs-aem-commons/features/audit-log-search/index.html

@daniel-strmecki Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!