How to log / monitor user activity in AEM6 | Adobe Higher Education
Skip to main content
Naidu_Jakkana
Naidu_Jakkana
Level 2
December 9, 2015
Resuelto

How to log / monitor user activity in AEM6

  • December 9, 2015
  • 9 respuestas
  • 10276 visualizaciones

Team,

I would like to understand the way to capture all the user activities including

  1.  All successful and unsuccessful login attempts
  2. All logoffs
  3. Successful and unsuccessful attempts to escalate privileges
  4. Creation, modification, and deletion of user accounts, groups, and privileges
  5.  Users switching IDs during an active session
  6.  Attempts to perform unauthorized functions
  7.  Activity performed by privileged accounts
  8. Additions, deletions and modifications to security/audit log parameters or log contents

 

I have created  user-activity.log with debug mode for following loggers

com.day.cq.security
org.apache.jackrabbit.oak.security
org.apache.jackrabbit.oak.spi.security

org.apache.jackrabbit.core.audit

 

 

Is there any other way to get the user activity information  ?     Thanks for help.

Este tema ha sido cerrado para respuestas.
Mejor respuesta de leeasling

Technically you could implement a filter which could output to any log you configure it to write to.

package com.project.core.impl.filters; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.felix.scr.annotations.sling.SlingFilter; import org.apache.felix.scr.annotations.sling.SlingFilterScope; import org.apache.sling.api.SlingHttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Simple servlet filter component that logs incoming requests. */ @SlingFilter(order = -700, scope = SlingFilterScope.REQUEST) public class LoggingFilter implements Filter { private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class); @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException { final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request; logger.debug("request for {}, with selector {}", slingRequest .getRequestPathInfo().getResourcePath(), slingRequest .getRequestPathInfo().getSelectorString()); filterChain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) {} @Override public void destroy() {} }

With every request, you can check the path, or any other piece of information and output a log entry for tracking activity.  For example, if you want to track a login, you could check the path for "j_security_check".  Same for logoff (but different path).  I would spend some time playing around with these filters to achieve what you would like to happen.

9 respuestas

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
December 9, 2015

Well, What about implementing analytics tracking for each user activity. For instance, Using Site catalyst framework, You could track each user activity.

There are also other tools for the monitoring purpose: SITE24*7, "SPLASH" etc.

https://www.site24x7.com/

http://www.splashmonitoring.com/get-started/

--

Jitendra

Naidu_Jakkana
Naidu_JakkanaAutor
Level 2
December 9, 2015
Well, all these,solutions works for publisher and end user sites. My requirement is limited to only author. All authors , authorized users activities should be tracked.
kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
December 9, 2015

Hi 

We can use some external tools to get most of above stated information:-

1. Wireshark is cross platform and the best tool for inspecting network traffic. It is reliable and well tested and lots of documentation on how to use it.

2. Fiddler is specialized in HTTP(S) packet monitoring, manipulation and generation, so it provides such features as requested in the question in an easier way.

 

You can get logs for all the HTTP requests and according to the request's url path you can classify them. For Example..

Request 1 : abc.com/r1 (page acess)

Request 2 : abc.com/r2?param1=val1&param2=val2 (login form submersion)

So using the string in URL you can categorize them or classify them.

 

PS:- This is for out going requests. We can also monitor this for incoming requests.

I hope this would help you.

Thanks and Regards

Kautuk Sahni

Kautuk Sahni
Naidu_Jakkana
Naidu_JakkanaAutor
Level 2
December 14, 2015

My requirement to limited to only author instance and also it does not about http requests.    I have to keep  check what are the activities are being done by author (whoever logged into author instance).

edubey
edubey
Level 10
December 14, 2015

Just wondering, you can implement some analytic or custom analytics only on author instance.

L
leeaslingRespuesta
Level 8
December 15, 2015

Technically you could implement a filter which could output to any log you configure it to write to.

package com.project.core.impl.filters; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.felix.scr.annotations.sling.SlingFilter; import org.apache.felix.scr.annotations.sling.SlingFilterScope; import org.apache.sling.api.SlingHttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Simple servlet filter component that logs incoming requests. */ @SlingFilter(order = -700, scope = SlingFilterScope.REQUEST) public class LoggingFilter implements Filter { private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class); @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException { final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request; logger.debug("request for {}, with selector {}", slingRequest .getRequestPathInfo().getResourcePath(), slingRequest .getRequestPathInfo().getSelectorString()); filterChain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) {} @Override public void destroy() {} }

With every request, you can check the path, or any other piece of information and output a log entry for tracking activity.  For example, if you want to track a login, you could check the path for "j_security_check".  Same for logoff (but different path).  I would spend some time playing around with these filters to achieve what you would like to happen.

J
Joyraj
March 31, 2022

Hi, I am not able to see the path "j_security_check" or any specific path for login. Could you please help me what path should I chose for login. Thanks.

Amit_Kumar
Amit_Kumar
Level 10
December 15, 2015

Apart from using the analytics for author instance You have two options:

1. Change log level of access and request logs in author and you will be able to get everything in the log file in raw format.

2. implement a custom logger to log everything in your desired format and use that logger to log access and request logs for authorized/not authorized access or request to your instance.

 

Thanks 

Amit

Naidu_Jakkana
Naidu_JakkanaAutor
Level 2
December 15, 2015

Thanks Leeasling and Amit.  I will try this approach.  Already we have error log filter.  Let me implement on more filter for user activity.

Naidu_Jakkana
Naidu_JakkanaAutor
Level 2
December 18, 2015

leeasling wrote...

Technically you could implement a filter which could output to any log you configure it to write to.

  1. package com.project.core.impl.filters;
  2.  
  3. import java.io.IOException;
  4.  
  5. import javax.servlet.Filter;
  6. import javax.servlet.FilterChain;
  7. import javax.servlet.FilterConfig;
  8. import javax.servlet.ServletException;
  9. import javax.servlet.ServletRequest;
  10. import javax.servlet.ServletResponse;
  11.  
  12. import org.apache.felix.scr.annotations.sling.SlingFilter;
  13. import org.apache.felix.scr.annotations.sling.SlingFilterScope;
  14. import org.apache.sling.api.SlingHttpServletRequest;
  15. import org.slf4j.Logger;
  16. import org.slf4j.LoggerFactory;
  17.  
  18. /**
  19. * Simple servlet filter component that logs incoming requests.
  20. */
  21. @SlingFilter(order = -700, scope = SlingFilterScope.REQUEST)
  22. public class LoggingFilter implements Filter {
  23.  
  24. private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class);
  25.  
  26. @Override
  27. public void doFilter(final ServletRequest request, final ServletResponse response,
  28. final FilterChain filterChain) throws IOException, ServletException {
  29.  
  30. final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request;
  31. logger.debug("request for {}, with selector {}", slingRequest
  32. .getRequestPathInfo().getResourcePath(), slingRequest
  33. .getRequestPathInfo().getSelectorString());
  34.  
  35. filterChain.doFilter(request, response);
  36. }
  37.  
  38. @Override
  39. public void init(FilterConfig filterConfig) {}
  40.  
  41. @Override
  42. public void destroy() {}
  43.  
  44. }

With every request, you can check the path, or any other piece of information and output a log entry for tracking activity.  For example, if you want to track a login, you could check the path for "j_security_check".  Same for logoff (but different path).  I would spend some time playing around with these filters to achieve what you would like to happen.

 


this works well. Thanks for your report.  Also  i have added event listener to capture few events for /content , /etc , /libs and /home to track few things.

Términos y condicionesAccessibility statement

Loading footer...