Expand my Community achievements bar.

SOLVED

How to log / monitor user activity in AEM6

Avatar

Level 2

Team,

I would like to understand the way to capture all the user activities including

  1.  All successful and unsuccessful login attempts
  2. All logoffs
  3. Successful and unsuccessful attempts to escalate privileges
  4. Creation, modification, and deletion of user accounts, groups, and privileges
  5.  Users switching IDs during an active session
  6.  Attempts to perform unauthorized functions
  7.  Activity performed by privileged accounts
  8. Additions, deletions and modifications to security/audit log parameters or log contents

 

I have created  user-activity.log with debug mode for following loggers

com.day.cq.security
org.apache.jackrabbit.oak.security
org.apache.jackrabbit.oak.spi.security

org.apache.jackrabbit.core.audit

 

 

Is there any other way to get the user activity information  ?     Thanks for help.

1 Accepted Solution

Avatar

Correct answer by
Level 8

Technically you could implement a filter which could output to any log you configure it to write to.

package com.project.core.impl.filters; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.felix.scr.annotations.sling.SlingFilter; import org.apache.felix.scr.annotations.sling.SlingFilterScope; import org.apache.sling.api.SlingHttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Simple servlet filter component that logs incoming requests. */ @SlingFilter(order = -700, scope = SlingFilterScope.REQUEST) public class LoggingFilter implements Filter { private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class); @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException { final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request; logger.debug("request for {}, with selector {}", slingRequest .getRequestPathInfo().getResourcePath(), slingRequest .getRequestPathInfo().getSelectorString()); filterChain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) {} @Override public void destroy() {} }

With every request, you can check the path, or any other piece of information and output a log entry for tracking activity.  For example, if you want to track a login, you could check the path for "j_security_check".  Same for logoff (but different path).  I would spend some time playing around with these filters to achieve what you would like to happen.

View solution in original post

10 Replies

Avatar

Level 9

Well, What about implementing analytics tracking for each user activity. For instance, Using Site catalyst framework, You could track each user activity.

There are also other tools for the monitoring purpose: SITE24*7, "SPLASH" etc.

https://www.site24x7.com/

http://www.splashmonitoring.com/get-started/

--

Jitendra

Avatar

Level 2
Well, all these,solutions works for publisher and end user sites. My requirement is limited to only author. All authors , authorized users activities should be tracked.

Avatar

Administrator

Hi 

We can use some external tools to get most of above stated information:-

1. Wireshark is cross platform and the best tool for inspecting network traffic. It is reliable and well tested and lots of documentation on how to use it.

2. Fiddler is specialized in HTTP(S) packet monitoring, manipulation and generation, so it provides such features as requested in the question in an easier way.

 

You can get logs for all the HTTP requests and according to the request's url path you can classify them. For Example..

Request 1 : abc.com/r1 (page acess)

Request 2 : abc.com/r2?param1=val1&param2=val2 (login form submersion)

So using the string in URL you can categorize them or classify them.

 

PS:- This is for out going requests. We can also monitor this for incoming requests.

I hope this would help you.

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

Avatar

Level 2

My requirement to limited to only author instance and also it does not about http requests.    I have to keep  check what are the activities are being done by author (whoever logged into author instance).

Avatar

Level 10

Just wondering, you can implement some analytic or custom analytics only on author instance.

Avatar

Correct answer by
Level 8

Technically you could implement a filter which could output to any log you configure it to write to.

package com.project.core.impl.filters; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.felix.scr.annotations.sling.SlingFilter; import org.apache.felix.scr.annotations.sling.SlingFilterScope; import org.apache.sling.api.SlingHttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Simple servlet filter component that logs incoming requests. */ @SlingFilter(order = -700, scope = SlingFilterScope.REQUEST) public class LoggingFilter implements Filter { private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class); @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException { final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request; logger.debug("request for {}, with selector {}", slingRequest .getRequestPathInfo().getResourcePath(), slingRequest .getRequestPathInfo().getSelectorString()); filterChain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) {} @Override public void destroy() {} }

With every request, you can check the path, or any other piece of information and output a log entry for tracking activity.  For example, if you want to track a login, you could check the path for "j_security_check".  Same for logoff (but different path).  I would spend some time playing around with these filters to achieve what you would like to happen.

Avatar

Level 1

Hi, I am not able to see the path "j_security_check" or any specific path for login. Could you please help me what path should I chose for login. Thanks.

Avatar

Level 10

Apart from using the analytics for author instance You have two options:

1. Change log level of access and request logs in author and you will be able to get everything in the log file in raw format.

2. implement a custom logger to log everything in your desired format and use that logger to log access and request logs for authorized/not authorized access or request to your instance.

 

Thanks 

Amit

Avatar

Level 2

Thanks Leeasling and Amit.  I will try this approach.  Already we have error log filter.  Let me implement on more filter for user activity.

Avatar

Level 2

leeasling wrote...

Technically you could implement a filter which could output to any log you configure it to write to.

  1. package com.project.core.impl.filters;
  2.  
  3. import java.io.IOException;
  4.  
  5. import javax.servlet.Filter;
  6. import javax.servlet.FilterChain;
  7. import javax.servlet.FilterConfig;
  8. import javax.servlet.ServletException;
  9. import javax.servlet.ServletRequest;
  10. import javax.servlet.ServletResponse;
  11.  
  12. import org.apache.felix.scr.annotations.sling.SlingFilter;
  13. import org.apache.felix.scr.annotations.sling.SlingFilterScope;
  14. import org.apache.sling.api.SlingHttpServletRequest;
  15. import org.slf4j.Logger;
  16. import org.slf4j.LoggerFactory;
  17.  
  18. /**
  19. * Simple servlet filter component that logs incoming requests.
  20. */
  21. @SlingFilter(order = -700, scope = SlingFilterScope.REQUEST)
  22. public class LoggingFilter implements Filter {
  23.  
  24. private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class);
  25.  
  26. @Override
  27. public void doFilter(final ServletRequest request, final ServletResponse response,
  28. final FilterChain filterChain) throws IOException, ServletException {
  29.  
  30. final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request;
  31. logger.debug("request for {}, with selector {}", slingRequest
  32. .getRequestPathInfo().getResourcePath(), slingRequest
  33. .getRequestPathInfo().getSelectorString());
  34.  
  35. filterChain.doFilter(request, response);
  36. }
  37.  
  38. @Override
  39. public void init(FilterConfig filterConfig) {}
  40.  
  41. @Override
  42. public void destroy() {}
  43.  
  44. }

With every request, you can check the path, or any other piece of information and output a log entry for tracking activity.  For example, if you want to track a login, you could check the path for "j_security_check".  Same for logoff (but different path).  I would spend some time playing around with these filters to achieve what you would like to happen.

 


this works well. Thanks for your report.  Also  i have added event listener to capture few events for /content , /etc , /libs and /home to track few things.