Audit Logs in WSO2 App Manager

WSO2 App Manager provides Audit log support from the version 1.2.0. Audit logs provide you the information regarding the various user actions performed  against the server. In WSO2 App Manager 1.2.0, audit logs are provided for following user actions.

App Publisher related audit logs

• Login to app publisher
• Creating a webapp
• Updating a webapp
• Changing the lifecycle state of a webapp
• Deleting a webapp
• Creating a new version of a webapp
• Documentation create
• Logout from App publisher

App Store related audit logs

• Login to app store 
• Subscribing to a webapp
• Unsubscribing to a webapp
• Adding a webapp into Favourite app list
• removing a webapp from Favourite app list
• Rating/Commenting on webapp

By default, audit logs  are not enabled  in App Manager. Please follow the steps given below to enable audit logs.

1. Download WSO2 App Manager 1.2.0
2. Extract the product into a folder. I will refer this folder as <APPM_HOME>
3. Open <APPM_HOME>/repository/conf/log4j.properties file and append following audit log configurations into file.

# Configure audit log for auditing purposes
log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE
log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender
log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
log4j.appender.AUDIT_LOGFILE.Append=true
log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n
log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.AUDIT_LOGFILE.threshold=INFO
log4j.additivity.AUDIT_LOG=false

After completing above steps, restart the server. Then you will find the audit.log file created in  <APPM_HOME>/repository/logs/ folder. Once you have performed any of the user actions mentioned, relevant logs will be generated and persisted in audit.log file.

For example, user signup, app create, update and delete actions will contain similar audit logs as follows.

[2016-06-22 09:47:24,242]  INFO -  Initiator : admin@carbon.super | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "6003337f-ec87-4bbb-8ada-32a89ba1c99a","AuthenticatedUser" : "admin@carbon.super","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "publisher","RequestType" : "samlsso","RelyingParty" : "publisher","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNDY2NTY5MDQ0MjI4MzAwMCwiaWF0IjoxNDY2NTY5MDQ0MjI4LCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19." } | Result : Success
[2016-06-22 09:47:24,619]  INFO -  "Time" : "2016-06-22 09:47:24 +0530 ", "Action" : "User SignedIn ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "", "SubjectID" : ""
[2016-06-22 09:47:30,061]  INFO -  "Time" : "2016-06-22 09:47:30 +0530 ", "Action" : "NewPolicyCreated ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "", "SubjectID" : ""
[2016-06-22 09:48:00,371]  INFO -  "Time" : "2016-06-22 09:48:00 +0530 ", "Action" : "NewAssetAdded ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "webapp", "SubjectID" : "{providerName='admin', apiName='travelApp', version='v1'}"
[2016-06-22 09:48:00,580]  INFO -  Initiator : admin | Action : create | Target : 0 | Data : { travelApp-v1 } | Result : Success
[2016-06-22 09:48:00,689]  INFO -  Initiator : admin | Action : update | Target : 21 | Data : { travelApp-v1 } | Result : Success
[2016-06-22 09:49:37,522]  INFO -  "Time" : "2016-06-22 09:49:37 +0530 ", "Action" : "AssetUpdated ","TenantID" : "-1234","UserName" : "admin ", "Subject" : "webapp", "SubjectID" : "{providerName='admin', apiName='travelApp', version='v1'}"
[2016-06-22 09:50:03,527]  INFO -  "Time" : "2016-06-22 09:50:03 +0530 ", "Action" : "AssetDeleted ","TenantID" : "-1234","UserName" : "admin@carbon.super ", "Subject" : "webapp", "SubjectID" : "{providerName='admin', apiName='travelApp', version='v1'}"