Searching and Exporting Audit Events

The audit application comes with simple and advanced searching capabilities. To use the simple search, you can enter a search term and click the magnifying glass icon. To use advanced search,

  1. Click the downward arrow next to the search icon.

  2. Enter data for the search fields.

    FieldDescription
    MatchSearch for matches to all the fields you’ve specified or any single field.
    User IDThe user ID to search for. This is usually the user who performed some action you want to audit.
    Group ID Liferay DXP 7.4 U81+/GA81+The group ID that shows the site context of the audit event where available.
    User NameThe user name to search for. This is often easier than searching for a user ID, especially if you don’t have access to the database containing the user ID.
    Resource IDThe ID of the resource that was modified or viewed in this audit record.
    Class NameThe name of the resource modified or viewed in this audit record. For example, you could search for user resources to see if someone modified a user’s account.
    Resource ActionOne of these actions performed on the resource: add, assign, delete, impersonate, login, login_failure, logout, unassign, or update.
    Session IDThe session ID to search for. You can use this to correlate a session ID from your web server logs with activity in Liferay DXP.
    Client IPThe IP address of the client that performed the activity you wish to audit.
    Client HostThe host name of the client that performed the activity you wish to audit.
    Server NameThe name of the server in which the activity occurred. If you’re using a cluster, each member of the cluster can be individually queried.
    Server PortThe server port in which the activity occurred. You need this if you run a vertical cluster of multiple VMs on the same machine.
    Start DateThe low end of the date range you wish to search for.
    End DateThe high end of the date range you wish to search.
  3. Click on the magnifying glass icon.

Viewing Audit Events

After finding a specific audit event, you can click on it to get more information. Each event highlights the following fields:

  • Event ID
  • Create Date
  • Group ID
  • Resource ID
  • Resource Name
  • Resource Action
  • User ID
  • User Name
  • Client Host
  • Client IP
  • Server Name
  • Additional Information

Additional Information highlights the data associated with the entity during a resource action. For instance, users are active by default at the time of creation. Given below is the additional information of the audit event when you deactivate a user.

{"attributes":[{"newValue":"false","name":"active","oldValue":"true"}]}

The name field shows the attribute that changed. The oldValue field shows the value of the field before the update, and the newValue field shows the value of the field after the update.

Exporting Audit Events

Liferay DXP 7.4 U81+/GA81+

To analyze audit events in a third-party system, Liferay supports exporting audit events to CSV. To do this, open the Global Menu and navigate to Control PanelAudit. Click on the Actions (Actions) icon at the top of the page and select Export Audit Events.

This exports all the audit events from your Liferay instance. If you want to export a subset, you can use the simple search or advanced search to get a set of results, and then use the export function. For instance, if you want to view only the LOGIN events for a particular user,

  1. Enter login in the search bar and click on the magnifying glass icon.

  2. Click on the Actions (Actions) icon at the top of the page.

    Exporting audit events for user log in to CSV.

  3. Select Export Audit Events.

The CSV file contains all the information associated to login events audited by Liferay.

You can edit the columns exported to the CSV file by changing the CSV Logging Message Formatter configuration. See CSV Logging Message Formatter for more information.

warning

The CSV export contains user supplied inputs. Be cautious while opening it in a spreadsheet program.

important

The export to CSV feature is currently behind a release feature flag. To use it, add this feature.flag.LPS-177194=true to portal-ext.properties or LIFERAY_FEATURE_PERIOD_FLAG_PERIOD__UPPERCASEL__UPPERCASEP__UPPERCASES__MINUS__NUMBER1__NUMBER7__NUMBER7__NUMBER1__NUMBER9__NUMBER4_=true as an environment variable to your configuration.

Capabilities

Product

Contact Us

Connect

Powered by Liferay
© 2024 Liferay Inc. All Rights Reserved • Privacy Policy