ownCloud
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. ownCloud
  2. /
  3. Services
  4. /
  5. Audit
Edit page

Audit

Abstract

The audit service logs all events of the system as an audit log. Per default, it will be logged to standard out, but can also be configured to a file output. Supported log formats are json or a minimal human-readable format.

With audit logs, you are able to prove compliance with corporate guidelines as well as to enable reporting and auditing of operations. The audit service takes note of actions conducted by users and administrators.

Example minimal format:

file_delete)
   user 'user_id' trashed file 'item_id'
file_trash_delete)
   user 'user_id' removed file 'item_id' from trashbin

Example json:

{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' trashed file 'item_id'","Action":"file_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}
{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' removed file 'item_id' from trashbin","Action":"file_trash_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}

The audit service is not started automatically when running as single binary started via ocis server or when running as docker container and must be started and stopped manually on demand.

The audit service logs:

  • File system operations
    (create/delete/move; including actions on the trash bin and versioning)
  • User management operations
    (creation/deletion of users)
  • Sharing operations
    (user/group sharing, sharing via link, changing permissions, calls to sharing API from clients)

Table of Contents

Example Yaml Config 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# Autogenerated
# Filename: audit-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9229
  token: ""
  pprof: false
  zpages: false
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
  username: ""
  password: ""
auditlog:
  log_to_console: true
  log_to_file: false
  filepath: ""
  format: json

Environment Variables

Name Type Default Value Description
OCIS_TRACING_ENABLED
AUDIT_TRACING_ENABLED		 bool false Activates tracing.
OCIS_TRACING_TYPE
AUDIT_TRACING_TYPE		 string The type of tracing. Defaults to ‘’, which is the same as ‘jaeger’. Allowed tracing types are ‘jaeger’ and ’’ as of now.
OCIS_TRACING_ENDPOINT
AUDIT_TRACING_ENDPOINT		 string The endpoint of the tracing agent.
OCIS_TRACING_COLLECTOR
AUDIT_TRACING_COLLECTOR		 string The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
OCIS_LOG_LEVEL
AUDIT_LOG_LEVEL		 string The log level. Valid values are: ‘panic’, ‘fatal’, ’error’, ‘warn’, ‘info’, ‘debug’, ’trace’.
OCIS_LOG_PRETTY
AUDIT_LOG_PRETTY		 bool false Activates pretty log output.
OCIS_LOG_COLOR
AUDIT_LOG_COLOR		 bool false Activates colorized log output.
OCIS_LOG_FILE
AUDIT_LOG_FILE		 string The path to the log file. Activates logging to this file if set.
AUDIT_DEBUG_ADDR string 127.0.0.1:9229 Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
AUDIT_DEBUG_TOKEN string Token to secure the metrics endpoint.
AUDIT_DEBUG_PPROF bool false Enables pprof, which can be used for profiling.
AUDIT_DEBUG_ZPAGES bool false Enables zpages, which can be used for collecting and viewing in-memory traces.
OCIS_EVENTS_ENDPOINT
AUDIT_EVENTS_ENDPOINT		 string 127.0.0.1:9233 The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
OCIS_EVENTS_CLUSTER
AUDIT_EVENTS_CLUSTER		 string ocis-cluster The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
OCIS_INSECURE
AUDIT_EVENTS_TLS_INSECURE		 bool false Whether to verify the server TLS certificates.
OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE
AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE		 string The root CA certificate used to validate the server’s TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.
OCIS_EVENTS_ENABLE_TLS
AUDIT_EVENTS_ENABLE_TLS		 bool false Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_EVENTS_AUTH_USERNAME
AUDIT_EVENTS_AUTH_USERNAME		 string The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_EVENTS_AUTH_PASSWORD
AUDIT_EVENTS_AUTH_PASSWORD		 string The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
AUDIT_LOG_TO_CONSOLE bool true Logs to stdout if set to ’true’. Independent of the LOG_TO_FILE option.
AUDIT_LOG_TO_FILE bool false Logs to file if set to ’true’. Independent of the LOG_TO_CONSOLE option.
AUDIT_FILEPATH string Filepath of the logfile. Mandatory if LOG_TO_FILE is set to ’true’.
AUDIT_FORMAT string json Log format. Supported values are ’’ (empty) and ‘json’. Using ‘json’ is advised, ’’ (empty) renders the ‘minimal’ format. See the text description for more details.