Solution:
AEM has introduced the ability to log permission changes so they can be audited at a later time.
The enhancement allows for the auditing CRUD (Create, Read, Update, Delete) actions on permissions and group assignments of users. More specifically, it will log:
- A new user getting created
- A user being added to a group
- Permission changes of an existing user or group
By default, the entries will be written to the error.log file. To make monitoring easier, it is recommended that they be redirected to a separate log file. More info on how to do this in the paragraph below.
In order to redirect the logging output to a separate log file, you'll need to create a new Apache Sling Logging Loggerconfiguration. We'll use useraudit.log as the name of the separate file in the example below.
- 3. Create the following configuration:
- Log Level: Information
- Log File: logs/useraudit.log
- Message Pattern: leavel default
- Logger: com.adobe.granite.security.user.internal.audit, com.adobe.granite.security.user.internal.servlets.AuthorizableServlet
4. In order to enter both loggers into the Logger field, you need to enter the name of the first, then create another field by pressing the "+" button and entering the name of the second logger. - Sample out of useraudit.log file:
1. 19.05.2017 15:21:34.419 *INFO* [0:0:0:0:0:0:0:1 [1495196494417]POST /home/groups/d/dGf7f7vGrZRLs6HS3AK-.rw.html HTTP/1.1]com.adobe.granite.security.user.internal.audit.AuditAuthorizableAction Group 'group1' was removed2. 19.05.2017 15:21:34.419 *INFO* [0:0:0:0:0:0:0:1 [1495196494417]POST /home/groups/d/dGf7f7vGrZRLs6HS3AK-.rw.html HTTP/1.1]com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Delete Group 'group1' operation initiated by User 'admin' (administrator)
Wow, superb weblog format! How lengthy have you been running a blog
ReplyDeletefor? you made blogging glance easy. The whole look of your website is fantastic, as smartly as the
content material!
Your means of describing the whole thing in this piece of writing is in fact fastidious, all be capable of effortlessly be aware of
ReplyDeleteit, Thanks a lot.
Admiring the persistence you put into your blog and detailed
ReplyDeleteinformation you provide. It's great to come across a blog every once in a while that isn't the same old rehashed material.
Wonderful read! I've bookmarked your site and I'm adding your RSS feeds to my Google account.
Truly when someone doesn't be aware of after that its up to other viewers that they will help, so
ReplyDeletehere it takes place.
I know this if off topic but I'm looking into starting my
ReplyDeleteown blog and was curious what all is needed to get set up?
I'm assuming having a blog like yours would cost a pretty penny?
I'm not very internet savvy so I'm not 100% sure. Any suggestions
or advice would be greatly appreciated. Appreciate it
I'm really impressed with your writing skills as well as with the
ReplyDeletelayout on your blog. Is this a paid theme or did you customize it yourself?
Either way keep up the nice quality writing, it's rare to see a nice blog like this
one nowadays.
Article writing is also a fun, if you be familiar with after that
ReplyDeleteyou can write otherwise it is complex to write.
Good day! Do you know if they make any plugins to safeguard against hackers?
ReplyDeleteI'm kinda paranoid about losing everything I've worked
hard on. Any suggestions?
My spouse and I stumbled over here different web page and thought I might check
ReplyDeletethings out. I like what I see so now i am following you.
Look forward to exploring your web page repeatedly.
I have to voice my passion for your kindness giving support to those people that should have guidance on this important matter.payroll process and management in dubai
ReplyDelete