Difference between revisions of "OXAudit"

(Introduction)
(Adapted configuration to logback)
Line 18: Line 18:
 
If there is a need to use a seperate logfile for those audit log entries, please modify the following configuration file:
 
If there is a need to use a seperate logfile for those audit log entries, please modify the following configuration file:
  
  $ vim /opt/open-xchange/etc/groupware/file-logging.properties
+
  $ vim /opt/open-xchange/etc/logback.xml
+
 
# possible log levels are ALL INFO DEBUG
+
  <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_LOG">
.level=WARNING
+
      <file>/var/log/open-xchange/open-xchange-audit.log</file>
+
      <rollingPolicy class="com.openexchange.logback.extensions.FixedWindowRollingPolicy">
handlers=java.util.logging.FileHandler,com.openexchange.audit.logging.AuditFileHandler
+
          <fileNamePattern>/var/log/open-xchange/open-xchange-audit.log.%i</fileNamePattern>
java.util.logging.FileHandler.pattern=/var/log/open-xchange/open-xchange.log
+
          <minIndex>1</minIndex>
java.util.logging.FileHandler.level=ALL
+
          <maxIndex>99</maxIndex>
java.util.logging.FileHandler.limit=2097152
+
      </rollingPolicy>
java.util.logging.FileHandler.count=99
+
      <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
+
          <maxFileSize>2MB</maxFileSize>
java.util.logging.FileHandler.append=true
+
      </triggeringPolicy>
com.openexchange.audit.logging.AuditFileHandler.enabled=true
+
      <encoder class="com.openexchange.logback.extensions.ExtendedPatternLayoutEncoder">
com.openexchange.audit.logging.AuditFileHandler.pattern=/var/log/open-xchange/open-xchange-audit.log
+
          <pattern>%d{"MMM d, yyyy H:m:s a"} %class %method%n%level: %message%lmdc%exception{full}%n</pattern>
com.openexchange.audit.logging.AuditFileHandler.level=ALL
+
  <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSZ"} %-5level [%thread] %class.%method\(%class{0}.java:%line\)%n%message%n%lmdc%exception{full}</pattern>
com.openexchange.audit.logging.AuditFileHandler.limit=2097152
+
      </encoder>
com.openexchange.audit.logging.AuditFileHandler.count=99
+
  </appender>
com.openexchange.audit.logging.AuditFileHandler.formatter=java.util.logging.SimpleFormatter
+
  <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
com.openexchange.audit.logging.AuditFileHandler.append=true
+
      <queueSize>2048</queueSize>
+
      <discardingThreshold>0</discardingThreshold>
sun.rmi.level=WARNING
+
      <includeCallerData>true</includeCallerData>
org.apache.level=WARNING
+
      <appender-ref ref="AUDIT_LOG"/>
com.sun.level=WARNING
+
  </appender>
javax.management.level=WARNING
+
 
 +
  <logger additivity="false" name="com.openexchange.audit">
 +
      <level value="INFO"/> <!-- possible log levels are DEBUG, INFO, WARN, ERROR and ALL -->
 +
      <appender-ref ref="ASYNC_AUDIT"/>
 +
  </logger>
  
 
After you have set the logpath for the audit bundle (/var/log/open-xchange/open-xchange-audit.log in this example) you need to restart the groupware service:
 
After you have set the logpath for the audit bundle (/var/log/open-xchange/open-xchange-audit.log in this example) you need to restart the groupware service:
  
  $ /etc/init.d/open-xchange-groupware restart
+
  $ /etc/init.d/open-xchange restart

Revision as of 09:32, 3 December 2014

Introduction

The Open-Xchange Audit Bundle is an extension of the Open-Xchange Server > 6.12 which will enable your Open-Xchange Server to log actions from users using your Open-Xchange environment. In detail the following actions will be logged to the logfile:

  1. Creation, modification, deletion of an appointment
  2. Creation, modification, deletion of a task
  3. Creation, modification, deletion of a contact
  4. Creation, modification, deletion of an infostore item

Install on OX AppSuite

Debian GNU/Linux 8.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/OX6/stable/DebianJessie/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/DebianJessie/ /

and run

$ apt-get update
$ apt-get install open-xchange-audit

Debian GNU/Linux 9.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/OX6/stable/DebianStretch/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/DebianStretch/ /

and run

$ apt-get update
$ apt-get install open-xchange-audit

SUSE Linux Enterprise Server 12

Add the package repository using zypper if not already present:

$ zypper ar https://software.open-xchange.com/OX6/stable/SLE_12 ox

If you have a valid maintenance subscription, please run the following command and add the ldb account data to the url so that the most recent packages get installed:

$ zypper ar https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/SLES11 ox-updates

and run

$ zypper ref
$ zypper in open-xchange-audit

RedHat Enterprise Linux 6

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/OX6/stable/RHEL6/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/RHEL6/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-audit

RedHat Enterprise Linux 7

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/OX6/stable/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/RHEL7/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-audit

CentOS 6

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/OX6/stable/RHEL6/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/RHEL6/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-audit

CentOS 7

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/OX6/stable/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/OX6/stable/updates/RHEL7/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-audit

Configuration

Per default the audit bundle will use the Open-Xchange groupware logfile to generate log entries. The logfile can be found at:

/var/log/open-xchange/open-xchange.log

If there is a need to use a seperate logfile for those audit log entries, please modify the following configuration file:

$ vim /opt/open-xchange/etc/logback.xml
 <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_LOG">
     <file>/var/log/open-xchange/open-xchange-audit.log</file>
     <rollingPolicy class="com.openexchange.logback.extensions.FixedWindowRollingPolicy">
         <fileNamePattern>/var/log/open-xchange/open-xchange-audit.log.%i</fileNamePattern>
         <minIndex>1</minIndex>
         <maxIndex>99</maxIndex>
     </rollingPolicy>
     <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
         <maxFileSize>2MB</maxFileSize>
     </triggeringPolicy>
     <encoder class="com.openexchange.logback.extensions.ExtendedPatternLayoutEncoder">
         <pattern>%d{"MMM d, yyyy H:m:s a"} %class %method%n%level: %message%lmdc%exception{full}%n</pattern>

<pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSZ"} %-5level [%thread] %class.%method\(%class{0}.java:%line\)%n%message%n%lmdc%exception{full}</pattern>

     </encoder>
 </appender>
 <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
     <queueSize>2048</queueSize>
     <discardingThreshold>0</discardingThreshold>
     <includeCallerData>true</includeCallerData>
     <appender-ref ref="AUDIT_LOG"/>
 </appender>
 <logger additivity="false" name="com.openexchange.audit">
     <level value="INFO"/> 
     <appender-ref ref="ASYNC_AUDIT"/>
 </logger>

After you have set the logpath for the audit bundle (/var/log/open-xchange/open-xchange-audit.log in this example) you need to restart the groupware service:

$ /etc/init.d/open-xchange restart