审计 Alfresco Authority Deletion:没有记录任何事件
Audit Alfresco Authority Deletion: no event is recorded
我的目标是审核 Alfresco 中权限的删除。启用审核日志记录(生成 lot 日志条目)时,删除组会导致这些日志条目(缩写):
/alfresco-api/pre/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-node/beforeDeleteNode/node=workspace://SpacesStore/a4f5e9bb-6584-4997-a550-6080d0dce177
/alfresco-api/post/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-api/post/AuthorityService/deleteAuthority/no-error=null
如果我对文档的理解正确,像这样的审计 XML 文件应该记录第一个事件:
<?xml version='1.0' encoding='UTF-8'?>
<Audit
xmlns="http://www.alfresco.org/repo/audit/model/3.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
>
<DataExtractors>
<DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
</DataExtractors>
<DataGenerators>
<DataGenerator name="currentUser" class="org.alfresco.repo.audit.generator.AuthenticatedUserDataGenerator"/>
<DataGenerator name="personFullName" class="org.alfresco.repo.audit.generator.AuthenticatedPersonDataGenerator"/>
</DataGenerators>
<PathMappings>
<PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
</PathMappings>
<Application name="DeleteAuthority" key="deleteAuthority">
<AuditPath key="deleteAuthority">
<RecordValue key="name" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name"/>
</AuditPath>
</Application>
</Audit>
请注意,在 PathMap 的 source 中,我使用了第一个日志条目中显示的路径 /alfresco-api/pre/AuthorityService/deleteAuthority。这对我来说看起来是正确的,尽管我不太确定 Application 元素应该是什么样子。
将其放入 XML 文件 tomcat/shared/classes/alfresco/extension/audit/alfresco-audit-deleteAuthority-extractors.xml 会正确注册应用程序:
$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/control
{
"enabled" : true,
"applications":
[
{
"name": "Alfresco Tagging Service",
"path" : "/tagging",
"enabled" : true
}
,
{
"name": "DeleteAuthority",
"path" : "/deleteAuthority",
"enabled" : true
}
,
{
"name": "alfresco-access",
"path" : "/alfresco-access",
"enabled" : true
}
]
}
但是我现在删除群的时候,什么都没有记录。查询应用程序 returns 一个空结果:
$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/query/DeleteAuthority
{
"count":0,
"entries":
[
]
}
问题:我上面的审计应用配置是否正确?我将如何更改它以生成用于删除权限的审计条目?
您的路径映射部分是正确的,但您的应用程序定义设置不正确,无法跟踪正确的路径。
您可能应该尝试类似的方法:
<?xml version='1.0' encoding='UTF-8'?>
<Audit
xmlns="http://www.alfresco.org/repo/audit/model/3.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
>
<DataExtractors>
<DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
</DataExtractors>
<DataGenerators>
<DataGenerator name="currentUser" registeredName="auditModel.generator.user"/>
</DataGenerators>
<PathMappings>
<PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
</PathMappings>
<Application name="DeleteAuthority" key="deleteAuthority">
<AuditPath key="deleteAuthority">
<RecordValue key="authority" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name" dataTrigger="/deleteAuthority/args/name"/>
<GenerateValue key="deletingUser" dataGenerator="currentUser"/>
</AuditPath>
</Application>
</Audit>
我的目标是审核 Alfresco 中权限的删除。启用审核日志记录(生成 lot 日志条目)时,删除组会导致这些日志条目(缩写):
/alfresco-api/pre/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-node/beforeDeleteNode/node=workspace://SpacesStore/a4f5e9bb-6584-4997-a550-6080d0dce177
/alfresco-api/post/AuthorityService/deleteAuthority/args/name=GROUP_test_group_for_audit
/alfresco-api/post/AuthorityService/deleteAuthority/no-error=null
如果我对文档的理解正确,像这样的审计 XML 文件应该记录第一个事件:
<?xml version='1.0' encoding='UTF-8'?>
<Audit
xmlns="http://www.alfresco.org/repo/audit/model/3.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
>
<DataExtractors>
<DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
</DataExtractors>
<DataGenerators>
<DataGenerator name="currentUser" class="org.alfresco.repo.audit.generator.AuthenticatedUserDataGenerator"/>
<DataGenerator name="personFullName" class="org.alfresco.repo.audit.generator.AuthenticatedPersonDataGenerator"/>
</DataGenerators>
<PathMappings>
<PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
</PathMappings>
<Application name="DeleteAuthority" key="deleteAuthority">
<AuditPath key="deleteAuthority">
<RecordValue key="name" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name"/>
</AuditPath>
</Application>
</Audit>
请注意,在 PathMap 的 source 中,我使用了第一个日志条目中显示的路径 /alfresco-api/pre/AuthorityService/deleteAuthority。这对我来说看起来是正确的,尽管我不太确定 Application 元素应该是什么样子。
将其放入 XML 文件 tomcat/shared/classes/alfresco/extension/audit/alfresco-audit-deleteAuthority-extractors.xml 会正确注册应用程序:
$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/control
{
"enabled" : true,
"applications":
[
{
"name": "Alfresco Tagging Service",
"path" : "/tagging",
"enabled" : true
}
,
{
"name": "DeleteAuthority",
"path" : "/deleteAuthority",
"enabled" : true
}
,
{
"name": "alfresco-access",
"path" : "/alfresco-access",
"enabled" : true
}
]
}
但是我现在删除群的时候,什么都没有记录。查询应用程序 returns 一个空结果:
$ curl -u 'admin:secret' http://alfresco:8080/alfresco/service/api/audit/query/DeleteAuthority
{
"count":0,
"entries":
[
]
}
问题:我上面的审计应用配置是否正确?我将如何更改它以生成用于删除权限的审计条目?
您的路径映射部分是正确的,但您的应用程序定义设置不正确,无法跟踪正确的路径。 您可能应该尝试类似的方法:
<?xml version='1.0' encoding='UTF-8'?>
<Audit
xmlns="http://www.alfresco.org/repo/audit/model/3.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.alfresco.org/repo/audit/model/3.2 alfresco-audit-3.2.xsd"
>
<DataExtractors>
<DataExtractor name="simpleValue" registeredName="auditModel.extractor.simpleValue"/>
</DataExtractors>
<DataGenerators>
<DataGenerator name="currentUser" registeredName="auditModel.generator.user"/>
</DataGenerators>
<PathMappings>
<PathMap source="/alfresco-api/pre/AuthorityService/deleteAuthority" target="/deleteAuthority"/>
</PathMappings>
<Application name="DeleteAuthority" key="deleteAuthority">
<AuditPath key="deleteAuthority">
<RecordValue key="authority" dataExtractor="simpleValue" dataSource="/deleteAuthority/args/name" dataTrigger="/deleteAuthority/args/name"/>
<GenerateValue key="deletingUser" dataGenerator="currentUser"/>
</AuditPath>
</Application>
</Audit>