Search the Confluence 4.1.x Documentation:

Index
Downloads (PDF, HTML & XML formats)
Other versions

This documentation relates to Confluence 4.1.x
If you are using an earlier version, please view the previous versions of the Confluence documentation and select the relevant version.
Skip to end of metadata
Comment: removed the backslashes used to escape the braces and square brackets in the code
Go to start of metadata

Often, for auditing purposes, administrators need to know who did what on their Confluence site. Notifications are not ideally suited for this purpose. Application servers are able to log the requested URL, but they cannot determine the currently logged in user. This log is not currently formatted to be accessible to web log analysis tools such as AwStats as it lacks a host and get method, so must be viewed manually.

Instead, you can generate a basic log indicating which users are accessing which pages in Confluence. Confluence has a built-in access logging mechanism that shows the user and URL invoked. To enable it, you need to modify a couple of configuration files and restart Confluence.

Configuring the AccessLogFilter

There is a simple AccessLogFilter in Confluence than can be enabled via confluence/WEB-INF/classes/log4j.properties and confluence/WEB-INF/web.xml.

Note: Please do not modify the application-wide web descriptor, $server/conf/web.xml. This will be ineffective and potentially may break Confluence.

To enable user access logging:

  1. Uncomment these line in confluence/WEB-INF/classes/log4j.properties:

  2. Enable the filter in confluence/WEB-INF/web.xmlby removing the comments around these lines:

    Notice that the *.action pattern is added optionally to log the actions of Confluence in addition to the page views, such as user logins by specifying login.action. This combination of URL patterns will work for all URLs. You can further modify the pattern by adjusting the url-pattern field.

    An alternative filter: For troubleshooting purposes, often it is useful to capture all accesses to Confluence. To do this use the following filter mapping in confluence/WEB-INF/web.xmlinstead of the above:

  3. Restart Confluence.

Logging information being stored in the atlassian-confluence.log file in the Confluence Home directory.

Advanced configuration

You can choose to redirect the access log to a different file by adding a new RollingFileAppender at the top of log4j.properties:

Find this line:

Change it to this:

The web.xml url-pattern given above only matches page views (/display/*). You could change the url-pattern, or duplicate the entire filter-mapping to log access for different kinds of access (/admin/* for admin functions, /pages/* for edits and creates, etc. Note that /pages/editpage.action* doesn't work).

What is Logged

The log file will contain the following values separated by spaces:

  • Username or '-' if no user
  • URL
  • VM free memory at start of request (in KB)
  • Change in free memory after request is finished (in KB)
  • Time taken for request (in ms).
  • Remote address
  • Thread name

Example:

2008-08-08 10:33:05,359 INFO [atlassian.confluence.util.AccessLogFilter] init AccessLogFilter initialized. Format is: <user> <url> <starting memory free (kb)> +- <difference in free mem (kb)> <query time (ms)> <remote address>
2008-08-08 10:47:27,015 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds 42025-154 15 127.0.0.1
2008-08-08 10:47:27,187 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Confluence+Overview 41805+982 172 127.0.0.1
2008-08-08 10:47:36,296 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Breadcrumb+demonstration 42102-6660 156 127.0.0.1
2008-08-08 11:08:16,875 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/test+firelite 34362-1616 188 127.0.0.1
2008-08-08 11:47:01,890 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand 59711-148 0 127.0.0.1
2008-08-08 11:47:02,171 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand/Home 59497-2302 234 127.0.0.1
2008-08-08 11:47:04,500 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Tasklist 57124+155 1266 127.0.0.1

The above may be preceded by additional log4j-generated text, depending on the log4j pattern which is configured.

Other Options

Google Analytics

Google Analytics can be easily integrated with Confluence for access tracking.

After signing up, copy the Javascript and paste it into the 'Before end of <body>' section of Administration, Custom HTML. This will put the Javascript on every page generated by Confluence.

This might not work correctly if your users are behind a firewall or authenticated proxy.

For more information on using Google Analytics with Confluence you may wish to refer to this blog post by David Simpson.

Tomcat Valve Component access log

Refer to How to Audit Confluence Using Tomcat Valve Component.

Notes

  • Path must contain forward slashes '/', not backward slashes.This note is particularaly relevant for Windows Users. When configuring the log4j logging options, each backslash in your path must be written as a forward slash. For example, this path:

    must be written as:

RELATED TOPICS

Working with Confluence Logs
How to Audit Confluence Using Tomcat Valve Component

31 Comments

Hide/Show Comments

  1. Sep 28, 2006

    Mark Chung

    I'd like the AccessLogFilter to log the remote host, so I can filter out requests from our organization.

    -Mark

    1. Feb 06, 2007

      Ivan Benko

      According to the apache mailing list
      you may be able to add a remote Log4J host via :

  2. Feb 05, 2007

    Garnet R. Chaney

    For doeditpage.action, I'd like to know what space and page ID (or better page name) they were editing.

    1. Feb 14, 2007

      Matt Ryall (Atlassian)

      The src/java/com/atlassian/confluence/util/AccessLogFilter.java file included in the Confluence source release is very simple. You should easily be able to update and recompile it to include request parameters in the logging if you want to.

      1. Jun 30, 2008

        Erich Buri

        Hi,

        I found the class you mentioned. But I don't see how I could access the pageId from there. Do I have to figure it out from the URL?

        Or is there a magic-line similar to this?

         I looked into the Session but I don't find any information about the pageId in there.

  3. Mar 08, 2007

    Tim Colson

    According to the tomcat docs, if the app placed the userid into a session attribute, then it could be recorded with an AccessLogValve from Tomcat via server.xml:

    http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
    %{xxx}r xxx is an attribute in the ServletRequest
    %{xxx}s xxx is an attribute in the HttpSession

    <Valve className="org.apache.catalina.valves.AccessLogValve"
    directory="/apps/atlassian/logs" prefix="" suffix=".tomcat2_access.log"
    pattern="%t %a %Ts %{userid}r %B %U%q"
    fileDateFormat="yyyy-MM-dd"
    resolveHosts="false"/>

    How difficult it would be to modify Confluence/Jira to place the authenticated userid into a session attribute?

    Cheers,
    Tim

    1. Mar 08, 2007

      Samuel Le Berrigaud [Atlassian]

      Hi Timo,

      the authenticated user is already in the session, so you can use %{seraph_defaultauthenticator_user}s to access it.

      It will generate a toString() of the user that will look something like:

      user: [admin]
email: [admin@example.org]
fullName: [admin]

      SaM.

  4. Oct 14, 2008

    Anonymous

    I need information only about the user logins (user, time when logged in). How can I do that?

  5. Dec 17, 2008

    Anonymous

    But here you can not track the attachements access. Any method that can help in tracking attachments download?

    1. Dec 17, 2008

      Azwandi Mohd Aris [Atlassian]

      The URL pattern to an attachment looks like http://path-to-confluence/download/attachments/3735579/myattachment.txt. Hence, you can specify url-pattern "/download/attachments/*" in the filter mapping. Hope that helps.

      1. Jan 27, 2011

        Anonymous

        Though if you need to track images then you'll need to enhance the AccessLogFilter class as it excludes images

  6. Jul 22, 2009

    Sinan O. Karasulu [Apache Directory]

    Hi New to Confluence.

    I just got my log events to go to a database for analysis. i know that the message in the logs is 

    1. Username or '-' if no user
    2. URL
    3. VM free memory at start of request (in KB)
    4. Change in free memory after request is finished (in KB)
    5. Time taken for request (in ms).
    6. Remote address

    But how can we customize that message so that other information like pagetitle, pageid,spcaekey etc.. get included. May I ask what needs to be done. How would this information get recorded into the message. I saw AccessLogFilter.java which appends all this information. Would I have to create my own filter?

  7. Aug 04, 2009

    Anonymous

    The URLs that are logged do not include any parameters (e.g. anything post "?" in the URL).  Anyone have insight on this?

    1. Nov 29, 2011

      David Corley

      We're looking for this ability also. Certain plugins expose their most useful information in the parameters passed after "?".

      Also, it would be great if there was a was to distinguish between GET and POST requests in the log.

      Anyone know of a way to do this?

  8. Aug 11, 2009

    Eric Levin

    Has anyone been able to get access logs to go to a remote SYSLOG server?  If so, would you mind sharing your log4j.properties file?

    1. Aug 27, 2009

      Anonymous

      Sending out logs via Syslog is exactly what we are looking for, yes please!

      1. Oct 18, 2011

        Anonymous

        # Comment the above line and uncomment the following 2 if you want to log to a specific location
        log4j.appender.confluencelog=org.apache.log4j.net.SyslogAppender
        log4j.appender.confluencelog.syslogHost=<SYSLOG DNS NAME>
        log4j.appender.confluencelog.layout=user
        #log4j.appender.confluencelog.File=${catalina.home}/logs/atlassian-confluence.log
        log4j.appender.confluencelog.Threshold=DEBUG
        log4j.appender.confluencelog.layout=com.atlassian.confluence.util.PatternLayoutWithContext
        log4j.appender.confluencelog.layout.ConversionPattern=%d %p [%t] [%c{4}] %M %m%n

  9. Aug 28, 2009

    Anonymous

    I've basically implemented filters (created my own package of filters) for the various mapping and for each action (i.e createpage, editpage, viewpage) create a log . so our college wants to know which pages get edit vs. view etc...

    That's probably the best way. I've heard people just adding additional stuff to AccessLogFilter.java. Not a good idea .

    1. Aug 28, 2009

      Andy Brook

      Care to share? I'm going to need to do something like this in the future also...

      1. Jun 17, 2011

        Anonymous

        We would also like to have this very much.

        Any chance to get in contact?

  10. Feb 05, 2010

    Jesper Højgaard Pedersen

    Hi,

    Is there a way to make a <url-filter> that excludes a certain URL?

    Basically, I'd like to log *.action EXCEPT for this one 'https://confluence-test/plugins/pagetree/naturalchildren.action' since it clogs up the log rather much.

    Any ideas?

    1. Mar 08, 2010

      Anonymous

      Would like to know this too.

  11. Feb 24, 2010

    Anonymous

    Hi,

    I have modified the AccessLogFilter .java to Log User info. However My requirement is to include following information in the log file:

    Space Name,Space Key,Page Title,Creator Name,Last Modifier Name

    Is there anyway by which it can be achieved?

    Thanks In advance for help.

    Regards,

    Karan

  12. Apr 09, 2010

    Jason Kabel

    I think step 2 has a mistake:

    At least on websphere, you can't do this:

    This works:

    I think you can't have two

    entries in a single filter-mapping

    1. Dec 31, 2010

      Jeff Parsons

      Found the same issue with Tomcat 5.5... had to split this out into two stanzas. Would help others to update the page me thinks...

  13. May 10, 2010

    Mauricio Salles

    Hi!

    I'd like to find a feature/plugin/extension that lists the viewers users of a given page.

    I've look at this page , but didn't find any.

    Does anybody know how to deploy this into Confluence?

    Thank you!

    1. May 12, 2010

      Anonymous

      that is just what i was looking for... any luck?

  14. Mar 21, 2011

    François Nonnenmacher

    Is there a way to get the real remote IP address when Confluence is served behind a reverse-proxy (Apache)? With this configuration, all you get is 127.0.0.1 (i.e. the proxy on localhost) for all requests.

  15. Apr 01, 2011

    Royce Wong

    Wondering how\if this enabling user access logging method works in Confluence cluster? Will you end up with multiple logs files and you have to merge them somehow and feed the final access log file to say awstats? Thanks.

  16. Jun 23, 2011

    Kristyn Souder

    For anyone who makes the silly mistake that I did:

    If you choose to have the access log go to a separate file, using the instructions specified above, your log file will actually be in the logs folder in the Confluence installation directory, NOT in the logs folder in the Confluence home directory. I assumed the log wasn't being created at first because I could not find it in the home directory log folder. Oops!

  17. Oct 24, 2011

    Anonymous

    I hope you all doing good.

    Is there any possibility of separating the log files based on the URL pattern. for example if the URL pattern is /example/action.do then log should be written in the example.log others should written in the app.log

    Please suggest me on this.