How to Enable User Access Logging

Still need help?

The Atlassian Community is here for you.

Ask the community

Often, for auditing purposes, administrators need to know who did what on their Confluence site. Notifications are not ideally suited for this purpose. Application servers are able to log the requested URL, but they cannot determine the user that is currently logged-in. This log is not currently formatted to be accessible to web log analysis tools such as AWStats, as it lacks a host and get method. These logs must be viewed manually.

Instead, you can generate a basic log indicating which users are accessing which pages in Confluence. Confluence has a built-in access logging mechanism that shows the user and URL invoked. To enable it, you need to modify a couple of configuration files and restart Confluence.

Configuring the AccessLogFilter

There is a simple AccessLogFilter in Confluence than can be enabled via confluence/WEB-INF/classes/ and confluence/WEB-INF/web.xml.


  • Please do not modify the application-wide web descriptor, $server/conf/web.xml. This will be ineffective and potentially may break Confluence. 
  • Please see the 'Tomcat Valve Component access log' section below for more detailed access logging including IP address, client used, request method, etc...

To enable user access logging:

  1. Uncomment this line in confluence/WEB-INF/classes/
  2. Enable the filter in confluence/WEB-INF/web.xml by removing the comments around these lines (or adding if they are not included):


    Notice that the *.action pattern is added optionally to log the actions of Confluence in addition to the page views, such as user logins by specifying login.action. This combination of URL patterns will work for all URLs. You can further modify the pattern by adjusting the url-pattern field.

    An alternative filter: For troubleshooting purposes, often it is useful to capture all accesses to Confluence. To do this use the following filter mapping in confluence/WEB-INF/web.xmlinstead of the above:

  3. Restart Confluence.

By default, this logging information is stored in the atlassian-confluence.log file in the Confluence Home directory. For larger environments with a high level of activity, we recommend to pipe the logging to a separate file as these entries can cause the application logs to quickly fill up. Please see the Advanced Configuration section, below, for details.

Advanced Configuration

You can choose to redirect the access log to a different file by adding a new RollingFileAppender at the top of

log4j.appender.accesslog.layout.ConversionPattern=%d %p [%t] [%c{4}] %M %m%n

Find this line:

Change it to this:, accesslog

The web.xml url-pattern given above only matches page views (/display/*). You could change the url-pattern, or duplicate the entire filter-mapping to log access for different kinds of access (/admin/* for admin functions, /pages/* for edits and creates, etc. Note that /pages/editpage.action* doesn't work).

What is Logged

The log file will contain the following values separated by spaces:

  • Thread name
  • Username or '-' if no user
  • URL
  • VM free memory at start of request (in KB)
  • Change in free memory after request is finished (in KB)
  • Time taken for request (in ms).
  • Remote address


2008-08-08 10:33:05,359 INFO [atlassian.confluence.util.AccessLogFilter] init AccessLogFilter initialized. Format is: <user> <url> <starting memory free (kb)> +- <difference in free mem (kb)> <query time (ms)> <remote address>
2008-08-08 10:47:27,015 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds 42025-154 15
2008-08-08 10:47:27,187 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Confluence+Overview 41805+982 172
2008-08-08 10:47:36,296 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Breadcrumb+demonstration 42102-6660 156
2008-08-08 11:08:16,875 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/test+firelite 34362-1616 188
2008-08-08 11:47:01,890 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand 59711-148 0
2008-08-08 11:47:02,171 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand/Home 59497-2302 234
2008-08-08 11:47:04,500 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Tasklist 57124+155 1266

The above may be preceded by additional log4j-generated text, depending on the log4j pattern which is configured.

Other Options

Google Analytics

Google Analytics can be easily integrated with Confluence for access tracking.

After signing up, copy the Javascript and paste it into the 'Before end of <body>' section of Administration, Custom HTML. This will put the Javascript on every page generated by Confluence.

This might not work correctly if your users are behind a firewall or authenticated proxy.

For more information on using Google Analytics with Confluence you may wish to refer to this blog post by David Simpson.

Tomcat Valve Component access log 

Refer to Audit Confluence Using the Tomcat Valve Component.  These can provide additional details such as time, username, client used, IP Address, Request method, First line of the request (method and request URI), Bytes sent, excluding HTTP headers, or '-' if zero, and HTTP status code of the response.  These logs will be stored in a different file but can be matched up with the access logs.


  • Path must contain forward slashes '/', not backward slashes.This note is particularaly relevant for Windows Users. When configuring the log4j logging options, each backslash in your path must be written as a forward slash. For example, this path:


    must be written as:

Last modified on Jan 9, 2018

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.