How to Enable User Access Logging

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

From Confluence 7.11, access logging (using Apache Tomcat access log valve) is enabled by default and will be considered the standard method of capturing access logs. The information on this page is kept as a reference primarily for older versions of Confluence.


Often, for auditing purposes, administrators need to know who did what on their Confluence site. Notifications are not ideally suited for this purpose. Application servers are able to log the requested URL, but they cannot determine the user that is currently logged-in. This log is not currently formatted to be accessible to web log analysis tools such as AWStats, as it lacks a host and get method. These logs must be viewed manually.

Instead, you can generate a basic log indicating which users are accessing which pages in Confluence. Confluence has a built-in access logging mechanism that shows the user and URL invoked. To enable it, you need to modify a couple of configuration files and restart Confluence.

Configuring the AccessLogFilter

There is a simple AccessLogFilter in Confluence that can be enabled via confluence/WEB-INF/classes/log4j.properties and confluence/WEB-INF/web.xml.

Notes:

  • Please do not modify the application-wide web descriptor, $server/conf/web.xml. This will be ineffective and potentially may break Confluence. 
  • Please see the 'Tomcat Valve Component access log' section below for more detailed access logging including IP address, client used, request method, etc...

To enable user access logging:

  1. Uncomment this line in confluence/WEB-INF/classes/log4j.properties:

    log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO
    
  2. Enable the filter in confluence/WEB-INF/web.xml by removing the comments around these lines (or adding if they are not included):

    <filter-mapping>
        <filter-name>AccessLogFilter</filter-name>
        <url-pattern>/display/*</url-pattern>
    </filter-mapping>
    
    <filter-mapping>
        <filter-name>AccessLogFilter</filter-name>
        <url-pattern>*.action</url-pattern>
    </filter-mapping>

    Notice that the *.action pattern is added optionally to log the actions of Confluence in addition to the page views, such as user logins by specifying login.action. This combination of URL patterns will work for all URLs. You can further modify the pattern by adjusting the url-pattern field.

    An alternative filter: For troubleshooting purposes, often it is useful to capture all accesses to Confluence. To do this use the following filter mapping in confluence/WEB-INF/web.xmlinstead of the above:

    <filter-mapping>
       <filter-name>AccessLogFilter</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>
    
  3. Restart Confluence.

By default, this logging information is stored in the atlassian-confluence.log file in the Confluence Home directory. For larger environments with a high level of activity, we recommend to pipe the logging to a separate file as these entries can cause the application logs to quickly fill up. Please see the Advanced Configuration section, below, for details.

Advanced Configuration

You can choose to redirect the access log to a different file by adding a new RollingFileAppender at the top of log4j.properties:

log4j.appender.accesslog=org.apache.log4j.RollingFileAppender
log4j.appender.accesslog.Threshold=DEBUG
log4j.appender.accesslog.File=${catalina.home}/logs/atlassian-confluence-access.log
log4j.appender.accesslog.MaxFileSize=20480KB
log4j.appender.accesslog.MaxBackupIndex=5
log4j.appender.accesslog.layout=com.atlassian.confluence.util.PatternLayoutWithStackTrace
log4j.appender.accesslog.layout.ConversionPattern=%d %p [%t] [%c{4}] %M %m%n

Find this line:

#log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO

Change it to this:

log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO, accesslog
log4j.additivity.com.atlassian.confluence.util.AccessLogFilter=false

The web.xml url-pattern given above only matches page views (/display/*). You could change the url-pattern, or duplicate the entire filter-mapping to log access for different kinds of access (/admin/* for admin functions, /pages/* for edits and creates, etc. Note that /pages/editpage.action* doesn't work).

What is Logged

The log file will contain the following values separated by spaces:

  • Thread name
  • Username or '-' if no user
  • URL
  • VM free memory at start of request (in KB)
  • Change in free memory after request is finished (in KB)
  • Time taken for request (in ms).
  • Remote address

Example:

2008-08-08 10:33:05,359 INFO [atlassian.confluence.util.AccessLogFilter] init AccessLogFilter initialized. Format is: <user> <url> <starting memory free (kb)> +- <difference in free mem (kb)> <query time (ms)> <remote address>
2008-08-08 10:47:27,015 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds 42025-154 15 127.0.0.1
2008-08-08 10:47:27,187 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Confluence+Overview 41805+982 172 127.0.0.1
2008-08-08 10:47:36,296 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Breadcrumb+demonstration 42102-6660 156 127.0.0.1
2008-08-08 11:08:16,875 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/test+firelite 34362-1616 188 127.0.0.1
2008-08-08 11:47:01,890 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand 59711-148 0 127.0.0.1
2008-08-08 11:47:02,171 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/sand/Home 59497-2302 234 127.0.0.1
2008-08-08 11:47:04,500 INFO [atlassian.confluence.util.AccessLogFilter] doFilter admin http://localhost:8080/display/ds/Tasklist 57124+155 1266 127.0.0.1

The above may be preceded by additional log4j-generated text, depending on the log4j pattern which is configured.

Other access log options

Google Analytics

Google Analytics can be easily integrated with Confluence for access tracking.

After signing up, copy the Javascript and paste it into the 'Before end of <body>' section of Administration, Custom HTML. This will put the Javascript on every page generated by Confluence.

This might not work correctly if your users are behind a firewall or authenticated proxy.

For more information on using Google Analytics with Confluence you may wish to refer to this blog post by David Simpson.

Tomcat Access Logs

A robust option is also offered by the Tomcat web server, please see Configure access logs for more information.

Notes

  • Path must contain forward slashes '/', not backward slashes.This note is particularly relevant for Windows Users. When configuring the log4j logging options, each backslash in your path must be written as a forward slash. For example, this path:

    c:\confluence\data
    

    must be written as:

    c:/confluence/data
    
Last modified on Apr 12, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.