wso2 products - log user actions done in Carbon console

Question

We have some security requirements from customer, so we need to configure/develop detailed audit logging which will log user actions done in Carbon Management console - i.e. datasource modification, service modification in WSO2 ESB. Is there any way do this using included log4j? We are using WSO2 Enterprise Service Bus 4.8.1 and WSO2 Application Server 5.2.1

Answer 1

WSO2 products has an audit log which can be found in the repository/logs folder. But the problem is, this audit log has very little audit information. Reason is as follows.

• WSO2 products are built using a collection of reusable osgi componentns. For example, for data sources related operations we have one component and for proxy related operations we have another.
• Now, the problem here is, these individual components has not put enough audit logs to cover the user operations. Therefore, your requirement seems to be difficult to achieve.

There are some extension points in WSO2 products where you can use to do your own tasks upon certain actions such as user login, user creation. For example, you can implement a certain interface and print whatever log you want upon a successful user login or a failed login attempt. But, those extension points are limited mostly to user management related operations.

Answer 2

All the HTTP communication done with the server is already logged in HTTP access logs in CARBON_HOME/repository/logs. You can use a log analyzer tool or even grep to capture any desired user action. Ex: To get the log ins to datasources page use

cat http_access_2016-06-02.log | grep "GET /carbon/ndatasource/index.jsp"