[CONFSERVER-51905] Add Filtering for Audit Log Entries

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: None
Labels:
None

UIS:
1
Support reference count:
6
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

Problem Definition

Currently in the Confluence Audit Log, there is no way to filter which items appear in the logs. Since we added User Management changes to the Audit Log in ~~CONF-6960~~, a filtering option should be made available.

Why this is important

The inability to filter actions in the audit log can have some negative impacts. For example, administrators will sync over their external user directories from LDAP or Crowd and the sync results in thousands of entries in the Audit Log, sometimes even millions of entries.

This makes it difficult to see unique actions logged in the audit because the logs are flooded with entries from the sync.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

audit_log_filter.png
136 kB
19/Mar/2017 5:10 PM

relates to

CONFCLOUD-51905 Add Filtering for Audit Log Entries

Gathering Interest

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

Renan Battaglin added a comment - 29/Aug/2019 4:28 AM

Hi all,

Thank you so much for your votes and comments on this suggestion.

We are beginning greater research on the topic of advanced auditing and would love to hear from you.

We intend to better understand:

What information you need to log and keep about your Atlassian applications and environments

What are the questions you need to answer, or specific insights your are looking for when auditing logs

Responses can be in regard to information that needs to be tracked for internal policies (i.e. security) or compliance standards (i.e. SOC2 or SOX)

What’s involved in the research:

Sessions are 1 hour and conducted over video-conference, so you can participate from anywhere around the globe.

After scheduling, you'll receive a calendar invite with a video-conference link.

During the research, we'll start with a general chat to get to know you and your company, then try to understand better your auditing needs and even explore some prototypes.

As a token of our appreciation, you'll receive an e-gift card worth $100 USD within 5 days of completing your session.

If you're interested in taking part, please send me an email at rbattaglin@atlassian.com and I'll get in touch. We can't guarantee that all interested parties will be selected but we appreciate your interest in helping us to make auditing in our products satisfy more advanced use cases.

We look forward to meeting you!

Cheers,
Renan Battaglin
Server and Data Center Team

Renan Battaglin added a comment - 29/Aug/2019 4:28 AM Hi all, Thank you so much for your votes and comments on this suggestion. We are beginning greater research on the topic of advanced auditing and would love to hear from you. We intend to better understand: What information you need to log and keep about your Atlassian applications and environments What are the questions you need to answer, or specific insights your are looking for when auditing logs Responses can be in regard to information that needs to be tracked for internal policies (i.e. security) or compliance standards (i.e. SOC2 or SOX) What’s involved in the research: Sessions are 1 hour and conducted over video-conference, so you can participate from anywhere around the globe. After scheduling, you'll receive a calendar invite with a video-conference link. During the research, we'll start with a general chat to get to know you and your company, then try to understand better your auditing needs and even explore some prototypes. As a token of our appreciation, you'll receive an e-gift card worth $100 USD within 5 days of completing your session. If you're interested in taking part, please send me an email at rbattaglin@atlassian.com and I'll get in touch. We can't guarantee that all interested parties will be selected but we appreciate your interest in helping us to make auditing in our products satisfy more advanced use cases. We look forward to meeting you! Cheers, Renan Battaglin Server and Data Center Team

Kerry Melcher added a comment - 12/Dec/2017 7:06 PM

My audit log was set for the default retention of two years. At 9 months of operation my server ran out of disk space during the SQL backup process because the audit log tables were 92GB.... (#CSP-218743). I am still working through the painful process of trying to get the audit log and audit log tables down to a manageable size. I am down to 88 days on the retention setting and working towards 30 days. It is taking about 4 to 6 hours for the system to process out 1 days worth of audit logs so it will take several weeks to get the audit log file size under control.

The audit log in the current state is no functional.

It needs admin options to filter what goes into the log even more that just the LDAP user entries.

It also needs options to sort by the column headings and options to filter out entries from the search in addition to the search by date filter. If I filter by one day I still have several hundred pages of log entries to look through.

Kerry Melcher added a comment - 12/Dec/2017 7:06 PM My audit log was set for the default retention of two years. At 9 months of operation my server ran out of disk space during the SQL backup process because the audit log tables were 92GB.... (#CSP-218743). I am still working through the painful process of trying to get the audit log and audit log tables down to a manageable size. I am down to 88 days on the retention setting and working towards 30 days. It is taking about 4 to 6 hours for the system to process out 1 days worth of audit logs so it will take several weeks to get the audit log file size under control. The audit log in the current state is no functional. It needs admin options to filter what goes into the log even more that just the LDAP user entries. It also needs options to sort by the column headings and options to filter out entries from the search in addition to the search by date filter. If I filter by one day I still have several hundred pages of log entries to look through.

Markus Bradtke added a comment - 20/Mar/2017 9:17 AM

We know the audit log and this filtering option from JIRA and find both really useful. In Confluence we want to make use of the audit log as well. But the really interesting entries listing Confluence internal events are hard to find in thousands of changes per day written to the same audit log by the LDAP synchronisation.

To keep the log small we restricted it to a single day but this purges all events and makes the audit log more or less useless.

Markus Bradtke added a comment - 20/Mar/2017 9:17 AM We know the audit log and this filtering option from JIRA and find both really useful. In Confluence we want to make use of the audit log as well. But the really interesting entries listing Confluence internal events are hard to find in thousands of changes per day written to the same audit log by the LDAP synchronisation. To keep the log small we restricted it to a single day but this purges all events and makes the audit log more or less useless.

Details

Description

Problem Definition

Suggested Solution

Why this is important

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Renan Battaglin added a comment - 29/Aug/2019 4:28 AM

Expand comment: Renan Battaglin added a comment - 29/Aug/2019 4:28 AM

Collapse comment: Kerry Melcher added a comment - 12/Dec/2017 7:06 PM

Expand comment: Kerry Melcher added a comment - 12/Dec/2017 7:06 PM

Collapse comment: Markus Bradtke added a comment - 20/Mar/2017 9:17 AM

Expand comment: Markus Bradtke added a comment - 20/Mar/2017 9:17 AM

People

Dates