Viewing audit reports

Finding what you want in a big list of events is, to use the expression, like searching for a needle in a haystack. This is why the audit portlet gives you a robust searching mechanism. By default, it looks pretty simple: there's only a single field for searching. Clicking the advanced link, however, reveals a search dialog broken out by various fields you can use in your search.

Let's look at the options we have for search.

Match: You can match all fields you've specified or any single field.

User ID: Specify the user ID you'd like to search for. This would be the user that performed some action in the portal that you'd like to audit.

User Name: Specify the user name you'd like to search for. This is often easier than searching for a user ID, especially if you don't have access to the Liferay database to find the user ID.

Resource ID: Specify the ID of the resource that was modified or viewed in this audit record.

Resource Name: Specify the name of the resource that was modified or viewed in this audit record. For example, you could search for User resources to see if someone modified a user's account.

Resource Action: Specify an action that was performed on the resource. This could be any one of the following: add, assign, delete, impersonate, login, login_failure, logout, unassign, or update.

Session ID: Specify the session ID to search for. You'd use this if you were correlating a session ID from your web server logs with activity in Liferay.

Client IP: Specify the IP address of the client that performed the activity you wish to audit.

Client Host: Specify the host name of the client that performed the activity you wish to audit.

Server Name: Specify the server name upon which the activity occurred. If you're using a cluster, each member of the cluster can be individually queried.

Server Port: Specify the server port upon which the activity occurred. You'd need this if you run a "vertical" cluster of multiple VMs on the same machine.

Start Date: Specify the low end of the date range you wish to search.

End Date: Specify the high end of the date range you wish to search.

Using this form, if you wanted to check to see if someone in the portal unassigned a user from a particular role, you might search for a resource name of user and a resource action of unassign. The results of such a search might look something like figure 10.4.

Figure 10.4: Searching audit events is easy with the search form provided by the audit portlet. You can quickly drill down to find the types of events you're looking for.

Once you have the results of your search, you can click on any of the records returned in order to see the detail page for that record. Figure 10.5 shows that in this particular case, the default administrative user removed Stephen Professor from the role of Power User.

Figure 10.5: If you've delegated portal administration to multiple users, you can use the audit plugins to determine who made what change. And, of course, you'll never leave the default administrative user enabled in a production system, right?

As you can see, Liferay's audit portlets give you a lot of power to see what's happening in your portal. You can use this information to troubleshoot problems, determine ownership of particular actions, or, as Harry is about to do, find out who made permission changes that they weren't supposed to make.