Skip to content

Audit Logs

Jump to bottom
Tom King edited this page Jun 6, 2018 · 7 revisions

Included is a simple logging system. It logs the flash, and you can add your own calls to the logging system.

Logs

Creating a log entry

The easiest way to create a log entry is via the addLogLine() helper.

Example Usage:

// Simple notifications:
addLogLine(type="security", message="User Logged in!");
addLogLine(type="email", message="Email Was Sent in the background", severity="success");
addLogLine(type="email", message="Email Failed to Send!", severity="danger");

// Storing Data
try {
  // Bad Stuff
} catch(any err){
  addLogLine(
      type="error", 
      message="Ouch, something bad here...", 
      severity="danger", 
      data=err);
}
  • @type Required: Anything you want to group by: i.e, email | database | user | auth | login | flash etc.
  • @message Required: The Message
  • @severity One of info (default) | warning | danger
  • @data Arbitary data to store alongside this log line. will be serialized. Can be a struct/array etc.
  • @createdBy Username of who fired the log line. Defaults to anon or the currently logged in user.

The user's IP is automatically calculated and stored alongside, as is obviously, the timestamp.

Automatic logging of changed properties

Changed Prop

You can turn on automatic logging of model properties on a per model basis. This stores the values of any changed property on a model in the auditlog as extended data.

In your model, turn on logging via logChanges = true in your call to super.config():

component extends="Model" {
  function config() {
    super.config(logChanges=true);
    beforeValidation("setIgnoreLogProperties");
  }

  function setIgnoreLogProperties(){
    this.ignoreLogProperties = "mySensitiveDataField,passwordHash";
  }
}

You can also tell the feature which properties to ignore - this is so you can skip potentially sensitive data, such as passwords etc. Or timestamps which might get automatically triggered, but you don't want to log them.

Viewing extended log data

If you have permission, the extended log data will be accessible in a modal window which is displayed upon clicking the log message in the log index.

Note: You will need both the canViewLogData named permission and also the appropriate controller permission for admin.auditlogs.show (or have it inherited from higher up).

Filtering

Logs can be filtered by type or severity and can use an additional search keyword

Clone this wiki locally