Skip to main content

Auditing

Auditing is done using a capability, as described in Capabilities called Audit. For your convenience, this capability is created and enabled by default.

When the Audit capability is enabled, Sonatype Nexus Repository updates a log file located in $data-dir/log/audit/audit.log each time a user or internal process modifies Nexus Repository configuration or adds or removes an asset or component. Nexus Repository rotates this log file daily and retains a maximum of 90 days' worth of files.

Each line of the audit log contains an unformatted JSON message representing a single audit item. The table below provides a list of attributes available in these JSON messages:

Attribute

Description

Example

timestamp

The date and time this event occurred

2019-02-04 18:12:07,856-0500

nodeId

The instance's nodeId (used to correlate audit logs across multiple instances)

5DF0F434-88A6F4B7-AEDCE785-CAD9628C-8AD86154

initiator

The event initiator often represented as a username/host combination unless it is an internally generated event

admin/172.16.0.10

domain

Functional area of the system

"security.user";
"repository.component";
"repository.asset";
"tasks";
"security.user-role-mapping";
"security.sslcertificate";
"security.role";
"security.realm";
"security.privilege";
"security.ldap";
"security.crowd";
"security.anonymous";
"script";
"repository-view";
"repository-content-selector";
"repository-admin";
"repository";
"replication";
"logging";
"license";
"httpclient";
"email";
"capability";
"blobstore";
"database-migration";
                        

type

Action performed in this domain

created

context

Identifying details of the event

mynewusername

thread

Thread name of the event initiator. Thread name can help correlate related log lines from other log files.

quartz-7-thread-1

attributes

Map of key:value pairs that contain more details about the event

{"id":"mynewusername","name":"John Doe","email":"jdoe@emailserver.com","source":"default","status":"active","roles":"nx-admin"}

The table below lists available Nexus Repository audit log Java constants and their type values:

Java Constant

Type Value

SYSTEM_CONTEXT

system

CREATED_TYPE

created

UPDATED_TYPE

updated

DELETED_TYPE

deleted

PURGE_TYPE

purged

CHANGED_TYPE

changed

The table below lists available Nexus Repository audit log event types per domain:

Domain

Event Types per Domain

CleanupPolicy

created, updated, deleted

capability

created, updated, deleted

email

changed, context

httpclient

changed, context

logging

changed, context

tasks

deleted, scheduled, started, finished, failed, cancel-requested, canceled

script

created, updated, deleted

security.sslcertificate

created, deleted

DataStore

deleted

blobstore

created, updated, deleted, started, stopped

RoutingRule

created, updated, deleted

repository.asset

created, updated, deleted

repository.component

created, updated, deleted

security.anonymous

changed, context

security.user

User_not_found, Password_empty, Incorrect_credentials, Disabled_account, License_limitation, Expired_credentials, Unknown

security.privilege

created, updated, deleted

security.realm

changed, context

security.role

created, updated, deleted

security.user

created, updated, deleted

security.user-role-mapping

created, updated, deleted

ContentSelector

created, updated, deleted

license

changed, context

security.crowd

changed, context

security.ldap

created, updated, deleted, changedOrder, cacheInvalidated

replication

created, updated, deleted

SamlRealm

configChanged