Skip to main content

Auditing

Auditing is done using a capability, as described in Capabilities called Audit. For your convenience, this capability is created and enabled by default.

When the Audit capability is enabled, Sonatype Nexus Repository updates a log file located in $data-dir/log/audit/audit.log each time a user or internal process modifies Nexus Repository configuration or adds or removes an asset or component. Nexus Repository rotates this log file daily and retains and a maximum of 90 days worth of files.

Nexus Repository Audit Log Attributes

Each line of the audit log contains an unformatted JSON message representing a single audit item. The table below provides a list of attributes available in these JSON messages:

Attribute	Description	Example
timestamp	The date and time this event occurred	2019-02-04 18:12:07,856-0500
nodeId	The nodeId of the instance (used to correlate audit logs across multiple instances)	5DF0F434-88A6F4B7-AEDCE785-CAD9628C-8AD86154
initiator	The initiator of the event, often a username/host combination, unless an interally generated event	admin/172.16.0.10
domain	Functional area of the system	`"security.user"; "repository.component"; "repository.asset"; "tasks"; "security.user-role-mapping"; "security.sslcertificate"; "security.role"; "security.realm"; "security.privilege"; "security.ldap"; "security.crowd"; "security.anonymous"; "script"; "repository-view"; "repository-content-selector"; "repository-admin"; "repository"; "replication"; "logging"; "license"; "httpclient"; "email"; "capability"; "blobstore";`
type	Action performed in this domain	created
context	Identifying details of the event	mynewusername
thread	Thread name of the event initiator. Thread name can help correlate related log lines from other log files.	quartz-7-thread-1
attributes	Map of key:value pairs that contain more details about the event	{"id":"mynewusername","name":"John Doe","email":"jdoe@emailserver.com","source":"default","status":"active","roles":"nx-admin"}

Nexus Repository Audit Log Available Types

The table below lists available Nexus Repository audit log Java constants and their type values:

Java Constant	Type Value
SYSTEM_CONTEXT	system
CREATED_TYPE	created
UPDATED_TYPE	updated
DELETED_TYPE	deleted
PURGE_TYPE	purged
CHANGED_TYPE	changed

Available Nexus Repository Audit Log Event Types per Domain

The table below lists available Nexus Repository audit log event types per domain:

Domain	Event Types per Domain
CleanupPolicy	created, updated, deleted
capability	created, updated, deleted
email	changed, context
httpclient	changed, context
logging	changed, context
tasks	deleted, scheduled, started, finished, failed, cancel-requested, canceled
script	created, updated, deleted
security.sslcertificate	created, deleted
DataStore	deleted
blobstore	created, updated, deleted, started, stopped
RoutingRule	created, updated, deleted
repository.asset	created, updated, deleted
repository.component	created, updated, deleted
security.anonymous	changed, context
security.user	User_not_found, Password_empty, Incorrect_credentials, Disabled_account, License_limitation, Expired_credentials, Unknown
security.privilege	created, updated, deleted
security.realm	changed, context
security.role	created, updated, deleted
security.user	created, updated, deleted
security.user-role-mapping	created, updated, deleted
ContentSelector	created, updated, deleted
license	changed, context
security.crowd	changed, context
security.ldap	created, updated, deleted, changedOrder, cacheInvalidated
replication	created, updated, deleted
SamlRealm	configChanged

Would you like to provide feedback? Just click here to suggest edits.