Auditing
Auditing is done using a capability, as described in Capabilities called Audit. For your convenience, this capability is created and enabled by default.
When the Audit capability is enabled, Sonatype Nexus Repository updates a log file located in $data-dir/log/audit/audit.log
each time a user or internal process modifies Nexus Repository configuration or adds or removes an asset or component. Nexus Repository rotates this log file daily and retains a maximum of 90 days' worth of files.
Each line of the audit log contains an unformatted JSON message representing a single audit item. The table below provides a list of attributes available in these JSON messages:
Attribute | Description | Example |
---|---|---|
timestamp | The date and time this event occurred | 2019-02-04 18:12:07,856-0500 |
nodeId | The instance's nodeId (used to correlate audit logs across multiple instances) | 5DF0F434-88A6F4B7-AEDCE785-CAD9628C-8AD86154 |
initiator | The event initiator often represented as a username/host combination unless it is an internally generated event | admin/172.16.0.10 |
domain | Functional area of the system |
|
type | Action performed in this domain | created |
context | Identifying details of the event | mynewusername |
thread | Thread name of the event initiator. Thread name can help correlate related log lines from other log files. | quartz-7-thread-1 |
attributes | Map of key:value pairs that contain more details about the event | {"id":"mynewusername","name":"John Doe","email":"jdoe@emailserver.com","source":"default","status":"active","roles":"nx-admin"} |
The table below lists available Nexus Repository audit log Java constants and their type values:
Java Constant | Type Value |
---|---|
SYSTEM_CONTEXT | system |
CREATED_TYPE | created |
UPDATED_TYPE | updated |
DELETED_TYPE | deleted |
PURGE_TYPE | purged |
CHANGED_TYPE | changed |
The table below lists available Nexus Repository audit log event types per domain:
Domain | Event Types per Domain |
---|---|
CleanupPolicy | created, updated, deleted |
capability | created, updated, deleted |
changed, context | |
httpclient | changed, context |
logging | changed, context |
tasks | deleted, scheduled, started, finished, failed, cancel-requested, canceled |
script | created, updated, deleted |
security.sslcertificate | created, deleted |
DataStore | deleted |
blobstore | created, updated, deleted, started, stopped |
RoutingRule | created, updated, deleted |
repository.asset | created, updated, deleted |
repository.component | created, updated, deleted |
security.anonymous | changed, context |
security.user | User_not_found, Password_empty, Incorrect_credentials, Disabled_account, License_limitation, Expired_credentials, Unknown |
security.privilege | created, updated, deleted |
security.realm | changed, context |
security.role | created, updated, deleted |
security.user | created, updated, deleted |
security.user-role-mapping | created, updated, deleted |
ContentSelector | created, updated, deleted |
license | changed, context |
security.crowd | changed, context |
security.ldap | created, updated, deleted, changedOrder, cacheInvalidated |
replication | created, updated, deleted |
SamlRealm | configChanged |