This page last changed on Nov 27, 2006 by ivan@atlassian.com.

Generate a basic log indicating which users are accessing which pages in Confluence. Application servers are able to log the requested URL, but they cannot determine the currently logged in user. This log is not currently formatted to be accessible to web log analysis tools such as AwStats as it lacks a host and get method, so must be viewed manually.

Similar to JIRA, Confluence has a built-in access logging mechanism, which shows the user and URL invoked. To enable it, you need to modify a couple of configuration files and restart Confluence.

Configuring the AccessLogFilter

There is a simple AccessLogFilter in Confluence than can be enabled via log4j.properties and web.xml.

You need to uncomment these lines in log4j.properties:

log4j.category.com.atlassian.confluence.util.AccessLogFilter=INFO, confluencelog
log4j.additivity.com.atlassian.confluence.util.AccessLogFilter=false

And enable the filter in web.xml by removing the comments around these lines:

<filter-mapping>
    <filter-name>AccessLogFilter</filter-name>
    <url-pattern>/display/*</url-pattern>
</filter-mapping>

Enabling this AccessLogFilter will result in logging information being stored in the standard confluence log files.

Advanced configuration

After this is working, you could redirect the access log to a different file by adding a new RollingFileAppender at the top of log4j.properties:

log4j.appender.accesslog=org.apache.log4j.RollingFileAppender
log4j.appender.accesslog.Threshold=DEBUG
log4j.appender.accesslog.File=${catalina.home}/logs/atlassian-confluence-access.log
log4j.appender.accesslog.MaxFileSize=20480KB
log4j.appender.accesslog.MaxBackupIndex=5
log4j.appender.accesslog.layout=com.atlassian.confluence.util.PatternLayoutWithStackTrace
log4j.appender.accesslog.layout.ConversionPattern=%d %p [%c{4}] %M %m%n

To enable this logger, you need to add 'accesslog' to the log4j.rootLogger property, and change the AccessLogFilter logger line from 'confluencelog' to 'accesslog'.

The web.xml url-pattern given above only matches page views (/display/*). You could change the url-pattern, or duplicate the entire filter-mapping to log access for different kinds of access (/admin/* for admin functions, /pages/* for edits and creates, etc. Note that /pages/editpage.action* doesn't work).

What is logged

The format produced is the following values separated by spaces:

1. Username or '-' if no user
2. URL
3. VM free memory at start of request (in KB)
4. Change in free memory after request is finished (in KB)
5. Time taken for request (in ms).

The above may be preceded by additional log4j-generated text, depending on the log4j pattern which is configured.

Another option: Google Analytics

Google Analytics can be easily integrated with Confluence for access tracking.

After signing up, copy the Javascript and paste it into the 'Before end of <body>' section of Administration, Custom HTML. This will put the Javascript on every page generated by Confluence.

This might not work correctly if your users are behind a firewall or authenticated proxy.

I'd like the AccessLogFilter to log the remote host, so I can filter out requests from our organization.

-Mark

Posted by mark.chung@sri.com at Sep 28, 2006 11:41

For doeditpage.action, I'd like to know what space and page ID (or better page name) they were editing.

Posted by garnetr at Feb 05, 2007 15:03

According to the apache mailing list
you may be able to add a remote Log4J host via :

# An example configuration for using remote Log4Java server
services.LoggingService.remote.destination.remote.host=my.remote.server.com
services.LoggingService.remote.destination.remote.port=1099
services.LoggingService.remote.className=org.apache.turbine.services.logging.Log4JavaLogger
services.LoggingService.remote.level=INFO
Posted by ivan@atlassian.com at Feb 06, 2007 18:54

The src/java/com/atlassian/confluence/util/AccessLogFilter.java file included in the Confluence source release is very simple. You should easily be able to update and recompile it to include request parameters in the logging if you want to.

Posted by mryall at Feb 14, 2007 14:07

According to the tomcat docs, if the app placed the userid into a session attribute, then it could be recorded with an AccessLogValve from Tomcat via server.xml:

http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
%{xxx}r xxx is an attribute in the ServletRequest
%{xxx}s xxx is an attribute in the HttpSession

<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/apps/atlassian/logs" prefix="" suffix=".tomcat2_access.log"
pattern="%t %a %Ts %{userid}r %B %U%q"
fileDateFormat="yyyy-MM-dd"
resolveHosts="false"/>

How difficult it would be to modify Confluence/Jira to place the authenticated userid into a session attribute?

Cheers,
Tim

Posted by timcolson at Feb 21, 2007 12:41

Hi Timo,

the authenticated user is already in the session, so you can use %{seraph_defaultauthenticator_user}s to access it.

It will generate a toString() of the user that will look something like:

user: [admin]
email: [admin@example.org]
fullName: [admin]

SaM.

Posted by sleberrigaud at Mar 08, 2007 22:19
Document generated by Confluence on Mar 22, 2007 20:59