Let’s say you noticed that a user with a strange name is logging into Alfresco. After reviewing the authentication logs, you see that the user has been logging into the system for some time. Panic attack: could it be a hacker attack? Disgruntled user? You block the user… but what did they see or download?
Alfresco auditing is not rocket science, but it’s not trivial either.
There are many reasons to enable the powerful auditing abilities of Alfresco, for instance:
- Find who is using the repository (and who is not) and why
- Measure your ROI
- Discover areas of opportunity
- Uncover questionable activity
- Gather data for legal purposes
- Detect suspicious activity
- Make sure that your security controls are effective
There is good news and bad news. The good news is that Alfresco has a powerful framework to track the events in the repository. The bad news? It is not enabled by default (technically, the master switch is enabled, but it does not collect any information by default). In addition, there’s some mixed news, and that’s what this article is about.
Here are the seven things you need to know about Alfresco auditing:
1. Alfresco auditing is powerful
Alfresco auditing provides powerful and extensible tools, but the process to enable and leverage this service is not user-friendly. Find out how to enable auditing here.
2. Simple tools are available out of the box
There are no simple snap-in solutions to see who-is-accessing-what, but there are some very light tools that can be used to monitor document usage and modifications. They have important limitations:
- Versioning allows you to see the history of a file, who modified it, and when. However, it can be easily disabled, and it only keeps track of previous changes.
- Local feeds are not only a useful collaboration tool, but also a light-grade auditing tool. To be sure, it can only be used for documents within a Share site. Data is short-lived, as it is cleaned up frequently.
3. Commercial and open-source tools are available
There are some solutions that take advantage of Alfresco’s auditing facilities. Free solutions have a narrow scope, while solutions with more general applications and easier set up have a price. However, if you just need to know who-is-using-what and you are not too concerned about some of Alfresco auditing idiosyncrasies, these tools may be overkill.
- Alfresco Search and Insight Engine (formerly known as Alfresco Analytics) provides powerful tools that go beyond simple auditing and provide analysis of content, metadata, processes, and governance. Requires a paid license.
- Alfresco Governance Services (AGS, formerly known as Alfresco Records Management) provides a full records management solution that, among many things, provides extensive audit logs. Requires a paid license.
- Alfresco Audit Analysis and Reporting (AAAR) is an Open Source Project developed by Francesco Corti that is not as complex as the Alfresco Search and Insight Engine or AGS, but could be a good alternative, as well.
4. The default data produced is raw
The audit data produced by Alfresco is abundant, but it can be messy. It may be too abundant in some cases—perhaps redundant—and for some use cases, auditing may not capture some activity by default. For instance, if you download a file, it may be divided into smaller chunks and you may get one audit data record for every chunk of data. Another example: it may not be easy to tell if a file was opened via Office Live Editing, WebDAV, downloaded, or previewed from the browser. That messiness may be acceptable for your purposes… but cleaner, less redundant data would require some filtering and processing of the raw data.
5. Some development may be necessary
After skimming the documentation, you may have the impression that implementing auditing mostly involves configuration, but installing or developing some code may be necessary. You may want to develop code that will filter or clean up auditing automatically if you are going to use the data routinely.
6. Large amounts of data will be collected
Auditing usually generates a large amount of data, which can quickly fill up your database. It is important to procure additional database capacity in advance and plan to manage it accordingly.
7. You will need a plan to manage auditing in your system
Auditing involves some administrative tasks. Your team has to be aware of the initial and ongoing tasks and processes to implement auditing, run reports, and clean up data on a regular basis. For more information, read about scheduling cleanup of database tools, and using the auditing REST API.
The decision process to implement auditing is not trivial. A bare-bones implementation may satisfy your needs, but throwing in a few more requirements may convert a relatively straightforward project into a full two-month development effort. It may call for the integration of a commercial extension. Schedule time to talk with Zia about your needs and the options provided by Alfresco auditing.