HI there, I'm just trying to make sense of Syncope's Audit feature.
Under "Reports" -> "Audit" I enabled ALL options of type "REST". So, for example, "REST" / "EntitlementController" / "getAll" and "getOwn" is checked. For both " Success" and "Failure". Now I did a login to the Web Console, first with a wrong password, then with the correct password. When I look into the Syncope database, table syncopeaudit, I see this: (1) Login to Web Console with wrong Password: EVENT_DATE, LOGGER_LEVEL, LOGGER, MESSAGE, THROWABLE '2014-11-18 09:55:14', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isSelfRegAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:55:14', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:55:14', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetRequiringSecurityQuestions]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:55:14', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isSelfRegAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:55:14', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:55:14', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetRequiringSecurityQuestions]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' (2) Login to Web Console with correct Password: # EVENT_DATE, LOGGER_LEVEL, LOGGER, MESSAGE, THROWABLE '2014-11-18 09:58:28', 'DEBUG', 'syncope.audit.[REST]:[EntitlementController]:[]:[getOwn]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n [ROLE_ANONYMOUS]', '' '2014-11-18 09:58:30', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isSelfRegAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:58:30', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:58:30', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetRequiringSecurityQuestions]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:58:30', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isSelfRegAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:58:30', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetAllowed]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' '2014-11-18 09:58:30', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[isPwdResetRequiringSecurityQuestions]:[SUCCESS]', '[anonymous] BEFORE:\n unknown\nINPUT:\n none\nOUTPUT:\n true', '' Questions: - It seems that I only get EntitlementController audit events for the Success - not for Failure. What do I have to configure to get failed login requests? - How to get change information, like Role XYZ has been added to User ABC? When I, for example, add Role "ArtDirector" to User "rossini" I get this here - which is hard to parse. Is there better way to get this kind of information? # EVENT_DATE, LOGGER_LEVEL, LOGGER, MESSAGE, THROWABLE '2014-11-18 10:17:22', 'DEBUG', 'syncope.audit.[REST]:[UserController]:[]:[update]:[SUCCESS]', '[admin] BEFORE:\n org.apache.syncope.common.to.UserTO@70c0a9f0[\r\n memberships=[org.apache.syncope.common.to.MembershipTO@78d50564[\r\n roleId=1\r\n roleName=root\r\n id=1\r\n derAttrs=[org.apache.syncope.common.to.AttributeTO@69552635[\r\n schema=mderiveddata\r\n values=[sx-dx]\r\n readonly=true\r\n]]\r\n virAttrs=[]\r\n attrs=[org.apache.syncope.common.to.AttributeTO@553f9799[\r\n schema=mderived_sx\r\n values=[sx]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@41f9e988[\r\n schema=mderived_dx\r\n values=[dx]\r\n readonly=false\r\n]]\r\n creator=admin\r\n creationDate=Wed Oct 20 11:00:00 CEST 2010\r\n lastModifier=admin\r\n lastChangeDate=Wed Oct 20 11:00:00 CEST 2010\r\n], org.apache.syncope.common.to.MembershipTO@7e53018e[\r\n roleId=8\r\n roleName=otherchild\r\n id=5\r\n derAttrs=[]\r\n virAttrs=[]\r\n attrs=[]\r\n creator=admin\r\n creationDate=Wed Oct 20 11:00:00 CEST 2010\r\n lastModifier=admin\r\n lastChangeDate=Wed Oct 20 11:00:00 CEST 2010\r\n], org.apache.syncope.common.to.MembershipTO@7b8b526c[\r\n roleId=100\r\n roleName=testRoleName\r\n id=100\r\n derAttrs=[]\r\n virAttrs=[]\r\n attrs=[]\r\n creator=admin\r\n creationDate=Tue Nov 18 10:12:28 CET 2014\r\n lastModifier=admin\r\n lastChangeDate=Tue Nov 18 10:12:28 CET 2014\r\n]]\r\n status=active\r\n token=<null>\r\n tokenExpireTime=<null>\r\n username=rossini\r\n lastLoginDate=<null>\r\n changePwdDate=<null>\r\n failedLogins=0\r\n securityQuestion=<null>\r\n securityAnswer=<null>\r\n resources=[resource-testdb2, ws-target-resource-2]\r\n propagationStatusTOs=[]\r\n id=1\r\n derAttrs=[org.apache.syncope.common.to.AttributeTO@77d06fd1[\r\n schema=cn\r\n values=[Rossini, Gioacchino]\r\n readonly=true\r\n]]\r\n virAttrs=[]\r\n attrs=[org.apache.syncope.common.to.AttributeTO@155d3fcb[\r\n schema=type\r\n values=[G]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@1d073362[\r\n schema=fullname\r\n values=[Gioacchino Rossini]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@43be75d1[\r\n schema=firstname\r\n values=[Gioacchino]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@d290f16[\r\n schema=surname\r\n values=[Rossini]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@29d741a[\r\n schema=userId\r\n values=[[email protected]]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@2f31584d[\r\n schema=loginDate\r\n values=[2009-05-26, 2010-05-26]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@509c3f6f[\r\n schema=gender\r\n values=[M]\r\n readonly=false\r\n]]\r\n creator=admin\r\n creationDate=Wed Oct 20 11:00:00 CEST 2010\r\n lastModifier=admin\r\n lastChangeDate=Tue Nov 18 10:12:28 CET 2014\r\n]\nINPUT:\n org.apache.syncope.common.mod.UserMod@4e5d3310[\r\n password=<null>\r\n username=<null>\r\n membershipsToAdd=[org.apache.syncope.common.mod.MembershipMod@3d0cc34e[\r\n role=14\r\n id=0\r\n attrsToUpdate=[]\r\n attrsToRemove=[]\r\n derAttrsToAdd=[]\r\n derAttrsToRemove=[]\r\n virAttrsToUpdate=[]\r\n virAttrsToRemove=[]\r\n]]\r\n membershipsToRemove=[]\r\n pwdPropRequest=org.apache.syncope.common.mod.StatusMod@37451b9d[\r\n id=0\r\n type=<null>\r\n token=<null>\r\n onSyncope=true\r\n resourceNames=[]\r\n]\r\n securityQuestion=<null>\r\n securityAnswer=<null>\r\n resourcesToAdd=[]\r\n resourcesToRemove=[]\r\n id=1\r\n attrsToUpdate=[org.apache.syncope.common.mod.AttributeMod@23503284[\r\n schema=cool\r\n valuesToBeAdded=[]\r\n valuesToBeRemoved=[]\r\n], org.apache.syncope.common.mod.AttributeMod@1d4ed824[\r\n schema=activationDate\r\n valuesToBeAdded=[]\r\n valuesToBeRemoved=[]\r\n], org.apache.syncope.common.mod.AttributeMod@66248a38[\r\n schema=uselessReadonly\r\n valuesToBeAdded=[]\r\n valuesToBeRemoved=[]\r\n], org.apache.syncope.common.mod.AttributeMod@68ee96eb[\r\n schema=aLong\r\n valuesToBeAdded=[]\r\n valuesToBeRemoved=[]\r\n], org.apache.syncope.common.mod.AttributeMod@7f6541f[\r\n schema=makeItDouble\r\n valuesToBeAdded=[]\r\n valuesToBeRemoved=[]\r\n]]\r\n attrsToRemove=[email, obscure, photo]\r\n derAttrsToAdd=[]\r\n derAttrsToRemove=[]\r\n virAttrsToUpdate=[]\r\n virAttrsToRemove=[]\r\n]\nOUTPUT:\n org.apache.syncope.common.to.UserTO@4208b9c1[\r\n memberships=[org.apache.syncope.common.to.MembershipTO@4adb4fc5[\r\n roleId=1\r\n roleName=root\r\n id=1\r\n derAttrs=[org.apache.syncope.common.to.AttributeTO@45234e8[\r\n schema=mderiveddata\r\n values=[sx-dx]\r\n readonly=true\r\n]]\r\n virAttrs=[]\r\n attrs=[org.apache.syncope.common.to.AttributeTO@310f6d8f[\r\n schema=mderived_sx\r\n values=[sx]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@6be1e072[\r\n schema=mderived_dx\r\n values=[dx]\r\n readonly=false\r\n]]\r\n creator=admin\r\n creationDate=Wed Oct 20 11:00:00 CEST 2010\r\n lastModifier=admin\r\n lastChangeDate=Wed Oct 20 11:00:00 CEST 2010\r\n], org.apache.syncope.common.to.MembershipTO@3a5693b3[\r\n roleId=8\r\n roleName=otherchild\r\n id=5\r\n derAttrs=[]\r\n virAttrs=[]\r\n attrs=[]\r\n creator=admin\r\n creationDate=Wed Oct 20 11:00:00 CEST 2010\r\n lastModifier=admin\r\n lastChangeDate=Wed Oct 20 11:00:00 CEST 2010\r\n], org.apache.syncope.common.to.MembershipTO@9faeab1[\r\n roleId=100\r\n roleName=testRoleName\r\n id=100\r\n derAttrs=[]\r\n virAttrs=[]\r\n attrs=[]\r\n creator=admin\r\n creationDate=Tue Nov 18 10:12:28 CET 2014\r\n lastModifier=admin\r\n lastChangeDate=Tue Nov 18 10:12:28 CET 2014\r\n], org.apache.syncope.common.to.MembershipTO@38460f95[\r\n roleId=14\r\n roleName=artDirector\r\n id=101\r\n derAttrs=[]\r\n virAttrs=[]\r\n attrs=[]\r\n creator=admin\r\n creationDate=Tue Nov 18 10:17:21 CET 2014\r\n lastModifier=admin\r\n lastChangeDate=Tue Nov 18 10:17:21 CET 2014\r\n]]\r\n status=active\r\n token=<null>\r\n tokenExpireTime=<null>\r\n username=rossini\r\n lastLoginDate=<null>\r\n changePwdDate=<null>\r\n failedLogins=0\r\n securityQuestion=<null>\r\n securityAnswer=<null>\r\n resources=[resource-testdb2, ws-target-resource-2]\r\n propagationStatusTOs=[]\r\n id=1\r\n derAttrs=[org.apache.syncope.common.to.AttributeTO@7fa91c0f[\r\n schema=cn\r\n values=[Rossini, Gioacchino]\r\n readonly=true\r\n]]\r\n virAttrs=[]\r\n attrs=[org.apache.syncope.common.to.AttributeTO@37715e43[\r\n schema=type\r\n values=[G]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@73e39d24[\r\n schema=fullname\r\n values=[Gioacchino Rossini]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@6461e1ec[\r\n schema=firstname\r\n values=[Gioacchino]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@56378070[\r\n schema=surname\r\n values=[Rossini]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@55d16548[\r\n schema=userId\r\n values=[[email protected]]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@265085fc[\r\n schema=loginDate\r\n values=[2009-05-26, 2010-05-26]\r\n readonly=false\r\n], org.apache.syncope.common.to.AttributeTO@708c770a[\r\n schema=gender\r\n values=[M]\r\n readonly=false\r\n]]\r\n creator=admin\r\n creationDate=Wed Oct 20 11:00:00 CEST 2010\r\n lastModifier=admin\r\n lastChangeDate=Tue Nov 18 10:17:21 CET 2014\r\n]', '' cheers, Hermann
