Documentation Center

Annotated Audit Trail XML

This sample shows a basic audit trail XML file. Each event is annotated to describe what happened to trigger the event.


<Audit aggregated="no" session_id="12duyh6ee67aa" time="2011-08-10T15:53:16.712-04:00" hostid="83395a5a-4c41-4787-b906-be7d07276277" user_agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1" browser="Chrome"> 

The audit trail is started.


    <event app_version="5.0.1.33" browser="Chrome" db_version="1.4.0.36" filterTransId="none" groups="dba" host="http://contentdelivery.lc.example.com" hosturl="http://contentdelivery.lc.example.com/ContentDelivery/" id="Session" lang="en" last_access="2011-08-10T09:24:39.18-04:00" refer="http://contentdelivery.lc.example.com/ContentDelivery/web/session.xql?action=logout&redirect=1" session_id="12duyh6ee67aa" start="2011-08-10T15:53:16.712-04:00" time="2011-08-10T15:53:16.712-04:00" type="startAuditTrail" user="admin" user_agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1"/> 

http://contentdelivery.lc.example.com, where lc refers to an example related to Content Delivery, and contentdelivery specifies it further as a delivery server.

The user logs in.


    <event filterTransId="none" groups="dba" time="2011-08-10T15:53:16.712-04:00" type="login" user="admin"/> 

The user accesses the publication list.


    <event ShowAll="visible" filterTransId="none" groups="dba" significant="1" time="2011-08-10T15:53:18.649-04:00" type="ViewPubs" user="admin" eventTime="5.688"/> 

The user runs a search.


    <event category="" chunkSize="10" filterTransId="none" groups="dba" lang="en-US" maxResults="0" minResult="0" pub="Hardening" query="audit trail" queryTime="0.328" results="25" scope="" searchId="56178afe-f592-401f-a51b-c26a27a9f4a6" significant="1" sort="relevance" time="2011-08-10T15:53:24.337-04:00" transId="56178afe-f592-401f-a51b-c26a27a9f4a6" type="search" user="admin" eventTime="1.578"/> 

A result from the search is selected, linked by the @searchId to its parent search.


    <event filterTransId="none" groups="dba" lang="en-US" pub="Hardening" query="audit trail" resource="task_EE0BC2ED59ED4899B5522CC94E86B961" searchId="56178afe-f592-401f-a51b-c26a27a9f4a6" significant="1" time="2011-08-10T15:53:25.915-04:00" transId="d6433605-bd39-4e61-a956-b2bfdb35d400" type="SearchResult" user="admin" eventTime="2.562"/> 

Images associated with the resulting topic are displayed.


    <event filterTransId="none" groups="dba" lang="en-US" pub="Hardening" resource="global_config.png" time="2011-08-10T15:53:26.712-04:00" transId="7b116fd6-6e75-48e8-a94a-c9e032157ce9" type="media" user="admin"/> 
    <event filterTransId="none" groups="dba" lang="en-US" pub="Hardening" resource="save.png" time="2011-08-10T15:53:26.79-04:00" transId="0618447e-bcb6-4ffe-98f5-d44cc8dfc139" type="media" user="admin"/> 

The user opens another topic, this time from the TOC.


    <event filterTransId="none" groups="dba" lang="en-US" pub="Hardening" resource="setup_audit_aggregation" significant="1" time="2011-08-10T15:53:28.477-04:00" transId="38961262-5d2b-40b3-8d23-c19ffdf0e763" type="Document" user="admin" eventTime="24.782"/> 

The user creates a new form of type comment.


    <event filterTransId="none" groups="dba" time="2011-08-10T15:53:47.462-04:00" type="XForm" user="admin"> 
        <lcform aggregated="no" ancestor="" created="2011-08-10T15:53:33.931-04:00" docid="Hardening:en-US:setup_audit_aggregation" fid="xform.comment" hostid="83395a5a-4c41-4787-b906-be7d07276277" lang="en-US" modified="2011-08-10T15:53:47.462-04:00" name="3e7fa75f-5ad9-4683-88e9-412d673c1fb7" parent="" pub="Hardening" public="true" sdocid="setup_audit_aggregation" status="new" title="a sample comment" type="doc" user="admin"> 
            <name label="xform.common.name" lcusedefault="username">admin</name> 
            <email label="xform.common.email" lcusedefault="emailaddress">admin@sdl.com</email> 
            <summary label="xform.common.summary" lctitle="true">a sample comment</summary> 
            <description label="xform.common.description" lcdesc="true">a sample comment was made here.</description> 
        </lcform> 
    </event> 

The user modifies the status of that form, setting it to completed.

	
    <event filterTransId="none" groups="dba" time="2011-08-10T15:53:51.322-04:00" type="set_XForm_metadata" user="admin"> 
        <lcform aggregated="no" ancestor="" created="2011-08-10T15:53:33.931-04:00" docid="Hardening:en-US:setup_audit_aggregation" fid="xform.comment" hostid="83395a5a-4c41-4787-b906-be7d07276277" lang="en-US" modified="2011-08-10T15:53:47.462-04:00" name="3e7fa75f-5ad9-4683-88e9-412d673c1fb7" parent="" pub="Hardening" public="true" sdocid="setup_audit_aggregation" status="xform.status.completed" title="a sample comment" type="doc" user="admin"/> 
    </event> 

Finally, the user logs out.


    <event filterTransId="none" groups="dba" significant="1" time="2011-08-10T15:53:53.259-04:00" type="logout" user="admin"/> 
</Audit>