Audit log for file access

ℹ️ Support
, ,
1

Hi community,

Hope to get some advice regarding file access from audit.log.

We are using the AIO docker image with NC version 28.0.4; Ubuntu 22.04.

Test scenario:

  1. A directory was shared to a group with ‘Allow Download’ and Read permission.
  2. When an user from the group accessed a file within the shared directory, no log entry in audit.log indicated that the user has accessed the file. There are logs to specifying that the directory was accessed.

However, when the owner of the directory accessed the same file, there are log indicating that the file was accessed.

How can we get information that user from the group has accessed the file?

2

I can not say what is your problem. I can see if the file is accessed by another user (used direct sharing but I don’t think there is a difference).

  1. create test file audit log test.odt as user willi
  2. share the file with user test7
  3. edit the file as user test7
  4. review audit log (I prefer jq parsing for better readability)
    tail -n 100 audit.log|grep 'audit log test'|jq "[.time, .user, .message]|@csv"
  5. file access and modification is visible:
"\"2024-05-03T08:50:23+00:00\",\"willi\",\"File accessed: \"\"/Documents/audit log test.odt\"\"\""
"\"2024-05-03T08:50:32+00:00\",\"willi\",\"The file \"\"/willi/files/Documents/audit log test.odt\"\" with ID \"\"136836\"\" has been shared to the user \"\"test7\"\" with permissions \"\"19\"\"  (Share ID: 31)\""
"\"2024-05-03T08:50:57+00:00\",\"test7\",\"Preview accessed: \"\"_versions/Documents/audit log test.odt.v1714726159\"\" (width: \"\"44\"\", height: \"\"44\"\" crop: \"\"1\"\", mode: \"\"fill\"\")\""
"\"2024-05-03T08:50:57+00:00\",\"test7\",\"File accessed: \"\"/test7/files/audit log test.odt\"\"\""
"\"2024-05-03T08:50:58+00:00\",\"--\",\"File accessed: \"\"/audit log test.odt\"\"\""
"\"2024-05-03T08:51:17+00:00\",\"test7\",\"File accessed: \"\"/test7/files/audit log test.odt\"\"\""
"\"2024-05-03T08:51:17+00:00\",\"--\",\"File accessed: \"\"/audit log test.odt\"\"\""
"\"2024-05-03T08:51:33+00:00\",\"test7\",\"File accessed: \"\"/test7/files/audit log test.odt\"\"\""
"\"2024-05-03T08:51:33+00:00\",\"--\",\"File accessed: \"\"/audit log test.odt\"\"\""
"\"2024-05-03T08:51:50+00:00\",\"test7\",\"File updated: \"\"/audit log test.odt\"\"\""
"\"2024-05-03T08:51:50+00:00\",\"test7\",\"File written to: \"\"/audit log test.odt\"\"\""
"\"2024-05-03T08:55:04+00:00\",\"--\",\"Version \"\"/Documents/audit log test.odt.v1714726159\"\" was deleted.\""