ColdFusion 10 - Admin Audit Log

This post is more than 2 years old.

Here's a little gem I just discovered this weekend. ColdFusion 10 now has an administrator audit log. As you can probably guess, this is a log of administrator actions. You can find it the usual log location (and via the CF Admin Logs page). Here's a sample:

"Severity","ThreadID","Date","Time","Application","Message" "Information","catalina-exec-2","02/15/12","15:25:05",,"C:\ColdFusion10\cfusion\logs\audit.log initialized" "Information","catalina-exec-2","02/15/12","15:25:05",,"User admin enabled using admin password " "Information","catalina-exec-2","02/15/12","15:25:05","CFADMIN","User admin changed RDS password " "Information","ajp-bio-8012-exec-2","02/15/12","15:39:36","CFADMIN","User admin changed Server monitor settings. The old values were Monitoring enabled: YES, Memory tracking enabled: NO, Profiling enabled: NO, Monitoring server Enabled: NO, Monitoring server port: 5500. New values are Monitoring enabled: true, Memory tracking enabled: true, Profiling enabled: false, Monitoring server Enabled: YES, Monitoring server port: 5500" "Information","ajp-bio-8012-exec-2","02/23/12","14:41:19","CFADMIN","User admin added/edited new Active ColdFusion Mappings with logical path as /zeustests and Directory path as C:/Users/Raymond/Dropbox/websites/zeustests/" "Information","ajp-bio-8012-exec-2","02/27/12","09:27:59",,"User admin deleted datasource mxna." "Information","ajp-bio-8012-exec-2","02/27/12","09:28:34","CFADMIN","User admin changed Logging settings.Old values were --> Log directory : C:\ColdFusion10\cfusion\logs, Maximum file size: 5000, Maximum number of archives: 10, Log slow pages taking longer than: 30.New values are --> Log directory : C:\ColdFusion10\cfusion\logs, Maximum file size : 5000Maximum number of archives: 10, Log slow pages taking longer than: 30 "

Note that this doesn't cover every little action, but rather focuses on the more important changes. Note though that when possible - changes are recorded so that you can see both what the old value was and the new value. This could be invaluable for knowing who to blame when someone screws up.

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by Terry Sampson posted on 2/27/2012 at 8:41 PM

Oh no! Now I'm in trouble. :>)

Comment 2 by JF posted on 2/27/2012 at 9:07 PM

Great feature! Our mail setting "magically" changed recently, would have been nice to have ;)

Comment 3 by O?uz Demirkap? posted on 2/27/2012 at 9:48 PM

Adding IP address into the log would be a good extension. :)

Comment 4 by Terry Sampson posted on 2/27/2012 at 9:49 PM

Yes, I can see that. Good way to track

Comment 5 by Raymond Camden posted on 2/27/2012 at 9:57 PM

Oguz (sigh - noticed your name is broken, sorry man) - file an ER for that. That is a damn good suggestion.

Comment 6 by O?uz Demirkap? posted on 2/27/2012 at 10:05 PM

Filed: 3124415

I am sorry for my name. :)

Comment 7 by Raymond Camden posted on 2/27/2012 at 10:17 PM

This is why America is the best country in the world - none of our letters have funky crap on em! ;)

Comment 8 by O?uz Demirkap? posted on 2/27/2012 at 11:00 PM

English is Just Another Language :)

Comment 9 by Ryan Stille posted on 2/27/2012 at 11:51 PM

This is a great addition, I can remember many times when something like this would have been useful.

Does it log changes made with the Administrator API?

Comment 10 by Raymond Camden posted on 2/28/2012 at 12:03 AM

Hmm, not sure on that one. Give it a try and let us know. :)

Comment 11 by Sharon posted on 3/9/2012 at 11:49 PM

Just noticed this one. I likey. But ask me again when it shows me as the culprit. :-X