How to get user login information for auditing


We have nexus oss version 3.18 installed and I am trying to figure out how to see user logins in the nexus logs (nexus.log and request.log). We are using Single Sign On and the only thing i have noticed that is being captured is events with the following format

USERNAME - Retrieving user: USERNAME

To make matters more complicated there are 100’s of these being generated as soon as a user logs into the NEXUS via the URL. I do not see just one event that can show me that the user logged in succesfully to NEXUS.

The second issue is, when a user logs in, I do not see any URL access logs to show what URL each user is using.

Any help on this would be appreciated.

Thank you

The log entry you shared is a TRACE level log, so no wonder you’re getting hundreds of them. TRACE logs are not meant to be consumed by administrators, and they should be disabled by default as they will produce tons of output. Perhaps what you are looking for is similar to: - Created session for user: admin - this is INFO level log and you can find it in nexus.log. URL access logs are stored in request.log. You should be able to see all this information (and no TRACE logs) using default logger settings as shipped with NXRM.

1 Like

Thank you Dawid for your response.

The request log is not showing a relationship between the URL that users navigate to in the GUI and their USER ID. We are not able to map the two. We also created the logger you mentioned and we are still not able to see user logins.

We also want to be able to know when a user goes into the server administration and configuration areas of the gui and want to be able to track that.

Any further help is appreciated.

Thank you

I’m not sure about the first issue off the top of my head, but regarding auditing, have you seen yet our documentation on Auditing?

Yes I have already enabled that which ends up writing to an audit.log file. However inside that log file I am only still seeing artifact actions, not gui tracking. I am not sure if sonatype is built to track what url a user goes to inside nexus.

Thanks for your time Dawid