Inconsistent Audit Log

[dj4oC]

When I share a folder, the audit log shows this as file. When I share a space, the audit log shows this as a space.

Please make the share of a folder transparent to the audit log.

[dj4oC]

Please add "create new version" to audit log

[tbsbdr]

@dj4oC could you please adjust the bug description in the Is and Should style (for me its not completely clear what you need), i.e.

Actual behavior

...

Expected behavior

...

[dj4oC]

{
    "action": "file_read",
    "app": "admin_audit",
    "cli": false,
    "fileid": "961add3b-1e41-5bb0-a075-13a08cc7e3ce$ab51e98e-2e4d-4f3e-869b-cd74a2ed5f47!ab51e98e-2e4d-4f3e-869b-cd74a2ed5f47/Folder 1/Folder 2/Folder 3/Folder 4/Folder 5/Filename",
    "level": 1,
    "message": "user '1fbbf79a-03aa-44f3-9cd7-6ac18f17fc9c' read file $fileid",
    "method": "",
    "owner": "",
    "path": "$fileid started at Folder 1",
    "remoteaddr": "",
    "time": "2024-08-05t05:16:22Z",
    "url": "",
    "user": "",
    "useragent": ""
}

• Question: Why are $method, $owner, $remoteaddr, $url, $user, $useragent empty?

{
    "action": "file_create",
    "app": "admin_audit",
    "cli": false,
    "fileid": "961add3b-1e41-5bb0-a075-13a08cc7e3ce$ab51e98e-2e4d-4f3e-869b-cd74a2ed5f47!8d4a4bf0-690d-4c27-a7a8-b500458b8402",
    "level": 1,
    "message": "user '1fbbf79a-03aa-44f3-9cd7-6ac18f17fc9c' created file $fileid",
    "method": "",
    "owner": "1fbbf79a-03aa-44f3-9cd7-6ac18f17fc9c",
    "path": "",
    "remoteaddr": "",
    "time": "2024-08-05t05:13:00Z",
    "url": "",
    "user": "1fbbf79a-03aa-44f3-9cd7-6ac18f17fc9c",
    "useragent": ""
}

• Question: Why are $method, $path, $remoteaddr, $url, $useragent empty?

{
    "remoteaddr":"",
    "user":"",
    "url":"",
    "method":"",
    "useragent":"",
    "time":"2024-08-05t05:29:24Z",
    "app":"admin_audit",
    "message":"user '24a218c1-85e8-48a9-a2ae-2a0bea74a7b6' moved file '636ce356-cde0-44a6-bb20-53af2c6b2821$24a218c1-85e8-48a9-a2ae-2a0bea74a7b6!24a218c1-85e8-48a9-a2ae-2a0bea74a7b6/Folder 1/Filename Old.xlsx' from 'Folder 1/Filename Old.xlsx' to './Folder 1/Filename New.xlsx'",
    "action":"file_rename",
    "cli":false,
    "level":1,
    "path":"New File Path",
    "owner":"",
    "fileid":"636ce356-cde0-44a6-bb20-53af2c6b2821$24a218c1-85e8-48a9-a2ae-2a0bea74a7b6!24a218c1-85e8-48a9-a2ae-2a0bea74a7b6/New Filename.xlsx",
    "oldpath":"Old Filename.xlsx"} 

• Question: Why are $remoteaddr, $user, $url, $method, $useragent, $owner empty?
• This is actually a renaming of a file, not a moving of a file. The oldpath is the old path of the file, the path is the new path of the file. The fileid is the same in both cases. The message is misleading.
• JSON parser does not accept this input

{
        "remoteaddr":"",
        "user":"",
        "url":"",
        "method":"",
        "useragent":"",
        "time":"2024-08-05t05:35:53Z",
        "app":"admin_audit",
        "message":"user 'ab56fc66-2f49-46e8-a9b8-6b156fc337d0' created a space 'ab56fc66-2f49-46e8-a9b8-6b156fc337d0!ab56fc66-2f49-46e8-a9b8-6b156fc337d0' with name '$name' (storage: '3854f41c-81b1-43fd-8c79-4a2d9d6e6b96')",
        "action":"space_created",
        "cli":false,
        "level":1,
        "spaceid":"3854f41c-81b1-43fd-8c79-4a2d9d6e6b96$ab56fc66-2f49-46e8-a9b8-6b156fc337d0!ab56fc66-2f49-46e8-a9b8-6b156fc337d0",
        "owner":"ab56fc66-2f49-46e8-a9b8-6b156fc337d0",
        "rootitem":"3854f41c-81b1-43fd-8c79-4a2d9d6e6b96$ab56fc66-2f49-46e8-a9b8-6b156fc337d0!ab56fc66-2f49-46e8-a9b8-6b156fc337d0",
        "name":"Lorem Ipsum",
        "type":"personal"}      

• Question: Why are $remoteaddr, $user, $url, $method, $useragent empty?
• What does type personal mean?
• JSON parser does not accept this input

        {
    "action": "container_create",
    "app": "admin_audit",
    "cli": false,
    "fileid": "710b9731-711a-5485-93e6-5d14d2820ec2$8bf62930-391f-4d02-9b09-2f64ed8fb77e!8bf62930-391f-4d02-9b09-2f64ed8fb77e/Folder 1/Folder 2",
    "level": 1,
    "message": "user 'c33577be-53f2-4e1a-ad81-4bae8d940111' created folder '710b9731-711a-5485-93e6-5d14d2820ec2$8bf62930-391f-4d02-9b09-2f64ed8fb77e!8bf62930-391f-4d02-9b09-2f64ed8fb77e/Folder 1/Folder 2'",
    "method": "",
    "owner": "",
    "path": "./Folder 1/Folder 2",
    "remoteaddr": "",
    "time": "2024-08-05t05:33:12Z",
    "url": "",
    "user": "",
    "useragent": ""
}

• Question: Why are $remoteaddr, $user, $url, $method, $useragent empty?

{
    "action": "public_link_accessed",
    "app": "admin_audit",
    "cli": false,
    "fileid": "c46bb00e-a3c7-4bce-a5c2-e9f52030ea76",
    "itemtype": "",
    "level": 1,
    "message": "link with token 'jxrsbglSJatgnV' was accessed. success: true",
    "method": "",
    "owner": "c3efc6ab-36a1-4998-aa94-e77438e7fdc4",
    "path": "",
    "remoteaddr": "",
    "shareid": "lGvSPxtBNVzGoA",
    "sharetoken": "jxrsbglSJatgnV",
    "success": true,
    "time": "2024-08-01t14:48:40Z",
    "url": "",
    "user": "c3efc6ab-36a1-4998-aa94-e77438e7fdc4",
    "useragent": ""
}

• Question: Why are $remoteaddr, $itemtype, $method, $path, $remoteaddr, $url, $useragent empty?
• What does shareid mean?
• What does sharetoken mean?

{
    "action": "file_delete",
    "app": "admin_audit",
    "cli": false,
    "fileid": "d904bb19-c523-4e7f-8543-43e5ba2efb97$7b1484e5-3d2d-495e-bd16-858fc018d7f9!7b1484e5-3d2d-495e-bd16-858fc018d7f9/Test.xlsx",
    "level": 1,
    "message": "user '7b1484e5-3d2d-495e-bd16-858fc018d7f9' trashed file 'd904bb19-c523-4e7f-8543-43e5ba2efb97$7b1484e5-3d2d-495e-bd16-858fc018d7f9!7b1484e5-3d2d-495e-bd16-858fc018d7f9/Test.xlsx'",
    "method": "",
    "owner": "",
    "path": "./Test.xlsx",
    "remoteaddr": "",
    "time": "2024-08-05t05:46:21Z",
    "url": "",
    "user": "",
    "useragent": ""
}

• Question: Why are $method, $owner, §remoteaddr, $url, $user, §useragent empty?

[dj4oC]

@tbsbdr @micbar I hope this helps. I cannot desc what my expected behavior is, but my questions might lead you to the answers. Generally speaking: why are the fields and their order not consistent?

I will try to collect other events too, but as I mentioned already: edit space members is missing, "create new version" is shown as "create file" (similar misleading like renaming is shown as "move file")

[dj4oC]

sorry, confusion with file_rename has been understood

[dj4oC]

{
    "action": "share_accepted",
    "app": "admin_audit",
    "cli": false,
    "fileid": "be3443aa-4de2-4712-8d89-1c235e9cd137",
    "itemtype": "",
    "level": 1,
    "message": "user '8890879c-7e4c-47a3-b2bd-9b36fcf79dcd' accepted share 'b19c52a9-4e2c-46d1-937e-974b109f287d:0d3efee5-e754-45bf-99f7-33668f479e66:26fe0dc0-0564-4b0b-b2a2-38f909fd8528' from user '0d3efee5-e754-45bf-99f7-33668f479e66'",
    "method": "",
    "owner": "0d3efee5-e754-45bf-99f7-33668f479e66",
    "path": "",
    "remoteaddr": "",
    "shareid": "b19c52a9-4e2c-46d1-937e-974b109f287d:0d3efee5-e754-45bf-99f7-33668f479e66:26fe0dc0-0564-4b0b-b2a2-38f909fd8528",
    "sharetype": "user",
    "sharewith": "8890879c-7e4c-47a3-b2bd-9b36fcf79dcd",
    "time": "2024-08-05t06:13:50Z",
    "url": "",
    "user": "8890879c-7e4c-47a3-b2bd-9b36fcf79dcd",
    "useragent": ""
}

• Question: Why are $itemtype, $method, $remoteaddr, $url, $useragent, $path empty?
• what does itemtype, sharetype, mean?

{
    "action": "file_shared",
    "app": "admin_audit",
    "cli": false,
    "expirationdate": "",
    "fileid": "be3443aa-4de2-4712-8d89-1c235e9cd137",
    "itemtype": "",
    "level": 1,
    "message": "user '0d3efee5-e754-45bf-99f7-33668f479e66' shared file 'be3443aa-4de2-4712-8d89-1c235e9cd137' with '8890879c-7e4c-47a3-b2bd-9b36fcf79dcd'",
    "method": "",
    "owner": "0d3efee5-e754-45bf-99f7-33668f479e66",
    "path": "",
    "permissions": "",
    "remoteaddr": "",
    "shareid": "",
    "shareowner": "0d3efee5-e754-45bf-99f7-33668f479e66",
    "sharepass": false,
    "sharetoken": "",
    "sharetype": "user",
    "sharewith": "8890879c-7e4c-47a3-b2bd-9b36fcf79dcd",
    "time": "2024-08-05t06:13:50Z",
    "url": "",
    "user": "0d3efee5-e754-45bf-99f7-33668f479e66",
    "useragent": ""
}

• Question: Why are $expirationdate, $itemtype, $method, $remoteaddr, $url, $user, $useragent, $path, $permissions, $shareid, $sharetoken empty?
• what does itemtype, sharetype, mean?
• This should be a folder, not a file, right?

{ "remoteaddr":"", "user":"", "url":"", "method":"", "useragent":"", "time":"2024-08-05t06:13:10Z", "app":"admin_audit", "message":"user '6f8c1d8d-d865-4a5a-b6ae-bcf96b2d17e3' removed file '18a5da63-58d6-44a0-ab37-0c0313b1f636$4ae8543d-0062-4643-ab2b-5f265222497c!4ae8543d-0062-4643-ab2b-5f265222497c' from trashbin", "action":"file_trash_delete", "cli":false, "level":1, "path":"", "owner":"", "fileid":"18a5da63-58d6-44a0-ab37-0c0313b1f636$4ae8543d-0062-4643-ab2b-5f265222497c!4ae8543d-0062-4643-ab2b-5f265222497c" }

- JSON parser does not accept this input
- Question: Why are $method, $owner, $remoteaddr, $url, $user, $useragent, $path empty?

[dj4oC]

The more I go through all this, the more I ask myself: would that actually help me? and in what case? Use case 1: understanding user behavior: in that case I would love to have grafana counters instead of audit log files to be parsed. use case 2: cyber security forensic: understanding a suspicious behavior. in that case I would always need source IP and user agent filled. use case 3: understanding what happened to a file / folder: in that case I would always need some kind of clear text instead of file ids and folder ids next to the technical ids

[wkloucek]

Maybe related: https://github.com/owncloud/ocis/issues/7971

[dj4oC]

{
    "action": "space_shared",
    "app": "admin_audit",
    "cli": false,
    "granteegroupid": "",
    "granteeuserid": "4a370541-5e6e-4532-9c3a-2069072f2746",
    "level": 1,
    "message": "user '2d589cfe-6cd0-4aec-9268-3cc63d4fa7bf' shared the space '557875ba-e440-45e0-9788-edcd761a97b6' with 'user:4a370541-5e6e-4532-9c3a-2069072f2746' (storage: 'f8e95455-ceb1-4355-8457-a9cb798e6ea6')",
    "method": "",
    "remoteaddr": "",
    "spaceid": "f8e95455-ceb1-4355-8457-a9cb798e6ea6$557875ba-e440-45e0-9788-edcd761a97b6",
    "time": "",
    "url": "",
    "user": "",
    "useragent": ""
}

• Question: Why are $method, $remoteaddr, $url, $user, $useragent, $granteegroupid, $time empty?

{ "remoteaddr":"", "user":"", "url":"", "method":"", "useragent":"", "time":"2024-08-05t06:21:58Z", "app":"admin_audit", "message": "user '2d589cfe-6cd0-4aec-9268-3cc63d4fa7bf' updated space '557875ba-e440-45e0-9788-edcd761a97b6!557875ba-e440-45e0-9788-edcd761a97b6'. name: '$name', quota: '0', opaque: 'map[etag:\"2d79b76adadeccf6afe723e63d961a2c\" grants: grants_expirations: groups: image:557875ba-e440-45e0-9788-edcd761a97b6!2721707f-1c95-4133-81d4-389ad1895719 quota.remaining:5492442791936 quota.total:0 quota.used:6055728 readme:557875ba-e440-45e0-9788-edcd761a97b6!6cf23641-3827-46ad-83ff-f13c3602139a spacealias:$spacealias]' (storage: 'f8e95455-ceb1-4355-8457-a9cb798e6ea6')", "action":"space_updated", "cli":false, "level":1, "spaceid":"f8e95455-ceb1-4355-8457-a9cb798e6ea6$557875ba-e440-45e0-9788-edcd761a97b6!557875ba-e440-45e0-9788-edcd761a97b6", "name":"Lorem Ipsum", "opaque": {"etag":"\"2d79b76adadeccf6afe723e63d961a2c\"", "grants":"", "grants_expirations":"", "groups":"", "image":"557875ba-e440-45e0-9788-edcd761a97b6!2721707f-1c95-4133-81d4-389ad1895719", "quota.remaining":"5492442791936", "quota.total":"0", "quota.used":"6055728", "readme":"557875ba-e440-45e0-9788-edcd761a97b6!6cf23641-3827-46ad-83ff-f13c3602139a", "spacealias":"foo/baa"}, "quotamaxbytes":0 }

- JSON parser does not accept this input
- Question: Why are $method, $remoteaddr, $url, $user, $useragent, empty?

[dj4oC]

{
    "action": "space_unshared",
    "app": "admin_audit",
    "cli": false,
    "granteegroupid": "",
    "granteeuserid": "a596adc2-611b-4f5f-b0c8-90896c5fd855",
    "level": 1,
    "message": "user '24363869-4fb2-4f36-b106-d3ca05a9da14' unshared the space '49b4eb7b-967b-49d0-8dbb-be048c1800fe' with 'user:a596adc2-611b-4f5f-b0c8-90896c5fd855' (storage: 'c1e23045-8f04-408d-ab2b-3eb62a3b4a32')",
    "method": "",
    "remoteaddr": "",
    "spaceid": "c1e23045-8f04-408d-ab2b-3eb62a3b4a32$49b4eb7b-967b-49d0-8dbb-be048c1800fe",
    "time": "2024-08-05t07:18:54Z",
    "url": "",
    "user": "",
    "useragent": ""
}

• Question: Why are $method, $remoteaddr, $url, $user, $useragent, $granteegroupid empty?

[dj4oC]

is space_unshared == revoke space membership and space_shared == grant space membership or does it have a different meaning?

[dj4oC]

{
    "action": "",
    "app": "admin_audit",
    "cli": false,
    "fileid": "2026ca7b-ae8b-4eb0-bc6d-b3f9a81f67e0",
    "itemtype": "",
    "level": 1,
    "message": "",
    "method": "",
    "owner": "0d0d00d7-75f1-4383-bec3-176e864ee172",
    "path": "",
    "remoteaddr": "",
    "shareid": "8195b18e-a69c-5767-b4c5-c97078d5d3e1:0d0d00d7-75f1-4383-bec3-176e864ee172:512d69c1-5ddc-4756-aab4-e9047b744a25",
    "sharetype": "user",
    "sharewith": "f59379b3-d2fe-4380-ad6d-40316b05b639",
    "time": "2023-11-29t07:43:29Z",
    "url": "",
    "user": "f59379b3-d2fe-4380-ad6d-40316b05b639",
    "useragent": ""
}

• Question: Why are $method, $remoteaddr, $url, $useragent, $action, $itemtype, $message, $path, empty?
• What kind of action is this?

[micbar]

@dj4oC i would not dig deep into the reasoning why things are like they are, nobody knows.

The audit service had the requirement that all message bodies should look exactly like ownCloud10 to make use of the Splunk app in the Splunk app store. This requirement is now completely gone.

Time for a refactoring.

@tbsbdr should be scheduled according to the prio.

[dj4oC]

@dj4oC i would not dig deep into the reasoning why things are like they are, nobody knows.

The audit service had the requirement that all message bodies should look exactly like ownCloud10 to make use of the Splunk app in the Splunk app store. This requirement is now completely gone.

Time for a refactoring.

@tbsbdr should be scheduled according to the prio.

The Splunk Plugin is archived and not compatible anymore: https://splunkbase.com/app/5502/

If you are going to refactor it, I would appreciate if we add a grafana counter to each action

[dj4oC]

{
    "remoteaddr":"",
    "user":"942b0905-fe39-4a84-b3aa-ab962fd4a99f",
    "url":"",
    "method":"",
    "useragent":"",
    "time":"2024-08-01t16:30:37Z",
    "app":"admin_audit",
    "message":"user '942b0905-fe39-4a84-b3aa-ab962fd4a99f' updated field 'TYPE_PASSWORD' of public link 'MUnlxxxJvozPlqj'",
    "action":"share_password_updated",
    "cli":false,
    "level":1,
    "fileid":"61f68f0a-f10b-4a31-9f53-5fd5b90af90e",
    "owner":"942b0905-fe39-4a84-b3aa-ab962fd4a99f",
    "path":"",
    "shareid":"MUnlxxxJvozPlqj",
    "itemtype":"",
    "expirationdate":"",
    "sharepass":true,
    "permissions":"get_path:true get_quota:true initiate_file_download:true initiate_file_upload:true list_container:true list_recycle:true restore_recycle_item:true stat:true ",
    "sharetype":"link",
    "sharewith":"",
    "shareowner":"942b0905-fe39-4a84-b3aa-ab962fd4a99f",
    "sharetoken":"vOrJItxxxCDJExY"
  }

• Question: Why are $method, $remoteaddr, $url, $useragent, $action, $itemtype, $message, $path, $expirationdate, $sharewith empty?

[dj4oC]

  {
    "remoteaddr":"",
    "user":"942b0905-fe39-4a84-b3aa-ab962fd4a99f",
    "url":"",
    "method":"",
    "useragent":"",
    "time":"2024-08-01t16:30:37Z",
    "app":"admin_audit",
    "message":"user '942b0905-fe39-4a84-b3aa-ab962fd4a99f' updated field 'TYPE_PERMISSIONS' of public link 'MUnlxxxvozPlqj'",
    "action":"share_permission_updated",
    "cli":false,
    "level":1,
    "fileid":"61f68f0a-f10b-4a31-9f53-5fd5b90af90e",
    "owner":"942b0905-fe39-4a84-b3aa-ab962fd4a99f",
    "path":"",
    "shareid":"MUnlxxxvozPlqj",
    "itemtype":"",
    "expirationdate":"",
    "sharepass":true,
    "permissions":"get_path:true get_quota:true initiate_file_download:true initiate_file_upload:true list_container:true list_recycle:true restore_recycle_item:true stat:true ",
    "sharetype":"link",
    "sharewith":"",
    "shareowner":"942b0905-fe39-4a84-b3aa-ab962fd4a99f",
    "sharetoken":"vOrJItYXfCDJExY"
}

{
    "remoteaddr":"",
    "user":"5da1d769-3e9f-43a9-899d-763ec77ba908",
    "url":"",
    "method":"",
    "useragent":"",
    "time":"2024-08-05t08:07:00Z",
    "app":"admin_audit",
    "message":"user '5da1d769-3e9f-43a9-899d-763ec77ba908' created a public link to file '2ff8e897-b56e-4a68-8b2d-1ea361497684' with id 'yEyEkJnxxxcCiN'",
    "action":"file_shared",
    "cli":false,
    "level":1,"fileid":"2ff8e897-b56e-4a68-8b2d-1ea361497684",
    "owner":"5da1d769-3e9f-43a9-899d-763ec77ba908",
    "path":"",
    "shareid":"",
    "itemtype":"",
    "expirationdate":"",
    "sharepass":true,
    "permissions":"permissions:\u003ccreate_container:true get_path:true get_quota:true initiate_file_download:true initiate_file_upload:true list_container:true list_recycle:true stat:true \u003e ",
    "sharetype":"link",
    "sharewith":"",
    "shareowner":"5da1d769-3e9f-43a9-899d-763ec77ba908",
    "sharetoken":"uBjgCagptZbXofZ"
}

• sharetype can be and

{
    "action": "space_deleted",
    "app": "admin_audit",
    "cli": false,
    "level": 1,
    "message": "user '24363869-4fb2-4f36-b106-d3ca05a9da14' deleted the space '13b24c4f-b834-445e-b6db-eb7592b150f7' (storage: 'c1e23045-8f04-408d-ab2b-3eb62a3b4a32')",
    "method": "",
    "remoteaddr": "",
    "spaceid": "c1e23045-8f04-408d-ab2b-3eb62a3b4a32$13b24c4f-b834-445e-b6db-eb7592b150f7",
    "time": "2024-08-05t08:05:03Z",
    "url": "",
    "user": "",
    "useragent": ""
}

{
    "action": "space_disabled",
    "app": "admin_audit",
    "cli": false,
    "level": 1,
    "message": "user '24363869-4fb2-4f36-b106-d3ca05a9da14' disabled the space '13b24c4f-b834-445e-b6db-eb7592b150f7' (storage: 'c1e23045-8f04-408d-ab2b-3eb62a3b4a32')",
    "method": "",
    "remoteaddr": "",
    "spaceid": "c1e23045-8f04-408d-ab2b-3eb62a3b4a32$13b24c4f-b834-445e-b6db-eb7592b150f7",
    "time": "2024-08-05t08:04:41Z",
    "url": "",
    "user": "",
    "useragent": ""
}

[dj4oC]

{
    "remoteaddr":"",
    "user":"",
    "url":"",
    "method":"",
    "useragent":"",
    "time":"2024-08-05t08:29:42Z",
    "app":"admin_audit",
    "message":"user '3635a66d-518c-44fc-befe-e1d44367640b' renamed space '3591363c-68bd-4a72-894b-082a99c4d10f!3591363c-68bd-4a72-894b-082a99c4d10f' to '9b Physik' (storage: '25ede41b-527b-4b52-9bde-0966d2056206')",
    "action":"space_renamed",
    "cli":false,
    "level":1,
    "spaceid":"25ede41b-527b-4b52-9bde-0966d2056206$3591363c-68bd-4a72-894b-082a99c4d10f!3591363c-68bd-4a72-894b-082a99c4d10f",
    "newname":"9b Physik"
  }

• JSON formaer does not accept this input
• what was the old name of the space?
• Why are $remoteaddr, $user, $url, $method, $useragent empty?

[dj4oC]

{
    "action": "file_unshared",
    "app": "admin_audit",
    "cli": false,
    "fileid": "",
    "itemtype": "",
    "level": 1,
    "message": "share id:'8195b18e-a69c-5767-b4c5-c97078d5d3e1:2507ed59-d86c-4f2c-8f30-8eb2de3801f8:90547b66-92cc-4272-bf5c-3a62fb3ba5c8' uid:'' item-id:'' was removed",
    "method": "",
    "owner": "",
    "path": "",
    "remoteaddr": "",
    "shareid": "8195b18e-a69c-5767-b4c5-c97078d5d3e1:2507ed59-d86c-4f2c-8f30-8eb2de3801f8:90547b66-92cc-4272-bf5c-3a62fb3ba5c8",
    "sharetype": "",
    "sharewith": "",
    "time": "2024-08-05t08:54:00Z",
    "url": "",
    "user": "",
    "useragent": ""
  }

• why is $fileid, $itemtype, $method, $owner, $path, $remoteaddr, $sharetype, $sharewith, $url, $user, $useragent empty?
• why is uid:'' item-id:'' in the message tag empty?

[micbar]

Do you expect still answers for these questions? 😄 There are none...

[dj4oC]

{
  "remoteaddr": "",
  "user": "",
  "url": "",
  "method": "",
  "useragent": "",
  "time": "2024-08-05t12:05:32Z",
  "app": "admin_audit",
  "message": "user '69eea927-ae5f-41ba-8d0e-971830bcc7ab' (re-) enabled the space '48e447a5-982d-44c3-afcf-872f7273ef4c!48e447a5-982d-44c3-afcf-872f7273ef4c' (storage: '2061b89f-49c0-5d51-8d67-ed01c4c10527')",
  "action": "space_enabled",
  "cli": false,
  "level": 1,
  "spaceid": "2061b89f-49c0-5d51-8d67-ed01c4c10527$48e447a5-982d-44c3-afcf-872f7273ef4c!48e447a5-982d-44c3-afcf-872f7273ef4c"
}

[dragotin]

I dont think we should keep oC10 compatibility moving forward. If and which additions make sense needs to be investigated. @tbsbdr @micbar should we take that to the roadmap backlog?