Auditing user file access
Helix Server
is capable of logging individual file accesses to an audit logfile.
Auditing is disabled by default, and is only enabled if
P4AUDIT
is set to point to the location of the audit log
file, or the server is started with the -A
auditlog
flag (see General options in Helix Core Server (p4d) Reference).
When auditing is enabled, the server adds a line to the audit log file every time file content is transferred from the server to the client. On an active server, the audit log file will grow very quickly.
Lines in the audit log appear in the form:
date time user@client clientIP command file#rev
For example:
$ tail -2 auditlog
2020/05/09 09:52:45 karl@nail 192.168.0.12 diff //depot/src/x.c#1
2020/05/09 09:54:13 jim@stone 127.0.0.1 sync //depot/inc/file.h#1
If a command is run on the machine that runs the
Helix Server, the
clientIP
is shown as 127.0.0.1
.
If you are auditing server activity in a replicated environment, each of
your build farm or forwarding replica servers must have its own
P4AUDIT
log set.