Auditing user file access

P4 Server is capable of logging individual file accesses to an audit log P4 Server supports the standard log, which is human-readable, as well as structured logs in a comma-separated value (CSV) format. The P4LOG environment variable specifies the log file for events, including errors. The human-readable P4AUDIT environment variable specifies the log file that records file transfers to users. Structured log files are typically processed by external tools. To learn more, see 'Logging" in P4 Server Administration Documentation. file. Auditing is disabled by default, and is only enabled if P4AUDIT is set to point to the location of the audit log file, or the server is started with the -A auditlog option (see General options in P4 Server (p4d) reference).

If you are auditing server activity in a replicated environment, each of your build farm or forwarding replica servers must have its own P4AUDIT log set.

If P4AUDIT is configured on any active server, the audit log file becomes large very quickly because it grows each time any user gets file content. Make a plan to manage the disk space. Include in your plan any retention policies for storing historical copies of the audit log files.

Lines in the audit log appear in the form:

date time user@client clientIP command file#rev

For example:

tail -2 auditlog
2023/05/09 09:52:45 maria@nail 192.168.0.12 diff //depot/src/x.c#1
2023/05/09 09:54:13 anna@stone 127.0.0.1 sync //depot/inc/file.h#1

If a command is run on the machine that runs the P4 Server, the clientIP is shown as 127.0.0.1.