audit.filter.alfresco-access.default.enabled=true audit.filter.alfresco-access.default.user=~System;.* audit.filter.alfresco-access.default.type=cm:folder;cm:content audit.filter.alfresco-access.default.path=/app:company_home/.* audit.filter.alfresco-access.transaction.user= audit.filter.alfresco-access.login.user=jblogs ...
In the above example, events created by any user except for the internal user "System" will be recorded by default for all event actions. However the property for the transaction event action overrides this to record even "System" events.
For any filters to be applied to an event action, that action's filters must be enabled with an "enabled" property set to "true". However this may also be done by using the default event action, as shown above. Property names have a "audit.filter." prefix and use '.' as a separator where as components of rootPath and keys in the audit map use '/'.
Lists are evaluated from left to right allowing one flexibility to accept or reject different combinations of values. If no match is made by the end of the list the value is rejected. If there is not a property for a given value or an empty list is defined (as above for the "user" value on a "transaction" action) any value is accepted. Each regular expression in the list is separated by a semicolon (';'). Expressions that include a semicolon may be escaped using a '\'. An expression that starts with a '~' indicates that any matching value should be rejected. If the first character of an expression needs to be a '~', it too may be escaped with a '\'.
A property value may be a reference to another property, which saves having multiple copies of the same regular expression. This is indicated by a '$' as the first character of the property value. If the first character of an expression needs to be a '$' it too may be escaped with a '\'.