powered by Jive Software

Audit log issues

I am starting work archiving audit log files generated by openfire into our product, and I have found a number of issues.

The version we are using is:

version: 3.3.2

released: 06/22/2007

on winXP, and my questions are:

  1. is it possible to know what files were transferred? I cannot see in the logs any trace of transferred files.

  2. characters like á, é are not encoded properly, ‘‘tildé’’ appears as

‘‘tildé’’. I dont know if this is related to


  1. I understand that messages are linked to a conversation by their

element right? In a number of cases I found that in a

conversation, one participants messages had a thread id, and the

responses from the other participant had a different thread id. Is

that possible under some circunstances? Is it described somewhere the

algorithm used to group conversations?

  1. Many of the packets appear twice in hte logs (I use the message.id

to ignore duplicates, so this is a minor annoyance), is that intended?

thanks in advance


Hi Javier,

  1. Many of the packets appear twice in the logs

Right, the incoming and the outgoing packets should be logged, that’‘s the idea behind it. If you are using the Content Filter Plugin you’'ll see that this does not work as expected, packets are processed by the Content Filter before the incoming packet is logged.

  1. characters like á, é are not encoded properly

Which program are you using to display the log files? They should be UTF-8 encoded without a BOM-Header, browsers should display them fine.

  1. is it possible to know what files were transferred?

i don’'t think so. The file transfer will be initiated using XMPP packets and these will be logged. One may get some information out of these packets.

@3. - no idea


I also found something odd. The conversation log is fine when is from an Openfire user to another Openfire user, but when an Openfire user receives an answer from an external user (MSN, for instance), it just logs what the Openfire user typed but not the answer from the external user.

Any ideas… please…