you can search for the most frequent audit actions

webui/config.php

@@ -262,6 +262,17 @@ define('ACTION_UNAUTHORIZED_REMOVE_MESSAGE', 14);
 define('ACTION_DOWNLOAD_ATTACHMENT', 15);
 define('ACTION_UNAUTHORIZED_DOWNLOAD_ATTACHMENT', 16);
 
+$actions = array(
+                  'unknown' => 1,
+                  'login' => 2,
+                  'loginfailed' => 3,
+                  'logout' => 4,
+                  'view' => 5,
+                  'restore' => 8,
+                  'download' => 9,
+                  'search' => 10
+                );
+
 
 $counters = array(MEMCACHED_PREFIX . 'rcvd', MEMCACHED_PREFIX . 'virus', MEMCACHED_PREFIX . 'duplicate', MEMCACHED_PREFIX . 'ignore', MEMCACHED_PREFIX . 'counters_last_update');
 

webui/controller/audit/helper.php

@@ -84,6 +84,7 @@ class ControllerAuditHelper extends Controller {
 
    private function fixup_request($data = array()) {
       $ndate = 0;
+      global $actions;
 
       if(!isset($data['search'])) { return; }
 
@@ -95,6 +96,7 @@ class ControllerAuditHelper extends Controller {
       while(list($k, $v) = each($b)) {
          if($v == '') { continue; }
 
+         if(preg_match("/(login|loginfailed|logout|view|download|search|restore)$/", $v) && isset($actions[$v])) { $this->a['action'] .= '*' . $actions[$v]; }
          if(preg_match("/\@/", $v)) { $this->a['user'] .= '*' . $v; }
          if(preg_match("/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/", $v)) { $this->a['ipaddr'] .= '*' . $v; }
          if(preg_match("/^\d{1,}$/", $v)) { $this->a['ref'] .= '*' . $v; }
@@ -108,6 +110,7 @@ class ControllerAuditHelper extends Controller {
       $this->a['user'] = preg_replace("/^\*/", "", $this->a['user']);
       $this->a['ipaddr'] = preg_replace("/^\*/", "", $this->a['ipaddr']);
       $this->a['ref'] = preg_replace("/^\*/", "", $this->a['ref']);
+      $this->a['action'] = preg_replace("/^\*/", "", $this->a['action']);
 
       //if(isset($data['action'])) { $arr['action'] = $data['action']; }