Fundraising/Data and flow/Audits

From Wikitech


This documents the workflow to process audit files from payment processors and import missing messages into CiviCRM.

For all payment processors, except PayPal, the parse-audit drush command processes the audit files. The code in the drupal module handles reading the list of files from the directory, searching for existing transactions in the database, and finding missing information in the payments-wiki logs (mounted at /srv/archive/frlog/logs) for each transaction that isn't in the database. The code to parse the individual files to an array of normalized transactions lives under the SmashPig codebase, in classes that implement the AuditParser interface.

Audit files are located on civi1001 in /var/spool/audit/[payment-processor] and divided into two directories: incoming and completed.

Schedule and Files


Runs every night at 20:17 UTC

payments_account_report - nightly file, has the previous days transactions

settlement_detail_report_batch - weekly file every Friday, has the previous weeks transactions


Runs every night at 00:23 UTC

settlement_data - weekly file on Tuesday

refund_data - only if there are refunds, not always present, weekly file on Tuesday


Runs every night at 00:00 UTC

settlement_batch_report - nightly file, has previous days transactions

settlement_batch_report_dispute - nightly file, has previous days disputes

settlement_batch_report_refund - nightly file, has previous days refunds


Runs every night at 00:20 UTC

files - nightly


Runs at 01:00 UTC on every day-of-week from Tuesday through Sunday.

wikimedia_report - nightly file, has previous days transactions


Runs nightly at 17:35 UTC

TRR - nightly (what is this

STL - nightly (what is this)

WIkimedia - nightly file, has previous days transactions


Runs nightly at 01:00 UTC

Including new donations, new recurring, recurring cancellations, and refunds.

Payment Processor Specific Information


Fundraising/Data and flow/PSP integrations/Adyen Checkout#Audits


Instead of an SFTP download, we have to call methods on the Amazon Pay SDK to get our reports. This is kicked off with the DownloadReports php script in SmashPig.

Dlocal (formerly Astropay)

Fundraising/Data and flow/PSP integrations/dLocal#Audits


Using graphQL run and consume the report nightly


Process control jobs

fundraise-up_audit.yaml - Runs at 1AM UTC daily. Calls fundraise-up_audit_download and then fundraise-up_audit_parse.

fundraise-up_audit_download - Downloads fundraiseup export files from the Fundraiseup SFTP server. This files contains the new donations, new recurrings, cancelled recurring, and refunded transactions from Fundraiseup.

fundraise-up_audit_parse - Imports the transactions from the exported files. Calls drush @wmff -vv parse-audit fundraiseup


Process control jobs

ingenico_audit.yaml - Runs at 1AM Tuesday-Sunday (Cleanup job runs at 1AM Monday) Calls ingenico_audit_download and then ingenico_wx_audit_parse

ingenico_audit_download - Downloads wx* and other files from the GlobalCollect server.

ingenico_wx_audit_parse - Calls drush @wmff -vv parse-audit ingenico --run_all

Transactions from the new API come in the same file as transactions from the old API (see below), but these transactions can be identified because they have the tag EmailTypeIndicator.



The files are located in /var/spool/audit/globalcollect/incoming. While there are multiple files in this directory, the ones we parse begin with wx1 and are in a xml.gz format.

We pay attention to records classified with these codes (Recordcategory + recordtype):

  • XON - Credit card item that has been processed, but not settled.
  • +IP - Settled "Invoice Payment". Could be invoice, bt, rtbt, check, prepaid card, ew, cash
  • -CB - Credit card chargeback
  • -CR - Refund on collected credit card payment
  • XCR - Any old refund
  • +AP - Direct Debit collected

The parser code is here:


PayPal uses a python script deployed in the fundraising tools repository:

We currently use PayPal's Express Checkout integration, and classify those donations using gateway value 'paypal_ec'. However, we still have some legacy recurring donations from the old integration, and those are classified with gateway value 'paypal'.


check audit parse log from frlog1002, located at /srv/archive/civi/process-control/<yyyymmdd>/<paymentMethod>_audit_parse-<yyyymmdd>-xxxxxx.log.civi1001.bz2

Result print example as:

Done! Final stats:

Total number of donations in audit file: xxx

Number missing from database: xxx

Missing transactions found in logs: xxx

Missing transactions not found in logs: xxx

Missing transaction summary:

Regular donations: 2

Returned from hook drush_wmf_audit_parse_audit [1.13 sec, 36.01 MB] [debug]

		xxxxxxxx: 1
		xxxxxxxx: 1

Refunds and chargebacks: 0

Recurring donations: 0

Command dispatch complete [1.13 sec, 35.92 MB] [notice]

Transaction IDs:

		xxx xxxxxxxxxx
		xxx xxxxxxxxxx

Initial stats on recon files: Array


	    [/var/spool/audit/xxx/incoming/xxx] => 0
	    [/var/spool/audit/xxx/incoming/xxx] => 0
	    [/var/spool/audit/xxx/incoming/xxx] => 2


File Wrangling

Sometimes the audit processor can't resolve all the transactions in a file, even after trying for several days. This can lead to a build-up of files in the incoming directory and to subsequent processor runs getting longer and longer till finally they start timing out. The solution is to 'manually' move the older files from the incoming to the completed directory. Since our personal accounts don't have permissions to move the files, we do this with a one-off process-control job such as ingenico_move_audit_files. Since process control runs each command as a separate process under python, we need to wrap any file globs that we want expanded with 'sh -c', for example:

sh -c "mv /srv/archive/civi1001/audit/globalcollect/incoming//wx1*202010[01][0-5]*xml* /var/spool/audit/globalcollect/"

Adding a New Payment Processor

Once the new processor code has been added

1. Enable the Module

2. Add the folders

This is done via puppet by adding the processor name to the $audit_processors array in modules/civicrm/manifests/audit.pp. Additionally, some files (YAML usually) may be needed for the audit configuration. Those vary by processor but are stored in the same audit.pp manifest.


Initial Setup

The directories are set up in the drupal module here:



Run the audit parser:

drush parse-audit ingenico

Run with just one specific file:

drush @wmff parse-audit dlocal --file=test.csv


If a refund is successful it will put a message on the refund queue:

drush --user=1 -v -r /srv/civi-sites/wmff/drupal rfdqc