Currently only after all data is gathered, AuditLoggingManager is called. It should be possible to instrument all the aspects of logging even obtaining user name as in some situations (startup, installation) such data might not be available and attempt to obtain them causes chain of failures (nice example is recent update of node types in user workspace ... can't really read user names while manipulating the nodes representing users themselves).