<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
JBoss AS7 Security Auditing
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/anil.saldhana">Anil Saldhana</a> in <i>PicketBox Development</i> - <a href="http://community.jboss.org/docs/DOC-17277">View the full document</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p><strong>WARN</strong>:  This article is work in progress. Please do not complain until this WARN exists. <span> :) </span></p><h2></h2><h2>Configure the Domain Model Logging Subsystem</h2><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><subsystem xmlns="urn:jboss:domain:logging:1.1"></span>
            <span class="jive-xml-tag"><console-handler name="CONSOLE" autoflush="true"></span>
                <span class="jive-xml-tag"><level name="INFO"/></span>
                <span class="jive-xml-tag"><formatter></span>
                    <span class="jive-xml-tag"><pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/></span>
                <span class="jive-xml-tag"></formatter></span>
            <span class="jive-xml-tag"></console-handler></span>
            <span class="jive-xml-tag"><periodic-rotating-file-handler name="FILE" autoflush="true"></span>
                <span class="jive-xml-tag"><level name="INFO"/></span>
                <span class="jive-xml-tag"><formatter></span>
                    <span class="jive-xml-tag"><pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/></span>
                <span class="jive-xml-tag"></formatter></span>
                <span class="jive-xml-tag"><file relative-to="jboss.server.log.dir" path="server.log"/></span>
                <span class="jive-xml-tag"><suffix value=".yyyy-MM-dd"/></span>
                <span class="jive-xml-tag"><append value="true"/></span>
            <span class="jive-xml-tag"></periodic-rotating-file-handler></span>
            <span class="jive-xml-tag"><periodic-rotating-file-handler name="AUDIT" autoflush="true"></span>
                <span class="jive-xml-tag"><level name="TRACE"/></span>
                <span class="jive-xml-tag"><formatter></span>
                    <span class="jive-xml-tag"><pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/></span>
                <span class="jive-xml-tag"></formatter></span>
                <span class="jive-xml-tag"><file relative-to="jboss.server.log.dir" path="audit.log"/></span>
                <span class="jive-xml-tag"><suffix value=".yyyy-MM-dd"/></span>
                <span class="jive-xml-tag"><append value="true"/></span>
            <span class="jive-xml-tag"></periodic-rotating-file-handler></span>
            <span class="jive-xml-tag"><logger category="com.arjuna"></span>
                <span class="jive-xml-tag"><level name="WARN"/></span>
            <span class="jive-xml-tag"></logger></span>
            <span class="jive-xml-tag"><logger category="org.apache.tomcat.util.modeler"></span>
                <span class="jive-xml-tag"><level name="WARN"/></span>
            <span class="jive-xml-tag"></logger></span>
            <span class="jive-xml-tag"><logger category="sun.rmi"></span>
                <span class="jive-xml-tag"><level name="WARN"/></span>
            <span class="jive-xml-tag"></logger></span>
           
           <span class="jive-xml-tag"><logger category="org.jboss.security.audit.providers.LogAuditProvider"></span>
                <span class="jive-xml-tag"><level name="TRACE"/></span>
                <span class="jive-xml-tag"><handlers></span>
                    <span class="jive-xml-tag"><handler name="AUDIT"/></span>
                <span class="jive-xml-tag"></handlers></span>
            <span class="jive-xml-tag"></logger></span>
            <span class="jive-xml-tag"><root-logger></span>
                <span class="jive-xml-tag"><level name="INFO"/></span>
                <span class="jive-xml-tag"><handlers></span>
                    <span class="jive-xml-tag"><handler name="CONSOLE"/></span>
                    <span class="jive-xml-tag"><handler name="FILE"/></span>
                <span class="jive-xml-tag"></handlers></span>
            <span class="jive-xml-tag"></root-logger></span>
        <span class="jive-xml-tag"></subsystem></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The key changes to the logging subsystem are:</p><ul><li style="text-align: start;">A new logger category for "org.jboss.security.audit.providers.LogAuditProvider"  is defined.</li><li style="text-align: start;">A periodic rotating file handler called "AUDIT" is defined.</li></ul><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Web Applications</h2><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>By default, the web container will send security events during authentication/authorization to the PicketBox audit framework. The audit framework has controls to check whether the audit in logging settings has been enabled. If auditing settings are enabled, then audit log is written.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>To disable auditing in your web applications, please configure your jboss-web.xml for your web archive. This is TBD.</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Comment by <a href="http://community.jboss.org/docs/DOC-17277">going to Community</a></p>
<p style="margin: 0;">Create a new document in PicketBox Development at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2088">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>