<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Audit Logging Design Notes
</h3>
<span style="margin-bottom: 10px;">
new comment by <a href="https://community.jboss.org/people/kabirkhan">Kabir Khan</a> <a href="https://community.jboss.org/docs/DOC-18812#comment-12117">View all comments on this document</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>The IP and interface are captured. The output in the simple file appender is:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><blockquote class="jive-quote"><p>2013-05-17 13:13:02 - {</p><p>    "type" : "core",</p><p>    "r/o" : true,</p><p>    "booting" : false,</p><p>    "user" : "$local",</p><p>    "domainUUID" : null,</p><p>    "access" : "NATIVE",</p><p>    "remote-address" : "127.0.0.1/127.0.0.1",</p><p>    "success" : true,</p><p>    "ops" : [{</p><p>        "address" : [{</p><p>            "system-property" : "test"</p><p>        }],</p><p>        "operation" : "read-operation-description",</p><p>        "name" : "add",</p><p>        "operation-headers" : {"caller-type" : "user"}</p><p>    }]</p><p>}</p><p>2013-05-17 13:13:02 - {</p><p>    "type" : "core",</p><p>    "r/o" : true,</p><p>    "booting" : false,</p><p>    "user" : "$local",</p><p>    "domainUUID" : null,</p><p>    "access" : "NATIVE",</p><p>    "remote-address" : "127.0.0.1/127.0.0.1",</p><p>    "success" : true,</p><p>    "ops" : [{</p><p>        "address" : [{</p><p>            "system-property" : "test"</p><p>        }],</p><p>        "operation" : "add",</p><p>        "value" : "hello",</p><p>        "operation-headers" : {"caller-type" : "user"}</p><p>    }]</p><p>}</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p>
                    </blockquote><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The sample output in syslog is</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><blockquote class="jive-quote"><p>17/05/2013 13:18:50.000 2013-05-17T13: 18:50.107+01:00 Kabirs-MacBook-Pro.local WildFly 4225 - - 2013-05-17 13:18:50 - {</p><p>    "type" : "core",</p><p>    "r/o" : true,</p><p>    "booting" : false,</p><p>    "user" : "$local",</p><p>    "domainUUID" : null,</p><p>    "access" : "NATIVE",</p><p>    "remote-address" : "127.0.0.1/127.0.0.1",</p><p>    "success" : true,</p><p>    "ops" : [{</p><p>        "address" : [{</p><p>            "system-property" : "test"</p><p>        }],</p><p>        "operation" : "remove",</p><p>        "operation-headers" : {"caller-type" : "user"}</p><p>    }]</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p>
                    </blockquote><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>For future releases I plan to support custom formatters, to allow you to choose the output format, and the formatter will be what provides things like tamper detection mechanisms (hashing, signing, encryption etc). For now I settled on a JSON formatter, but can change that to something different if desired. I like that it gives more structure than tabs etc. and the operations coded as model nodes map nicely to that. Also syslog does not like byte[] formatted data, it seems to have to be strings.</p></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>