[jboss-dev-forums] [JBoss AS 7 Development] - Audit Logging Design Notes

Kabir Khan do-not-reply at jboss.com
Fri May 17 08:22:18 EDT 2013 

Kabir Khan [https://community.jboss.org/people/kabirkhan] commented on the document

"Audit Logging Design Notes"

To view all comments on this document, visit: https://community.jboss.org/docs/DOC-18812#comment-12117

--------------------------------------------------
The IP and interface are captured. The output in the simple file appender is:


> 2013-05-17 13:13:02 - {
>     "type" : "core",
>     "r/o" : true,
>     "booting" : false,
>     "user" : "$local",
>     "domainUUID" : null,
>     "access" : "NATIVE",
>     "remote-address" : "127.0.0.1/127.0.0.1",
>     "success" : true,
>     "ops" : [{
>         "address" : [{
>             "system-property" : "test"
>         }],
>         "operation" : "read-operation-description",
>         "name" : "add",
>         "operation-headers" : {"caller-type" : "user"}
>     }]
> }
> 2013-05-17 13:13:02 - {
>     "type" : "core",
>     "r/o" : true,
>     "booting" : false,
>     "user" : "$local",
>     "domainUUID" : null,
>     "access" : "NATIVE",
>     "remote-address" : "127.0.0.1/127.0.0.1",
>     "success" : true,
>     "ops" : [{
>         "address" : [{
>             "system-property" : "test"
>         }],
>         "operation" : "add",
>         "value" : "hello",
>         "operation-headers" : {"caller-type" : "user"}
>     }]
> }
> 
> 

The sample output in syslog is

> 17/05/2013 13:18:50.000 2013-05-17T13: 18:50.107+01:00 Kabirs-MacBook-Pro.local WildFly 4225 - - 2013-05-17 13:18:50 - {
>     "type" : "core",
>     "r/o" : true,
>     "booting" : false,
>     "user" : "$local",
>     "domainUUID" : null,
>     "access" : "NATIVE",
>     "remote-address" : "127.0.0.1/127.0.0.1",
>     "success" : true,
>     "ops" : [{
>         "address" : [{
>             "system-property" : "test"
>         }],
>         "operation" : "remove",
>         "operation-headers" : {"caller-type" : "user"}
>     }]
> 
> 

For future releases I plan to support custom formatters, to allow you to choose the output format, and the formatter will be what provides things like tamper detection mechanisms (hashing, signing, encryption etc). For now I settled on a JSON formatter, but can change that to something different if desired. I like that it gives more structure than tabs etc. and the operations coded as model nodes map nicely to that. Also syslog does not like byte[] formatted data, it seems to have to be strings.
--------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130517/581d85e0/attachment.html

More information about the jboss-dev-forums mailing list