[jboss-jira] [JBoss JIRA] (WFCORE-1647) Default app-name value of Syslog handler in Audit Logging violates specification
Jan Tymel (JIRA)
issues at jboss.org
Tue Jul 12 04:55:01 EDT 2016
[ https://issues.jboss.org/browse/WFCORE-1647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Tymel updated WFCORE-1647:
------------------------------
Steps to Reproduce:
1. Configure Audit Logging to log into (local) rsyslog and start server
{code}
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
<syslog-handler name="syslog-handler" formatter="json-formatter">
<udp host="127.0.0.1" port="514"/>
</syslog-handler>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="true">
<handlers>
<handler name="file"/>
<handler name="syslog-handler"/>
</handlers>
</logger>
</audit-log>
{code}
2. Look into /var/log/messages file
Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets {{[, ]}} used in {{grep}} command should be always preceded by a backslash
{{sudo grep "WildFly\[Core\]" /var/log/messages}} - there should be a few occurrences
{{sudo grep "WildFlyCore\[" /var/log/messages}} - there should be no occurences
3. Stop server, change configuration to use {{app-name}} without space character and start it again
{code}
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
<syslog-handler name="syslog-handler" formatter="json-formatter" app-name="WildFlyCore">
<udp host="127.0.0.1" port="514"/>
</syslog-handler>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="true">
<handlers>
<handler name="file"/>
<handler name="syslog-handler"/>
</handlers>
</logger>
</audit-log>
{code}
4. Look into /var/log/messages file again
Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket {{[}} used in {{grep}} command should be always preceded by a backslash
{{sudo grep "WildFlyCore\[" /var/log/messages}} - there should be a few occurrences (that contains PID) now
was:
1. Configure Audit Logging to log into (local) rsyslog and start server
{code}
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
<syslog-handler name="syslog-handler" formatter="json-formatter">
<udp host="127.0.0.1" port="514"/>
</syslog-handler>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="true">
<handlers>
<handler name="file"/>
<handler name="syslog-handler"/>
</handlers>
</logger>
</audit-log>
{code}
2. Look into /var/log/messages file
Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets {{[, ]}} used in {{grep}} command should be always preceded by a backslash
{{sudo grep "WildFly\[Core\]" /var/log/messages}} - there should be a few occurrences
{{sudo grep "WildFlyCore\[" /var/log/messages}} - there should be no occurences
3. Stop server, change configuration to use {{app-name}} without space character and start it again
{code}
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
<syslog-handler name="syslog-handler" formatter="json-formatter" app-name="WildFlyCore">
<udp host="127.0.0.1" port="514"/>
</syslog-handler>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="true">
<handlers>
<handler name="file"/>
<handler name="syslog-handler"/>
</handlers>
</logger>
</audit-log>
{code}
4. Look into /var/log/messages file again
Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket {{[}} used in {{grep}} command should be always preceded by a backslash
{{sudo grep "JBossEAP\[" /var/log/messages}} - there should be a few occurrences (that contains PID) now
> Default app-name value of Syslog handler in Audit Logging violates specification
> --------------------------------------------------------------------------------
>
> Key: WFCORE-1647
> URL: https://issues.jboss.org/browse/WFCORE-1647
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 3.0.0.Alpha3
> Reporter: Jan Tymel
> Assignee: Brian Stansberry
>
> According to syslog specification[1] {{app-name}} cannot contain space character (" "). However, the default value in EAP 7 is {{WildFly Core}}. This results in the syslog server is not able to capture Process ID from which the message was sent.
> E.g. following piece of information is captured {{WildFly[Core] (...)}} instead of {{WildFlyCore[795]}}
> Suggestions for improvement:
> Change default value {{WildFly Core}} to one without space character.
> Also please consider addition of check whether {{app-name}} contains space character.
> [1] https://tools.ietf.org/html/rfc5424#page-8
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list