2.5.3. Configuring Audit Logging

Audit logging can be configured to print authentication and authorization information for each thread and EJB call.

Important

Logging individual requests is a resource intensive activity. Test the impact this will have on your server and application performance before enabling this level of logging on a production server.

Procedure 2.2. Monitor Server Startup and Shutdown Events

Enable server startup and shutdown events by making the recommended changes to JBOSS_HOME/server/production/conf/jboss-log4j.xml
  1. Uncomment Security Audit Appender

    Uncomment the following block.
    <!-- Security AUDIT Appender --> 
    <appender name="AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender"> 
      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
      <param name="File" value="${jboss.server.log.dir}/audit.log"/> 
      <param name="Append" value="true"/> 
      <param name="DatePattern" value="'.'yyyy-MM-dd"/> 
      <layout class="org.apache.log4j.PatternLayout"> 
        <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x) %m%n"/> 
      </layout> 
    </appender>
  2. Uncomment Security Audit Provider

    Uncomment the following block:
    <!-- Category specifically for Security Audit Provider -->
    <category name="org.jboss.security.audit.providers.LogAuditProvider" additivity="false">
      <priority value="TRACE"/>
      <appender-ref ref="AUDIT"/>
    </category>
  3. Configure SecurityInterceptor logging level

    Set the logging level of the SecurityInterceptor class to TRACE by adding the <priority> element to the root <category> element.
    <category name="org.jboss.ejb.plugins.SecurityInterceptor">
      <priority value="TRACE" />
      <appender-ref ref="AUDIT" />
    </category>
  4. Enable logging for ServerImpl log messages

    Set the priority and appender-ref levels for the Microcontainer bootstrap by adding the <category> block as specified.
    <category name="org.jboss.bootstrap.microcontainer">
      <priority value="INFO"/>
      <appender-ref ref="AUDIT"/> 
    </category>
  5. Enable logging for web-based requests

    If you need additional logging for web-based requests, uncomment the AccessLogValve in JBOSS_HOME/server/production/deploy/jbossweb.sar/server.xml.
    <Valve className="org.apache.catalina.valves.AccessLogValve"
      prefix="localhost_access_log." suffix=".log"
      pattern="common" directory="${jboss.server.home.dir}/log"
      resolveHosts="false" />
    
    The access log is saved in the log directory of the server configuration.
  6. Update ConversionPattern

    Update the ConversionPattern parameter in the appender/layout element to show thread information by replacing the Default Pattern with the Full Pattern:
    <!--The full pattern: Date MS Priority [Category] (Thread:NDC) Message -->
    <param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>