Show Table of Contents
5.4.3. Enable Audit Logging
To enable audit logging to record authentication and authorization information for every thread and EJB call, start the CLI management console and follow this procedure.
Note
Logging individual requests is a resource intensive activity. Test the impact this will have on your server and application performance before enabling this level of logging on a production server.
Procedure 5.4. Enable Audit Logging
- Create a periodic rotating file handler named
AUDIT. The format of log file must be defined with this format to be common criteria compliant./subsystem=logging/periodic-rotating-file-handler=AUDIT/:add(suffix=.yyyy-MM-dd,formatter=%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n,level=TRACE,file={"relative-to" => "jboss.server.log.dir","path" => "audit.log"}) - Create a logger category for the JBoss EAP logging subsystem.
/subsystem=logging/logger=org.jboss.security.audit/:add(level=TRACE,category=org.jboss.security.audit,handlers=["AUDIT"])
- Enable audit logging in each application by using the
jboss-web.xmldescriptor located in theWEB-INFdirectory, setting the tagdisable-audittofalse.<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>security_domain_for_the_app</security-domain> <disable-audit>false</disable-audit> </jboss-web>
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.