A.3. Management Interface Audit Logging Reference

Logger Attributes Reference

In addition to enabling or disabling management interface audit logging, the following logger configuration attributes are available.

log-boot
If set to true, management operations when booting the server are included in the audit log, false otherwise. Default: true.
log-read-only
If set to true, all operations will be audit logged. If set to false only operations that change the model will be logged. Default: false.
Log Formatter Attributes Reference

The formatter specifies the format of the log entries. Only one formatter is available, which outputs log entries in JSON format.

Example A.1.  Include the timestamp in the log records

/core-service=management/access=audit/json-formatter=json-formatter:write-attribute(name=include-date,value=true)

Log Formatter Attributes

include-date
A boolean value which defines whether or not the timestamp is included in the formatted log records. Default: true.
date-separator
A string containing characters to be used to separate the date and the rest of the formatted log message. This is ignored if include-date=false. Default:  –  (This is a space, followed by a hyphen, then a space).
date-format
The date format to use for the timestamp as understood by java.text.SimpleDateFormat. Ignored if include-date=false. Default: yyyy-MM-dd HH:mm:ss.
compact
If true it will format the JSON on one line. There may still be values containing new lines, so if having the whole record on one line is important, set escape-new-line or escape-control-characters to true. Default: false.
escape-control-characters
If true it will escape all control characters (ASCII entries with a decimal value < 32) with the ASCII code in octal; for example, a new line becomes #012. If this is true, it will override escape-new-line=false. Default: false.
escape-new-line
If true it will escape all new lines with the ASCII code in octal; for example #012. Default: false.
Management Interface Audit Log File Handler Attributes Reference

A file handler specifies the parameters by which audit log records are output to a file. Specifically it defines the formatter, file name and path for the file.

File Handler Attributes

formatter
The name of a JSON formatter to use to format the log records. Default: json-formatter.
path
The path of the audit log file. Default: audit-log.log.
relative-to
The name of another previously named path, or of one of the standard paths provided by the system. If relative-to is provided, the value of the path attribute is treated as relative to the path specified by this attribute. Default: jboss.server.data.dir.
failure-count
The number of logging failures since the handler was initialized. Default: 0.
max-failure-count
The maximum number of logging failures before disabling this handler. Default: 10.
disabled-due-to-failure
Takes the value true if this handler was disabled due to logging failures. Default: false.
Management Interface Syslog Handler Attributes Reference

A syslog handler specifies the parameters by which audit log entries are sent to a syslog server, specifically the syslog server's hostname and the port on which the syslog server is listening.

Sending audit logging to a syslog server provides more security options than logging to a local file or local syslog server. Multiple syslog handlers can be defined and be active at the same time.
Syslog servers vary in their implementation, so not all settings are applicable to all syslog servers. Testing has been conducted using the rsyslog syslog implementation.
The Syslog Handler Attributes lists only the high-level attributes. Each attribute has configuration parameters, and some have child configuration parameters. To detail of a syslog handler's attributes, run the following command.
/core-service=management/access=audit/syslog-handler=mysyslog:read-resource-description(recursive=true)

Syslog Handler Attributes

app-name
The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product.
disabled-due-to-failure
Takes the value true if this handler was disabled due to logging failures. Default: false.
facility
The facility to use for syslog logging as defined in section 6.2.1 of RFC-5424, and section 4.1.1 of RFC-3164.
failure-count
The number of logging failures since the handler was initialized. Default: 0.
formatter
The name of the formatter to use to format the log records. Default: json-formatter.
max-failure-count
The maximum number of logging failures before disabling this handler. Default: 10.
max-length
The maximum length of a log message (in bytes), including the header. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164, or 2048 bytes if the syslog-format is RFC5424.
protocol
The protocol to use for the syslog handler. Must be one and only one of udp, tcp or tls.
reconnect-timeout
Available from JBoss EAP 6.4. The number of seconds to wait before attempting to reconnect to the syslog server, in the event connectivity is lost. Default: -1 (Disabled).
syslog-format
Syslog format: RFC-5424 or RFC-3164. Default: RFC-5424.
truncate
Whether or not a message, including the header, should be truncated if the length in bytes is greater than the value of the max-length attribute. If set to false messages will be split and sent with the same header values. Default: false.