Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

2.5.3. Configuring Audit Logging

Audit logging can be configured to print authentication and authorization information for each thread and EJB call.

Important

Logging individual requests is a resource intensive activity. Test the impact this will have on your server and application performance before enabling this level of logging on a production server.

Procedure 2.2. Monitor Server Startup and Shutdown Events

Enable server startup and shutdown events by making the recommended changes to JBOSS_HOME/server/production/conf/jboss-log4j.xml

  1. Uncomment Security Audit Appender

    Uncomment the following block. 
    <!-- Security AUDIT Appender --> 
<appender name="AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender"> 
  <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
  <param name="File" value="${jboss.server.log.dir}/audit.log"/> 
  <param name="Append" value="true"/> 
  <param name="DatePattern" value="'.'yyyy-MM-dd"/> 
  <layout class="org.apache.log4j.PatternLayout"> 
    <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x) %m%n"/> 
  </layout> 
</appender>

  2. Uncomment Security Audit Provider

    Uncomment the following block: 
    <!-- Category specifically for Security Audit Provider -->
<category name="org.jboss.security.audit.providers.LogAuditProvider" additivity="false">
  <priority value="TRACE"/>
  <appender-ref ref="AUDIT"/>
</category>

  3. Configure SecurityInterceptor logging level

    Set the logging level of the SecurityInterceptor class to TRACE by adding the <priority> element to the root <category> element. 
    <category name="org.jboss.ejb.plugins.SecurityInterceptor">
  <priority value="TRACE" />
  <appender-ref ref="AUDIT" />
</category>

  4. Enable logging for ServerImpl log messages

    Set the priority and appender-ref levels for the Microcontainer bootstrap by adding the <category> block as specified. 
    <category name="org.jboss.bootstrap.microcontainer">
  <priority value="INFO"/>
  <appender-ref ref="AUDIT"/> 
</category>

  5. Enable logging for web-based requests

    If you need additional logging for web-based requests, uncomment the AccessLogValve in JBOSS_HOME/server/production/deploy/jbossweb.sar/server.xml. 
    <Valve className="org.apache.catalina.valves.AccessLogValve"
  prefix="localhost_access_log." suffix=".log"
  pattern="common" directory="${jboss.server.home.dir}/log"
  resolveHosts="false" />
    The access log is saved in the log directory of the server configuration.

  6. Update ConversionPattern

    Update the ConversionPattern parameter in the appender/layout element to show thread information by replacing the Default Pattern with the Full Pattern: 
    <!--The full pattern: Date MS Priority [Category] (Thread:NDC) Message -->
<param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>