-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
5.4.3. Enable Audit Logging
To enable audit logging to record authentication and authorization information for every thread and EJB call, start the CLI management console and follow this procedure.
Note
Logging individual requests is a resource intensive activity. Test the impact this will have on your server and application performance before enabling this level of logging on a production server.
Procedure 5.4. Enable Audit Logging
- Create a periodic rotating file handler named
AUDIT
. The format of log file must be defined with this format to be common criteria compliant./subsystem=logging/periodic-rotating-file-handler=AUDIT/:add(suffix=.yyyy-MM-dd,formatter=%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n,level=TRACE,file={"relative-to" => "jboss.server.log.dir","path" => "audit.log"})
- Create a logger category for the JBoss EAP logging subsystem.
/subsystem=logging/logger=org.jboss.security.audit/:add(level=TRACE,category=org.jboss.security.audit,handlers=["AUDIT"])
- Enable audit logging in each application by using the
jboss-web.xml
descriptor located in theWEB-INF
directory, setting the tagdisable-audit
tofalse
.<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>security_domain_for_the_app</security-domain> <disable-audit>false</disable-audit> </jboss-web>