Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

5.4.3. Enable Audit Logging

To enable audit logging to record authentication and authorization information for every thread and EJB call, start the CLI management console and follow this procedure.

Note

Logging individual requests is a resource intensive activity. Test the impact this will have on your server and application performance before enabling this level of logging on a production server.

Procedure 5.4. Enable Audit Logging

  1. Create a periodic rotating file handler named AUDIT. The format of log file must be defined with this format to be common criteria compliant. 
    /subsystem=logging/periodic-rotating-file-handler=AUDIT/:add(suffix=.yyyy-MM-dd,formatter=%d{HH:mm:ss,SSS} %-5p [%c] (%t)
%s%E%n,level=TRACE,file={"relative-to" => "jboss.server.log.dir","path" => "audit.log"})
  2. Create a logger category for the JBoss EAP logging subsystem. 
    /subsystem=logging/logger=org.jboss.security.audit/:add(level=TRACE,category=org.jboss.security.audit,handlers=["AUDIT"])
  3. Enable audit logging in each application by using the jboss-web.xml descriptor located in the WEB-INF directory, setting the tag disable-audit to false. 
    <?xml version="1.0" encoding="UTF-8"?>
  <jboss-web>
    <security-domain>security_domain_for_the_app</security-domain>
     <disable-audit>false</disable-audit>
  </jboss-web>
Report a bug