Red Hat Training
A Red Hat training course is available for Red Hat JBoss Enterprise Application Platform
A.3. Management Interface Audit Logging Reference
In addition to enabling or disabling management interface audit logging, the following logger
configuration attributes are available.
- log-boot
- If set to
true
, management operations when booting the server are included in the audit log,false
otherwise. Default:true
. - log-read-only
- If set to
true
, all operations will be audit logged. If set tofalse
only operations that change the model will be logged. Default:false
.
The formatter specifies the format of the log entries. Only one formatter is available, which outputs log entries in JSON format.
Example A.1. Include the timestamp in the log records
/core-service=management/access=audit/json-formatter=json-formatter:write-attribute(name=include-date,value=true
)
Log Formatter Attributes
- include-date
- A boolean value which defines whether or not the timestamp is included in the formatted log records. Default:
true
. - date-separator
- A string containing characters to be used to separate the date and the rest of the formatted log message. This is ignored if
include-date
=false
. Default:–
(This is a space, followed by a hyphen, then a space). - date-format
- The date format to use for the timestamp as understood by java.text.SimpleDateFormat. Ignored if
include-date
=false
. Default:yyyy-MM-dd HH:mm:ss
. - compact
- If
true
it will format the JSON on one line. There may still be values containing new lines, so if having the whole record on one line is important, setescape-new-line
orescape-control-characters
totrue
. Default:false
. - escape-control-characters
- If
true
it will escape all control characters (ASCII entries with a decimal value < 32) with the ASCII code in octal; for example, a new line becomes#012
. If this istrue
, it will overrideescape-new-line
=false
. Default:false
. - escape-new-line
- If
true
it will escape all new lines with the ASCII code in octal; for example#012
. Default:false
.
A file handler specifies the parameters by which audit log records are output to a file. Specifically it defines the formatter, file name and path for the file.
File Handler Attributes
- formatter
- The name of a JSON formatter to use to format the log records. Default:
json-formatter
. - path
- The path of the audit log file. Default:
audit-log.log
. - relative-to
- The name of another previously named path, or of one of the standard paths provided by the system. If
relative-to
is provided, the value of the path attribute is treated as relative to the path specified by this attribute. Default:jboss.server.data.dir
. - failure-count
- The number of logging failures since the handler was initialized. Default: 0.
- max-failure-count
- The maximum number of logging failures before disabling this handler. Default: 10.
- disabled-due-to-failure
- Takes the value
true
if this handler was disabled due to logging failures. Default:false
.
A syslog handler specifies the parameters by which audit log entries are sent to a syslog server, specifically the syslog server's hostname and the port on which the syslog server is listening.
/core-service=management/access=audit/syslog-handler=mysyslog:read-resource-description(recursive=true)
Syslog Handler Attributes
- app-name
- The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product.
- disabled-due-to-failure
- Takes the value
true
if this handler was disabled due to logging failures. Default:false
. - facility
- The facility to use for syslog logging as defined in section 6.2.1 of RFC-5424, and section 4.1.1 of RFC-3164.
- failure-count
- The number of logging failures since the handler was initialized. Default:
0
. - formatter
- The name of the formatter to use to format the log records. Default:
json-formatter
. - max-failure-count
- The maximum number of logging failures before disabling this handler. Default:
10
. - max-length
- The maximum length of a log message (in bytes), including the header. If undefined, it will default to
1024
bytes if thesyslog-format
isRFC3164
, or2048
bytes if thesyslog-format
isRFC5424
. - protocol
- The protocol to use for the syslog handler. Must be one and only one of
udp
,tcp
ortls
. - reconnect-timeout
- Available from JBoss EAP 6.4. The number of seconds to wait before attempting to reconnect to the syslog server, in the event connectivity is lost. Default:
-1
(Disabled). - syslog-format
- Syslog format: RFC-5424 or RFC-3164. Default:
RFC-5424
. - truncate
- Whether or not a message, including the header, should be truncated if the length in bytes is greater than the value of the
max-length
attribute. If set tofalse
messages will be split and sent with the same header values. Default:false
.