Quick note for JBoss ~ enabling Audit log
The audit log can be used ~ as the name says ~ to Audit information as who and when are logging. The original reference is here.
Audit log xml:
The following XML can be used as a model:
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="true">
<handlers>
<handler name="file"/>
</handlers>
</logger>
</audit-log>Output
The output will be on the file:
EAP_HOME/standalone/data/audit-log.log
Logger configuration ~ three configurations
JBoss Audit log has three configuration modes – that basically will filter the amount/type of data that will be recorded, as below:
| Attribute | Description |
|---|---|
| enabled | true to enable logging of the management operations |
| log-boot | true to log the management operations when booting the server, false otherwise |
| log-read-only | If true all operations will be audit logged, if false only operations that change the model will be logged |
Btw: log-read-only when is used, increase the overhead considerably, since there are many operations that happen every 15s/20s in EAP.
CLI command for the configuration attributes above:
cli-command# /core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)
cli-command# /core-service=management/access=audit/logger=audit-log:write-attribute(name=log-boot,value=true)
cli-command# /core-service=management/access=audit/logger=audit-log:write-attribute(name=log-read-only,value=true)
Disclaimer
I work at Red Hat with EAP.
Overhead de Melo 