You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Jelmer Marinus (Jira)" <ji...@apache.org> on 2021/04/19 08:16:00 UTC

[jira] [Commented] (ARTEMIS-3245) Audit logging logs to little information

    [ https://issues.apache.org/jira/browse/ARTEMIS-3245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17324838#comment-17324838 ] 

Jelmer Marinus commented on ARTEMIS-3245:
-----------------------------------------

[~clebertsuconic] Can you give a status update ?

> Audit logging logs to little information
> ----------------------------------------
>
>                 Key: ARTEMIS-3245
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3245
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: ActiveMQ-Artemis-Native
>    Affects Versions: 2.15.0
>            Reporter: Jelmer Marinus
>            Assignee: Clebert Suconic
>            Priority: Major
>
> In release 2.13 issue " ARTEMIS-2648 Improve the Audit logging capabilities" was fixed. One of the changes made was a change in the AMQ601500 message in the AuditLogger-interface:
> {code:java}
> @LogMessage(level = Logger.Level.INFO) @Message(id = 601500, value = "User {0} is sending a core message with Context: {1}", format = Message.Format.MESSAGE_FORMAT) 
> void sendMessage(String user, Object context); {code}
> A consequence of this is a lack of audit logging.
> Previously (i.e. version 2.11) information regarding the actual message was logged. Now only the following remains when message-level audit logging is turned on.
> {code:java}
> 2021-04-14 17:55:02,606 [AUDIT](Thread-6 (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@6fefce9e)) AMQ601500: User #######(amq)@127.0.0.1:52938 is sending a core message with Context: RoutingContextImpl(Address=null, routingType=null, PreviousAddress=null previousRoute:null, reusable=null, version=0) {code}
> This is not very helpful audit logging as it contains no reference to the actual message which was send by the user.
> The actual call to the AuditLogger seems to be in the ServerSessionImpl-class and looks like this:
> {code:java}
> if (AuditLogger.isMessageEnabled()) {
>     AuditLogger.coreSendMessage(getUsername(), routingContext);
> } {code}
> So it seems the routingContext doesn't contain the necessary information.
> Suggestion is to at least include the header properties of the send message because this contains (in our case) information which we can use to correlate with other log-sources. Including the message payload is NOT a good option because it is likely to contain sensitive information.
>  
>  
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)