You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Andy Taylor (Jira)" <ji...@apache.org> on 2020/03/09 11:43:00 UTC
[jira] [Updated] (ARTEMIS-2648) Improve the Audit logging
capabilities
[ https://issues.apache.org/jira/browse/ARTEMIS-2648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy Taylor updated ARTEMIS-2648:
---------------------------------
Description:
This will improve the current audit logging feature. currently there are 2 loggers which are very verbose so this will add a 3rd which focus mainly around access to resources that a console user or a jmx client may use. Also currently no success/failure is logged only entry points in methods, this new logger will log success or failure.
Here is a list of the improvements:
* New Resource logger added
** This will log more resource related access from JMX/console mainly around creation of resources and access to these resource
** It will be enabled independently of the other loggers
* Message audit log will be changed to be configurable independently not with base audit log, and the new resource logger will also be configurable independently.
* Add the ability to capture the remote address of the calling client whether it be through JMX/console or a normal Netty connection
* Add the ability to capture authentication success or failure via an audit login module, something like:
|_org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule optional_
_debug=false;_|
* Add the ability to log failures to specific JMX mbeans in the authentication process, this will be configurable in the management.xml file and will hapen when rbac occurs in the management layer. This is really to avoid over verbose logging, something like:
|_<auditlist>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="createAddress"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="deleteAddress"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="updateAddress"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="createQueue"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="updateQueue"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="destroyQueue"/>_
_</auditlist>_|
Also tidy up the currentl logger codes.
> Improve the Audit logging capabilities
> --------------------------------------
>
> Key: ARTEMIS-2648
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2648
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Andy Taylor
> Assignee: Andy Taylor
> Priority: Major
>
> This will improve the current audit logging feature. currently there are 2 loggers which are very verbose so this will add a 3rd which focus mainly around access to resources that a console user or a jmx client may use. Also currently no success/failure is logged only entry points in methods, this new logger will log success or failure.
> Here is a list of the improvements:
> * New Resource logger added
> ** This will log more resource related access from JMX/console mainly around creation of resources and access to these resource
> ** It will be enabled independently of the other loggers
> * Message audit log will be changed to be configurable independently not with base audit log, and the new resource logger will also be configurable independently.
> * Add the ability to capture the remote address of the calling client whether it be through JMX/console or a normal Netty connection
> * Add the ability to capture authentication success or failure via an audit login module, something like:
> |_org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule optional_
> _debug=false;_|
> * Add the ability to log failures to specific JMX mbeans in the authentication process, this will be configurable in the management.xml file and will hapen when rbac occurs in the management layer. This is really to avoid over verbose logging, something like:
> |_<auditlist>_
> _<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="createAddress"/>_
> _<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="deleteAddress"/>_
> _<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="updateAddress"/>_
> _<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="createQueue"/>_
> _<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="updateQueue"/>_
> _<bean name="org.apache.activemq.artemis:broker="0.0.0.0"" operation="destroyQueue"/>_
> _</auditlist>_|
>
> Also tidy up the currentl logger codes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)