[
https://issues.apache.org/jira/browse/ARTEMIS-2648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy Taylor updated ARTEMIS-2648:
---------------------------------
Description:
This will improve the current audit logging feature. currently there are 2
loggers which are very verbose so this will add a 3rd which focus mainly around
access to resources that a console user or a jmx client may use. Also currently
no success/failure is logged only entry points in methods, this new logger will
log success or failure.
Here is a list of the improvements:
* New Resource logger added
** This will log more resource related access from JMX/console mainly around
creation of resources and access to these resource
** It will be enabled independently of the other loggers
* Message audit log will be changed to be configurable independently not with
base audit log, and the new resource logger will also be configurable
independently.
* Add the ability to capture the remote address of the calling client whether
it be through JMX/console or a normal Netty connection
* Add the ability to capture authentication success or failure from the console
* Add the ability to log failures to JMX mbeans in the authentication process.
Also tidy up the current logger codes.
was:
This will improve the current audit logging feature. currently there are 2
loggers which are very verbose so this will add a 3rd which focus mainly around
access to resources that a console user or a jmx client may use. Also currently
no success/failure is logged only entry points in methods, this new logger will
log success or failure.
Here is a list of the improvements:
* New Resource logger added
** This will log more resource related access from JMX/console mainly around
creation of resources and access to these resource
** It will be enabled independently of the other loggers
* Message audit log will be changed to be configurable independently not with
base audit log, and the new resource logger will also be configurable
independently.
* Add the ability to capture the remote address of the calling client whether
it be through JMX/console or a normal Netty connection
* Add the ability to capture authentication success or failure via an audit
login module, something like:
|_org.apache.activemq.artemis.spi.core.security.jaas.AuditLoginModule optional_
_debug=false;_|
* Add the ability to log failures to specific JMX mbeans in the authentication
process, this will be configurable in the management.xml file and will hapen
when rbac occurs in the management layer. This is really to avoid over verbose
logging, something like:
|_<auditlist>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0""
operation="createAddress"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0""
operation="deleteAddress"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0""
operation="updateAddress"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0""
operation="createQueue"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0""
operation="updateQueue"/>_
_<bean name="org.apache.activemq.artemis:broker="0.0.0.0""
operation="destroyQueue"/>_
_</auditlist>_|
Also tidy up the currentl logger codes.
> Improve the Audit logging capabilities
> --------------------------------------
>
> Key: ARTEMIS-2648
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2648
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Andy Taylor
> Assignee: Andy Taylor
> Priority: Major
>
> This will improve the current audit logging feature. currently there are 2
> loggers which are very verbose so this will add a 3rd which focus mainly
> around access to resources that a console user or a jmx client may use. Also
> currently no success/failure is logged only entry points in methods, this new
> logger will log success or failure.
> Here is a list of the improvements:
> * New Resource logger added
> ** This will log more resource related access from JMX/console mainly around
> creation of resources and access to these resource
> ** It will be enabled independently of the other loggers
> * Message audit log will be changed to be configurable independently not
> with base audit log, and the new resource logger will also be configurable
> independently.
> * Add the ability to capture the remote address of the calling client
> whether it be through JMX/console or a normal Netty connection
> * Add the ability to capture authentication success or failure from the
> console
>
> * Add the ability to log failures to JMX mbeans in the authentication
> process.
>
> Also tidy up the current logger codes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
