[
https://issues.apache.org/jira/browse/ARTEMIS-3245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jelmer Marinus updated ARTEMIS-3245:
------------------------------------
Description:
In release 2.13 issue " ARTEMIS-2648 Improve the Audit logging capabilities"
was fixed. One of the changes made was a change in the AMQ601500 message in the
AuditLogger-interface:
{code:java}
@LogMessage(level = Logger.Level.INFO) @Message(id = 601500, value = "User {0}
is sending a core message with Context: {1}", format =
Message.Format.MESSAGE_FORMAT)
void sendMessage(String user, Object context); {code}
A consequence of this is a lack of audit logging.
Previously (i.e. version 2.11) information regarding the actual message was
logged. Now only the following remains when message-level audit logging is
turned on.
{code:java}
2021-04-14 17:55:02,606 [AUDIT](Thread-6
(ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@6fefce9e))
AMQ601500: User #######(amq)@127.0.0.1:52938 is sending a core message with
Context: RoutingContextImpl(Address=null, routingType=null,
PreviousAddress=null previousRoute:null, reusable=null, version=0) {code}
This is not very helpful audit logging as it contains no reference to the
actual message which was send by the user.
The actual call to the AuditLogger seems to be in the ServerSessionImpl-class
and looks like this:
{code:java}
if (AuditLogger.isMessageEnabled()) {
AuditLogger.coreSendMessage(getUsername(), routingContext);
} {code}
So it seems the routingContext doesn't contain the necessary information.
Suggestion is to at least include the header properties of the send message
because this contains (in our case) information which we can use to correlate
with other log-sources. Including the message payload is NOT a good option
because it is likely to contain sensible information.
was:
In release 2.13 issue " ARTEMIS-2648 Improve the Audit logging capabilities"
was fixed. One of the changes made was a change in the AMQ601500 message in the
AuditLogger-interface:
{code:java}
@LogMessage(level = Logger.Level.INFO) @Message(id = 601500, value = "User {0}
is sending a core message with Context: {1}", format =
Message.Format.MESSAGE_FORMAT)
void sendMessage(String user, Object context); {code}
A consequence of this is a lack of audit logging.
Previously (i.e. version 2.11) information regarding the actual message was
logged. Now only the following remains when message-level audit logging is
turned on.
{code:java}
2021-04-14 17:55:02,606 [AUDIT](Thread-6
(ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@6fefce9e))
AMQ601500: User #######(amq)@127.0.0.1:52938 is sending a core message with
Context: RoutingContextImpl(Address=null, routingType=null,
PreviousAddress=null previousRoute:null, reusable=null, version=0) {code}
This is not very helpful audit logging as it contains no reference to the
actual message which was send by the user.
The actual call to the AuditLogger seems to be in the ServerSessionImpl-class
and looks like this:
{code:java}
if (AuditLogger.isMessageEnabled()) {
AuditLogger.coreSendMessage(getUsername(), routingContext);
} {code}
So it seems the routingContext doesn't contain the necessary information.
> Audit logging logs to little information
> ----------------------------------------
>
> Key: ARTEMIS-3245
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3245
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: ActiveMQ-Artemis-Native
> Affects Versions: 2.15.0
> Reporter: Jelmer Marinus
> Assignee: Clebert Suconic
> Priority: Major
>
> In release 2.13 issue " ARTEMIS-2648 Improve the Audit logging capabilities"
> was fixed. One of the changes made was a change in the AMQ601500 message in
> the AuditLogger-interface:
> {code:java}
> @LogMessage(level = Logger.Level.INFO) @Message(id = 601500, value = "User
> {0} is sending a core message with Context: {1}", format =
> Message.Format.MESSAGE_FORMAT)
> void sendMessage(String user, Object context); {code}
> A consequence of this is a lack of audit logging.
> Previously (i.e. version 2.11) information regarding the actual message was
> logged. Now only the following remains when message-level audit logging is
> turned on.
> {code:java}
> 2021-04-14 17:55:02,606 [AUDIT](Thread-6
> (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@6fefce9e))
> AMQ601500: User #######(amq)@127.0.0.1:52938 is sending a core message with
> Context: RoutingContextImpl(Address=null, routingType=null,
> PreviousAddress=null previousRoute:null, reusable=null, version=0) {code}
> This is not very helpful audit logging as it contains no reference to the
> actual message which was send by the user.
> The actual call to the AuditLogger seems to be in the ServerSessionImpl-class
> and looks like this:
> {code:java}
> if (AuditLogger.isMessageEnabled()) {
> AuditLogger.coreSendMessage(getUsername(), routingContext);
> } {code}
> So it seems the routingContext doesn't contain the necessary information.
> Suggestion is to at least include the header properties of the send message
> because this contains (in our case) information which we can use to correlate
> with other log-sources. Including the message payload is NOT a good option
> because it is likely to contain sensible information.
>
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
