[jira] [Closed] (ARTEMIS-3245) Audit logging logs to little information

Wed, 21 Apr 2021 07:33:06 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Clebert Suconic closed ARTEMIS-3245.
------------------------------------
    Resolution: Duplicate

> Audit logging logs to little information
> ----------------------------------------
>
>                 Key: ARTEMIS-3245
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3245
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: ActiveMQ-Artemis-Native
>    Affects Versions: 2.15.0
>            Reporter: Jelmer Marinus
>            Assignee: Clebert Suconic
>            Priority: Major
>
> In release 2.13 issue " ARTEMIS-2648 Improve the Audit logging capabilities" 
> was fixed. One of the changes made was a change in the AMQ601500 message in 
> the AuditLogger-interface:
> {code:java}
> @LogMessage(level = Logger.Level.INFO) @Message(id = 601500, value = "User 
> {0} is sending a core message with Context: {1}", format = 
> Message.Format.MESSAGE_FORMAT) 
> void sendMessage(String user, Object context); {code}
> A consequence of this is a lack of audit logging.
> Previously (i.e. version 2.11) information regarding the actual message was 
> logged. Now only the following remains when message-level audit logging is 
> turned on.
> {code:java}
> 2021-04-14 17:55:02,606 [AUDIT](Thread-6 
> (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@6fefce9e))
>  AMQ601500: User #######(amq)@127.0.0.1:52938 is sending a core message with 
> Context: RoutingContextImpl(Address=null, routingType=null, 
> PreviousAddress=null previousRoute:null, reusable=null, version=0) {code}
> This is not very helpful audit logging as it contains no reference to the 
> actual message which was send by the user.
> The actual call to the AuditLogger seems to be in the ServerSessionImpl-class 
> and looks like this:
> {code:java}
> if (AuditLogger.isMessageEnabled()) {
>     AuditLogger.coreSendMessage(getUsername(), routingContext);
> } {code}
> So it seems the routingContext doesn't contain the necessary information.
> Suggestion is to at least include the header properties of the send message 
> because this contains (in our case) information which we can use to correlate 
> with other log-sources. Including the message payload is NOT a good option 
> because it is likely to contain sensitive information.
>  
>  
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to