> > > I assume the audit log doesn't need to be synced in anyway, i.e. if the > machine the broker is on has a sudden power failure, its accepted that the > activity actually recorded on disk may not be fully up to date? > > Yes, I assume it would be acceptable to lose some minor parts of information in case of rare situations like power failure.
> Would the queues being audited generally be durable or might they also be > transient? (and what about the persistence of messages)? > > In most cases persistent messages in durable queues. Having the auditing for non-persistent messages / non-durable queues might be nice, but not 100% necessary. Such messages are unreliable anyway, so when they get lost it is not an unexpected event - therefore one might not need an extensive audit trail to see all the details about them. > Would tcpdump be a possible route? I.e. capture all the AMQP data in and > out of the broker, and perhaps then asynchronously process that into a more > useful form in a database of some kind? > > > I don't think so. Large part of the communication is SSL encrypted - I don't think it is possible to decrypt the stream without having the private keys from both sides. Or is it? I actually never tried it.
