Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-3404

Audit logging to TCP syslog is stopped after syslog restart

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.0.0.ER6
    • 7.0.0.ER5
    • Management
    • None
    • Hide

      1) set following configuration of audit-log:

              <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="audit-test-syslog-handler" formatter="json-formatter" syslog-format="RFC5424">
                    <tcp host="127.0.0.1" port="9898" message-transfer="OCTET_COUNTING"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="audit-test-syslog-handler"/>
                </handlers>
            </logger>
        </audit-log>

      2) start application server and syslog server
      3) make some audit operation -> audit message is logged to syslog
      4) restart syslog
      5) make some audit operation -> audit message is not logged to syslog

      Show
      1) set following configuration of audit-log: <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "audit-test-syslog-handler" formatter= "json-formatter" syslog-format= "RFC5424" > <tcp host= "127.0.0.1" port= "9898" message-transfer= "OCTET_COUNTING" /> </syslog-handler> </handlers> <logger log-boot= "true" log-read-only= "false" enabled= "true" > <handlers> <handler name= "file" /> <handler name= "audit-test-syslog-handler" /> </handlers> </logger> </audit-log> 2) start application server and syslog server 3) make some audit operation -> audit message is logged to syslog 4) restart syslog 5) make some audit operation -> audit message is not logged to syslog

      In case when audit logging to TCP syslog is enabled and syslog server is restarted then audit logging to syslog is stopped. UDP works correctly. It can be related to issue [1].

      [1] https://issues.jboss.org/browse/LOGMGR-123

            jperkins-rhn James Perkins
            olukas Ondrej Lukas (Inactive)
            Ondrej Lukas Ondrej Lukas (Inactive)
            Ondrej Lukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: