Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5185

Default app-name value of Syslog handler in Audit Logging violates specification

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.DR2
    • 7.0.0.GA, 7.0.1.CR2
    • Management
    • None
    • Hide

      1. Configure Audit Logging to log into (local) rsyslog and start server

      <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="syslog-handler" formatter="json-formatter">
                    <udp host="127.0.0.1" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="syslog-handler"/>
                </handlers>
            </logger>
</audit-log>

      2. Look into /var/log/messages file
      Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets [, ] used in grep command should be always preceded by a backslash
      sudo grep "JBoss[EAP]" /var/log/messages - there should be a few occurrences
      sudo grep "JBossEAP[" /var/log/messages - there should be no occurences

      3. Stop server, change configuration to use app-name without space character and start it again

      <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="syslog-handler" formatter="json-formatter" app-name="JBossEAP">
                    <udp host="127.0.0.1" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="syslog-handler"/>
                </handlers>
            </logger>
</audit-log>

      4. Look into /var/log/messages file again
      Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket [ used in grep command should be always preceded by a backslash
      sudo grep "JBossEAP[" /var/log/messages - there should be a few occurrences (that contains PID) now

      Show
      1. Configure Audit Logging to log into (local) rsyslog and start server <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "syslog-handler" formatter= "json-formatter" > <udp host= "127.0.0.1" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "syslog-handler" /> </handlers> </logger> </audit-log> 2. Look into /var/log/messages file Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets [, ] used in grep command should be always preceded by a backslash sudo grep "JBoss[EAP]" /var/log/messages - there should be a few occurrences sudo grep "JBossEAP[" /var/log/messages - there should be no occurences 3. Stop server, change configuration to use app-name without space character and start it again <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "syslog-handler" formatter= "json-formatter" app-name= "JBossEAP" > <udp host= "127.0.0.1" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "syslog-handler" /> </handlers> </logger> </audit-log> 4. Look into /var/log/messages file again Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket [ used in grep command should be always preceded by a backslash sudo grep "JBossEAP[" /var/log/messages - there should be a few occurrences (that contains PID) now

    Description

      According to syslog specification[1] app-name cannot contain space character (" "). However, the default value in EAP 7 is JBoss EAP. This results in the syslog server is not able to capture Process ID from which the message was sent.
      E.g. following piece of information is captured JBoss[EAP] (...) instead of JBossEAP[795]

      Suggestions for improvement:
      Change default value JBoss EAP to one without space character.
      Also please consider addition of check whether app-name contains space character.

      [1] https://tools.ietf.org/html/rfc5424#page-8

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-1647 Default app-name value of Syslog handler in Audit Logging violates specification

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-5310 (7.1.0) Upgrade to WildFly Core 3.0.0.Alpha4

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              kwills@redhat.com Ken Wills
              jtymel Jan Tymel (Inactive)
              Jan Tymel Jan Tymel (Inactive)
              Jan Tymel Jan Tymel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: