Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5643

Handlers within Audit Logger are not removed properly when Audit Logger is removed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR4
    • 7.1.0.DR2
    • Management
    • None
    • Hide

      1. Configure AuditLog to use both File and Syslog Handlers.

              <audit-log>
                  <formatters>
                      <json-formatter name="json-formatter"/>
                  </formatters>
                  <handlers>
                      <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                      <syslog-handler name="my-syslog-handler" formatter="json-formatter">
                          <udp host="localhost" port="514"/>
                      </syslog-handler>
                  </handlers>
                  <logger log-boot="true" log-read-only="false" enabled="true">
                      <handlers>
                          <handler name="file"/>
                          <handler name="my-syslog-handler"/>
                      </handlers>
                  </logger>
              </audit-log>
      

      2. Start the server and remove Audit Logger
      /core-service=management/access=audit/logger=audit-log:remove()

      3. Add Audit Logger back (without handlers)
      /core-service=management/access=audit/logger=audit-log:add(enabled=true, log-boot=true, log-read-only=false)

      Show
      1. Configure AuditLog to use both File and Syslog Handlers. <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "my-syslog-handler" formatter= "json-formatter" > <udp host= "localhost" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "my-syslog-handler" /> </handlers> </logger> </audit-log> 2. Start the server and remove Audit Logger /core-service=management/access=audit/logger=audit-log:remove() 3. Add Audit Logger back (without handlers) /core-service=management/access=audit/logger=audit-log:add(enabled=true, log-boot=true, log-read-only=false)

      If Audit Logger is removed, destination handlers (i.e. its child nodes) are not removed properly. They are not present in the config file. They seem to be not removed "internally" though. This leads to a couple of issues:

      1. It is not possible to remove referenced File/Syslog handlers. If user tries to remove them the NullPointerException is given as a result. Try following commands:
      /core-service=management/access=audit/file-handler=file:remove()
      /core-service=management/access=audit/syslog-handler=my-syslog-handler:remove()
      Their output is:

      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.NullPointerException",
          "rolled-back" => true
      }
      

      2. AuditLog continues to send auditable events to previously referenced File/Syslog handlers.

      • Create auditable event (e.g. /subsystem=logging/logger=com.arjuna:write-attribute(name=level,value=DEBUG))
      • See log in the file (EAP_HOME/standalone/data/audit-log.log)
      • See log in the syslog (/var/log/messages)

            bstansbe@redhat.com Brian Stansberry
            jtymel Jan Tymel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: