Uploaded image for project: 'JBoss Log Manager'
  1. JBoss Log Manager
  2. LOGMGR-142

Default app-name value of Syslog handler in Audit Logging violates specification

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.1.0.Alpha5
    • None
    • None
    • None
    • Hide

      1. Configure Audit Logging to log into (local) rsyslog and start server

      <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="syslog-handler" formatter="json-formatter">
                    <udp host="127.0.0.1" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="syslog-handler"/>
                </handlers>
            </logger>
</audit-log>

      2. Look into /var/log/messages file
      Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets [, ] used in grep command should be always preceded by a backslash
      sudo grep "WildFly[Core]" /var/log/messages - there should be a few occurrences
      sudo grep "WildFlyCore[" /var/log/messages - there should be no occurences

      3. Stop server, change configuration to use app-name without space character and start it again

      <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="syslog-handler" formatter="json-formatter" app-name="WildFlyCore">
                    <udp host="127.0.0.1" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="syslog-handler"/>
                </handlers>
            </logger>
</audit-log>

      4. Look into /var/log/messages file again
      Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket [ used in grep command should be always preceded by a backslash
      sudo grep "WildFlyCore[" /var/log/messages - there should be a few occurrences (that contains PID) now

      Show
      1. Configure Audit Logging to log into (local) rsyslog and start server <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "syslog-handler" formatter= "json-formatter" > <udp host= "127.0.0.1" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "syslog-handler" /> </handlers> </logger> </audit-log> 2. Look into /var/log/messages file Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets [, ] used in grep command should be always preceded by a backslash sudo grep "WildFly[Core]" /var/log/messages - there should be a few occurrences sudo grep "WildFlyCore[" /var/log/messages - there should be no occurences 3. Stop server, change configuration to use app-name without space character and start it again <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "syslog-handler" formatter= "json-formatter" app-name= "WildFlyCore" > <udp host= "127.0.0.1" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "syslog-handler" /> </handlers> </logger> </audit-log> 4. Look into /var/log/messages file again Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket [ used in grep command should be always preceded by a backslash sudo grep "WildFlyCore[" /var/log/messages - there should be a few occurrences (that contains PID) now

      According to syslog specification[1] app-name cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is WildFly Core. This results in the syslog server is not able to capture Process ID from which the message was sent.
      E.g. following piece of information is captured WildFly[Core] (...) instead of WildFlyCore[795]

      Suggestions for improvement:
      Change default value WildFly Core to one without space character.
      Also please consider addition of check whether app-name contains space character.

      [1] https://tools.ietf.org/html/rfc5424#page-8

              jperkins-rhn James Perkins
              jtymel Jan Tymel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: