Uploaded image for project: 'JBoss Log Manager'
  1. JBoss Log Manager
  2. LOGMGR-142

Default app-name value of Syslog handler in Audit Logging violates specification

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.1.0.Alpha5
    • None
    • None
    • None
    • Hide

      1. Configure Audit Logging to log into (local) rsyslog and start server

      <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="syslog-handler" formatter="json-formatter">
                    <udp host="127.0.0.1" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="syslog-handler"/>
                </handlers>
            </logger>
</audit-log>

      2. Look into /var/log/messages file
      Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets [, ] used in grep command should be always preceded by a backslash
      sudo grep "WildFly[Core]" /var/log/messages - there should be a few occurrences
      sudo grep "WildFlyCore[" /var/log/messages - there should be no occurences

      3. Stop server, change configuration to use app-name without space character and start it again

      <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="syslog-handler" formatter="json-formatter" app-name="WildFlyCore">
                    <udp host="127.0.0.1" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="syslog-handler"/>
                </handlers>
            </logger>
</audit-log>

      4. Look into /var/log/messages file again
      Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket [ used in grep command should be always preceded by a backslash
      sudo grep "WildFlyCore[" /var/log/messages - there should be a few occurrences (that contains PID) now

      Show
      1. Configure Audit Logging to log into (local) rsyslog and start server <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "syslog-handler" formatter= "json-formatter" > <udp host= "127.0.0.1" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "syslog-handler" /> </handlers> </logger> </audit-log> 2. Look into /var/log/messages file Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Brackets [, ] used in grep command should be always preceded by a backslash sudo grep "WildFly[Core]" /var/log/messages - there should be a few occurrences sudo grep "WildFlyCore[" /var/log/messages - there should be no occurences 3. Stop server, change configuration to use app-name without space character and start it again <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "syslog-handler" formatter= "json-formatter" app-name= "WildFlyCore" > <udp host= "127.0.0.1" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "syslog-handler" /> </handlers> </logger> </audit-log> 4. Look into /var/log/messages file again Note: the brackets must be escaped, JIRA doesn't allow me to stress it. Bracket [ used in grep command should be always preceded by a backslash sudo grep "WildFlyCore[" /var/log/messages - there should be a few occurrences (that contains PID) now

    Description

      According to syslog specification[1] app-name cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is WildFly Core. This results in the syslog server is not able to capture Process ID from which the message was sent.
      E.g. following piece of information is captured WildFly[Core] (...) instead of WildFlyCore[795]

      Suggestions for improvement:
      Change default value WildFly Core to one without space character.
      Also please consider addition of check whether app-name contains space character.

      [1] https://tools.ietf.org/html/rfc5424#page-8

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-1647 Default app-name value of Syslog handler in Audit Logging violates specification

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              jperkins-rhn James Perkins
              jtymel Jan Tymel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: