Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-1718

Handlers within Audit Logger are not removed properly when Audit Logger is removed

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.0.0.Alpha6
    • 3.0.0.Alpha5
    • Management
    • None
    • Hide

      1. Configure AuditLog to use both File and Syslog Handlers.

              <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
                <syslog-handler name="my-syslog-handler" formatter="json-formatter">
                    <udp host="localhost" port="514"/>
                </syslog-handler>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="true">
                <handlers>
                    <handler name="file"/>
                    <handler name="my-syslog-handler"/>
                </handlers>
            </logger>
        </audit-log>

      2. Start the server and remove Audit Logger
      /core-service=management/access=audit/logger=audit-log:remove()

      3. Add Audit Logger back (without handlers)
      /core-service=management/access=audit/logger=audit-log:add(enabled=true, log-boot=true, log-read-only=false)

      Show
      1. Configure AuditLog to use both File and Syslog Handlers. <audit-log> <formatters> <json-formatter name= "json-formatter" /> </formatters> <handlers> <file-handler name= "file" formatter= "json-formatter" path= "audit-log.log" relative-to= "jboss.server.data.dir" /> <syslog-handler name= "my-syslog-handler" formatter= "json-formatter" > <udp host= "localhost" port= "514" /> </syslog-handler> </handlers> <logger log-boot= " true " log-read-only= " false " enabled= " true " > <handlers> <handler name= "file" /> <handler name= "my-syslog-handler" /> </handlers> </logger> </audit-log> 2. Start the server and remove Audit Logger /core-service=management/access=audit/logger=audit-log:remove() 3. Add Audit Logger back (without handlers) /core-service=management/access=audit/logger=audit-log:add(enabled=true, log-boot=true, log-read-only=false)

    Description

      If Audit Logger is removed, destination handlers (i.e. its child nodes) are not removed properly. They are not present in the config file. They seem to be not removed "internally" though. This leads to a couple of issues:

      1. It is not possible to remove referenced File/Syslog handlers. If user tries to remove them the NullPointerException is given as a result. Try following commands:
      /core-service=management/access=audit/file-handler=file:remove()
      /core-service=management/access=audit/syslog-handler=my-syslog-handler:remove()
      Their output is:

      {
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.NullPointerException",
    "rolled-back" => true
}

      2. AuditLog continues to send auditable events to previously referenced File/Syslog handlers.

      • Create auditable event (e.g. /subsystem=logging/logger=com.arjuna:write-attribute(name=level,value=DEBUG))
      • See log in the file (WILDFLY_HOME/standalone/data/audit-log.log)
      • See log in the syslog (/var/log/messages)

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-5643 Handlers within Audit Logger are not removed properly when Audit Logger is removed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              bstansbe@redhat.com Brian Stansberry
              jtymel Jan Tymel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: