2.5.3. Configuring Audit Logging

download PDF
Audit logging can be configured to print authentication and authorization information for each thread and EJB call.


Logging individual requests is a resource intensive activity. Test the impact this will have on your server and application performance before enabling this level of logging on a production server.

Procedure 2.2. Monitor Server Startup and Shutdown Events

Enable server startup and shutdown events by making the recommended changes to JBOSS_HOME/server/production/conf/jboss-log4j.xml
  1. Uncomment Security Audit Appender

    Uncomment the following block.
    <!-- Security AUDIT Appender --> 
    <appender name="AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender"> 
      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
      <param name="File" value="${jboss.server.log.dir}/audit.log"/> 
      <param name="Append" value="true"/> 
      <param name="DatePattern" value="'.'yyyy-MM-dd"/> 
      <layout class="org.apache.log4j.PatternLayout"> 
        <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x) %m%n"/> 
  2. Uncomment Security Audit Provider

    Uncomment the following block:
    <!-- Category specifically for Security Audit Provider -->
    <category name="" additivity="false">
      <priority value="TRACE"/>
      <appender-ref ref="AUDIT"/>
  3. Configure SecurityInterceptor logging level

    Set the logging level of the SecurityInterceptor class to TRACE by adding the <priority> element to the root <category> element.
    <category name="org.jboss.ejb.plugins.SecurityInterceptor">
      <priority value="TRACE" />
      <appender-ref ref="AUDIT" />
  4. Enable logging for ServerImpl log messages

    Set the priority and appender-ref levels for the Microcontainer bootstrap by adding the <category> block as specified.
    <category name="org.jboss.bootstrap.microcontainer">
      <priority value="INFO"/>
      <appender-ref ref="AUDIT"/> 
  5. Enable logging for web-based requests

    If you need additional logging for web-based requests, uncomment the AccessLogValve in JBOSS_HOME/server/production/deploy/jbossweb.sar/server.xml.
    <Valve className="org.apache.catalina.valves.AccessLogValve"
      prefix="localhost_access_log." suffix=".log"
      pattern="common" directory="${jboss.server.home.dir}/log"
      resolveHosts="false" />
    The access log is saved in the log directory of the server configuration.
  6. Update ConversionPattern

    Update the ConversionPattern parameter in the appender/layout element to show thread information by replacing the Default Pattern with the Full Pattern:
    <!--The full pattern: Date MS Priority [Category] (Thread:NDC) Message -->
    <param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.