qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-4079) C++ Broker needs log messages to track object life cycles for auditing
Date Tue, 10 Jul 2012 14:52:36 GMT

    [ https://issues.apache.org/jira/browse/QPID-4079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13410398#comment-13410398
] 

Chuck Rolke commented on QPID-4079:
-----------------------------------

Before doing another round of cumbersome code reviews I'd like to agree on a top-level design
for this feature.

I propose dividing the logs into two parts.

Part 1 consists of [Model] logs at DEBUG level that are issued synchronously with the corresponding
management Events. These logs have the same data fields as the events and require no logical
additions to the model [See Note 1].

<event "clientConnect"     args="rhost, user"/>
<event "clientConnectFail" args="rhost, user, reason"/>
<event "clientDisconnect"  args="rhost, user"/>
<event "brokerLinkUp"      args="rhost"/>
<event "brokerLinkDown"    args="rhost"/>
<event "queueDeclare"      args="rhost, user, qName, durable, excl, autoDel, altEx, args,
disp"/>
<event "queueDelete"       args="rhost, user, qName"/>
<event "exchangeDeclare"   args="rhost, user, exName, exType, altEx, durable, autoDel,
args, disp"/>
<event "exchangeDelete"    args="rhost, user, exName"/>
<event "bind"              args="rhost, user, exName, qName, key, args"/>
<event "unbind"            args="rhost, user, exName, qName, key"/>
<event "subscribe"         args="rhost, user, qName, dest, excl, args"/>
<event "unsubscribe"       args="rhost, user, dest"/>

Part 2 consists of [Model] logs at TRACE level that are issued automatically during the construction
and destruction of the management objects. The code to issue these logs is generated along
with the management class sources.
* The constructor log exposes the management id of the object.
* The destructor log shows the management id and the statistics for the object.

Logs from Part 1 use names as specified by users as they create objects. Logs from Part 2
use names generated by the management framework. There is no attempt to correlate the names
between the two name spaces in the logging process.

---
Note 1: There are no events that expose the creation and deletion of a Session. These could
be added.

                
> C++ Broker needs log messages to track object life cycles for auditing
> ----------------------------------------------------------------------
>
>                 Key: QPID-4079
>                 URL: https://issues.apache.org/jira/browse/QPID-4079
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: 0.16
>            Reporter: Chuck Rolke
>
> The C++ broker logs are unfriendly and incomplete for customers who are hoping to audit
system usage. Missing are log artifacts to expose which user created, used, or destroyed which
resource.
> The proposed improvement adds INFO level log statements for the creation, destruction,
and major state changes to connection, session,  and subscription objects, and to exchange,
queue, and binding objects.
> From this set of log messages a user could determine what user from what client system
address created a connection, what sessions were created on that connection, and what subscriptions
were created on those sessions. Similarly the exchange-binding-queue objects would have enough
in their log messages to correlate the interactions between them.
> The log message for the destruction of an object would contain a record of all the management
statistics kept for that object. Then, working through the log records a customer could attribute
broker usage back to specific users.
> This class of log message has been requested by customers using Security Information
and Event Management (SIEM) systems to scrape information from broker event logs.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message