mardi 31 janvier 2012

Developing an Audit-logging for FuseESB (servicemix) & Karaf

For many secured environments there's a requirement to log every user management action.

The idea is to have an Audit logging module, that allow the production service, to have a trace for all administrative tasks done in Fuse ESB(servicemix) or karaf over the following channels : (SSH, WebConsole, JMX)

The trace should contain information about user logged, the command performend, channel used, date, ...etc

To run the service you need to download and add event admin service jar into system folder under appropriate path like <Fuse-ESB-install>/system/org/apache/felix/org.apache.felix.eventadmin/1.2.8-fuse-00-43/org.apache.felix.eventadmin-1.2.8-fuse-00-43.jar

Then add following to etc/ file to auto start EventAdmin service (which will generate events):


The service contains a class LoggingEventListener that implement eventhandler, that just logs the events it receives:

StringBuffer buffer = new StringBuffer();
        buffer.append(String.format("Event [%n"));
        buffer.append(String.format("Topic: %s%n", event.getTopic()));
        for (String name : event.getPropertyNames()) {
            buffer.append(String.format("%n%s = %s", name, event.getProperty(name)));

All these events are filtered following properties fixed in blueprint.xml:

<bean id="handler" class="com.abouchama.LoggingEventListener" />

    <service ref="handler" interface="org.osgi.service.event.EventHandler">
                  <entry key="event.topics" value="org/apache/*"/>

You can build & install bundle from Github and deploy it. Once that's done you should see the output I shown in the following example:
Example of log:

17:22:34,119 | INFO | Thread-11 | LoggingEventListener | com.abouchama.LoggingEventListener 25 | Event [
Topic: org/apache/felix/service/command/EXECUTING
command = osgi:list
event.topics = org/apache/felix/service/command/EXECUTING
event.subject = Subject:
                    Principal: UserPrincipal[karaf]

In this example you can see sample entries for actions taken via SSH. Log entries contain info like:
                         - Username : karaf
                         - Command performed : osgi:list
                         - Event : org/apache/felix/service/command/EXECUTING

Enjoy :)

Aucun commentaire:

Enregistrer un commentaire