Enhanced Audit Logging in WildFly Elytron - RFC Support and Reliabiliity/Speed Customization

-
rfc_support_reliability_customization

Overview

WildFly Elytron is currently having its audit logging capabilities enhanced. In this blog post, I will give an overview about the enhancements being added in regards to additional RFC Support and the ability to configure how many times Elytron should attempt to connect to a syslog server.

Additional RFC Support

RFC Formats

WildFly Elytron’s syslog audit logging currently only supports RFC 5424, but some users may wish to use the legacy RFC 3164. Elytron is now being enhanced to provide support for this additional RFC through the addition of a syslog-format parameter. This new parameter will default to the current supported value of RFC 5424 and will support the value of RFC 3164, or can be explicitly set as RFC 5424. The parameter can be used on the WildFly CLI in the following ways:

/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost,syslog-format=RFC3164)
/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost,syslog-format=RFC5424)
/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost)

Additional RFC Events

Rfc3164SyslogEvent and Rfc5424SyslogEvent

Two new publicly accessible SecurityEvent classes have been added to WildFly Elytron, along with the publicly accessible abstract class SyslogAuditEvent. These new events can be used to provide more information on what is being sent to the syslog-server, showing the syslog-format along with the standard security-identity and event-time values.

Audit Logging Enabled Message

WildFly Elytron will now send a syslog message to the syslog server when the syslog audit logging is enabled, to allow the user to verify their connection and syslog server are both working. This new message will consist of “Elytron audit logging enabled with RFC format:” followed by the syslog-format that has been set, with a priority of Informational.

Reliability vs Speed

Users will now be able to limit how many times WildFly Elytron will attempt to resend a message to the syslog-server, as compared to currently trying to resend the message forever. This new parameter is called “reconnect-attempts” and is an optional parameter on the WildFly CLI with a default value of -1. The following values available to the parameter and their use are:

Value Use
-1 Always attempt to resend the message
0 Never attempt to resend the message (results in an IOException if message sending fails)
Positive integer Attempt to resend the message n number of times (results in an IOException if message sending fails after n times)

On the WildFly CLI, these values would look like, with infinite, no resends, n resends, default of infinite:

/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost,reconnect-attempts=-1)
/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost,reconnect-attempts=0)
/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost,reconnect-attempts=50)
/subsystem=elytron/syslog-audit-log=syslog-test:add(server-address="127.0.0.1",port=10999,transport=UDP,host-name=localhost)

Summary

This blog post provides some information about upcoming changes to enhance audit logging in WildFly Elytron, in particular it talks about the addition of a syslog-format parameter and a reconnect-attempts parameter, two new SecurityEvents and a new abstract SecurityEvent, and an initial connect message.

Comments

Post a Comment

Popular posts from this blog

Converting Legacy Properties Files into a FileSystemRealm with Elytron Tool

-
converting-legacy-properties-files-into-a-filesystemrealm Overview In WildFly 16, Elytron Tool now provides a command for easily converting any legacy properties files into a FileSystemRealm. This blog post will give an overview of the two ways parameters can be specified for this command, the various parameters, and an example of how to convert both properties files for both a single users-roles mapping and for specifying multiple files at once. The Two Ways to Specify Parameters This new command, FileSystemRealmCommand, allows the ability to specify the input files and Elytron object names on either the command line, ideal for a single users-roles combination, or through a text file called a Descriptor File, ideal for multiple users-roles combinations. In either case, the general use options will have to be specified on the command line, which are: --help --debug --silent --summary Both the command line and descriptor file have three required par...
Read more

Dynamically Generating KeyStores, TrustStores, and Certificates with WildFly Elytron

-
dynamically-generating-certificates-keystores-in-elytron Dynamically Generating KeyStores, TrustStores, and Certificates with WildFly Elytron Overview It is now possible to quickly and easily generate KeyStores, TrustStores, and Certificates by utilizing the Elytron Examples methods. A new utility class, CertificateGenerator, has been added that can generate a KeyStore and TrustStore, along with saving them to a file-system directory, with a single API call. This utility class can further be used to easily generate client and server KeyStores and TrustStores for Two Way SSL or can be easily fully customized to create as many KeyStores, TrustStores, Certificates (self signed and signed) as wanted, along with saving as many of those KeyStores and TrustStores to as many or as few directories as wanted. This blog post will go into several of the customization and default methods available, along with showing an example. Further examples can be found in the Certi...
Read more