Audit log for the application server
Audit logging is done to monitor the following events:
The logs are generated in: ...\Server\wildfly-*\standalone\log.
Logging for ‘logon/logoff’
Each time a user logs on or off, a log is created which is stored in the logon_logoff.log file in the application server’s log folder.
The following sections describe the configurations that are required for saving the logs in CSV and normal text format.
Configuration:
• Open the JBoss CLI
• Run the following commands:
For text format
/subsystem=logging/periodic-rotating-file-handler=LOGINLOGOFFS:add(append
=true,file={"path"=>"loginlogoff.log", "relative-to"=>"jboss.server.log.dir"},suffix
=".yyyy-MM-dd",autoflush=true)
/subsystem=logging/periodic-rotating-file-handler=LOGINLOGOFFS:write-attribute(name
=named-formatter,value=PATTERN)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.nl.planon.hades.beans.definitionmanager.DefinitionManagerBean:add(level=DEBUG)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.nl.planon.hades.beans.definitionmanager.DefinitionManagerBean:add-handler(name=LOGINLOGOFFS)
For CSV format
/subsystem=logging/size-rotating-file-handler=LOGINLOGOFFS:add(append
=true,file={"path"=>"loginlogoff.csv", "relative-to"=>"jboss.server.log.dir"},max-backup-index
=1,rotate-size=10000k,autoflush=true)
/subsystem=logging/logger=pnlog.AUTHENTICATION.nl.planon.hades.beans.definitionmanager.DefinitionManagerBean:
add(use-parent-handlers=false,level=DEBUG)
/subsystem=logging/logger=pnlog.AUTHENTICATION.nl.planon.hades.beans.definitionmanager.DefinitionManagerBean:
add-handler(name=LOGINLOGOFFS)
Logging for failed logins
Each time a user logon fails, a log is created which is stored in the failedlogins.log file in the log folder of the application server.
A log is registered due to the following reasons:
• Rejected log-on: “Rejected log-on for account <UserName> due to incorrect password”
• Rejected log-on: “Rejected log-on for account <UserName> due to expired password”
• Rejected log-on: “Rejected log-on for account <UserName> due to inconsistent account data in the database”
Configuration:
• Open the JBoss CLI.
• Run the following commands:
For text format
/subsystem=logging/periodic-rotating-file-handler=FAILEDLOGINS:add(append
=true,file={"path"=>"failedlogins.log", "relative-to"=>"jboss.server.log.dir"},suffix
=".yyyy-MM-dd",autoflush=true)
/subsystem=logging/periodic-rotating-file-handler=FAILEDLOGINS:write-attribute(name
=named-formatter,value=PATTERN)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.com.planonsoftware.jboss.login.artemis.server.Authenticator:add(level=DEBUG)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.com.planonsoftware.jboss.login.artemis.server.Authenticator:
add-handler(name=FAILEDLOGINS)
For CSV format
/subsystem=logging/size-rotating-file-handler=FAILEDLOGINS:add(append
=true,file={"path"=>"failedlogins.csv", "relative-to"=>"jboss.server.log.dir"},
max-backup-index=1,rotate-size=10000k,autoflush=true)
/subsystem=logging/logger=pnlog.AUTHENTICATION.com.planonsoftware.jboss.login.artemis.server.Authenticator:
add(use-parent-handlers=false,level=DEBUG)
/subsystem=logging/logger=pnlog.AUTHENTICATION.com.planonsoftware.jboss.login.artemis.server.Authenticator:
add-handler(name=FAILEDLOGINS)
Logging for password changes
Each time the password of a user is changed via the "change password" action, a log is created which is stored in the "passwordchanges.log" file in the application server’s log folder.
Configuration:
• Open the JBoss CLI.
• Run the following commands:
For text format
/subsystem=logging/periodic-rotating-file-handler=PASSWORDCHANGE:add(append
=true,file={"path"=>"passwordchange.log", "relative-to"=>"jboss.server.log.dir"},suffix
=".yyyy-MM-dd",autoflush=true)
/subsystem=logging/periodic-rotating-file-handler=PASSWORDCHANGE:write-attribute(name
=named-formatter,value=PATTERN)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMChangePasswordDef:add(level=DEBUG)
/subsystem=logging/logger=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMChangePasswordDef:
add-handler(name=PASSWORDCHANGE)
For CSV format
/subsystem=logging/size-rotating-file-handler=PASSWORDCHANGE:add(append
=true,file={"path"=>"passwordchanges.csv", "relative-to"=>"jboss.server.log.dir"},
max-backup-index=1,rotate-size=10000k,autoflush=true)
/subsystem=logging/logger=
pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMChangePasswordDef:
add(use-parent-handlers=false,level=DEBUG)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMChangePasswordDef:
add-handler(name=PASSWORDCHANGE)
Logging for password resets
Each time the password of a user is reset, a log is created and is stored in the "passwordresets.log" file in the application server’s log folder.
The log contains date/time of the password reset and a message: “Password for account <UserName> was reset by account <UserName of account that changed the password>”
Configuration:
• Open the JBoss CLI.
• Run the following commands:
For text format
/subsystem=logging/periodic-rotating-file-handler=PASSWORDRESET:add(append
=true,file={"path"=>"passwordreset.log", "relative-to"=>"jboss.server.log.dir"},suffix
=".yyyy-MM-dd",autoflush=true)
/subsystem=logging/periodic-rotating-file-handler=PASSWORDRESET:write-attribute(name
=named-formatter,value=PATTERN)
/subsystem=logging/logger
=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMResetPasswordDef:add(level=DEBUG)
/subsystem=logging/logger=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMResetPasswordDef:
add-handler(name=PASSWORDRESET)
For CSV format:
/subsystem=logging/size-rotating-file-handler=PASSWORDRESET:add(append
=true,file={"path"=>"passwordreset.csv", "relative-to"=>"jboss.server.log.dir"},
max-backup-index=1,rotate-size=10000k,autoflush=true)
/subsystem=logging/logger=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMResetPasswordDef:
add(use-parent-handlers=false,level=DEBUG)
/subsystem=logging/logger=pnlog.AUTHENTICATION.nl.planon.hades.businessmodel.account.bom.BOMResetPasswordDef:
add-handler(name=PASSWORDRESET)