2. Configuration
2.1. Enabling feature
To enable AuditLog feature you need to enable AuditLogComponent component in etc/config.tdsl file and set used auditlog repository implementations. To do this you need to set name of component and class implementing this component, ie.
'audit-log' () {
memoryRepository () {}
slf4jRepository () {}
}
It is also required to enable AuditLogProcessor. To do so you need to enable audit-log processor in sess-man section:
'sess-man' () {
'audit-log' () {}
}
2.2. Configuration of auditlog file
AuditLog file is created and filled with events by Logback logging framework. To configure log file location, size you need to modify file etc/logback.xml which contains following data:
<configuration scan="true">
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>logs/auditlogs/auditlog.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!-- rollover hourly -->
<fileNamePattern>logs/auditlogs/auditlog-%d{yyyy-MM-dd_HH}.%i.log.gz</fileNamePattern>
<timeBasedFileNamingAndTriggeringPolicy
class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
<!-- or whenever the file size reaches 50MB -->
<maxFileSize>50MB</maxFileSize>
</timeBasedFileNamingAndTriggeringPolicy>
<!-- No Limit -->
<maxHistory>0</maxHistory>
</rollingPolicy>
<encoder>
<charset>UTF-8</charset>
<pattern>%msg%n</pattern>
</encoder>
</appender>
<logger name="tigase.auditlog" level="trace"/>
<root level="warn">
<appender-ref ref="FILE"/>
</root>
</configuration>
In this sample config it is set:
a template for a auditlog file name
logs/auditlogs/auditlog-%d{yyyy-MM-dd_HH}.%i.log.gzrolling logs to new files every 50MB and every day
2.3. Configuration of searchable repository
It is possible to configure AuditLog component to store events in MySQL database. To do that you need to enable AuditLog feature as described above and you need to enable searchableRepository in AuditLog component configuration.
'audit-log' () {
searchableRepository () {}
}
This will use database configured as a default data source of Tigase XMPP Server. If want to use different data source, you need to configure this new data source (ie. auditlogDataSource) and configure searchableRepository to use it:
dataSource {
...
auditlogDataSource () {
uri = 'jdbc:mysql://..'
}
...
}
'audit-log' () {
searchableRepository () {
'data-source' = 'auditlogDataSource'
}
}
After that you will be able to browse AuditLog entries in Admin UI of Tigase XMPP Server within Auditlog section.
Warning
Remember that after enabling searchableRepository you need to load database schema for AuditLog component. To do that just execute upgrade-schema task of Tigase XMPP Server after configuration of AuditLog is done.
2.4. Using AuditLog component under different component name than audit-log
To do that you need to define AuditLog component with a different name, ie. auditLog.
'auditLog' (class: tigase.auditlog.AuditLogComponent) {}
Then inform AuditLog processor of name of AuditLog component. Entry similar to one below will need to be added to etc/config.tdsl file:
'sess-man' () {
'audit-log' () {
'component-jid' = '[email protected]'
}
}
Note
In above example it is assumed that your server hostname is example.com. You will need to replace example.com with the real hostname of your server.
2.5. Logging packets not exchanged between client and server
By default this feature is enabled. To disable it you need to add following line to etc/config.tdsl file:
'sess-man' () {
'audit-log' () {
'only-user-packets' = false
}
}
2.6. Logging only packets received by user
To enable this feature you need to add following line to etc/config.tdsl file:
'sess-man' () {
'audit-log' () {
'only-from-user-connection' = true
}
}