Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-285

Agent logging LOG_ALLOW or LOG_DENY does not work

    XMLWordPrintable

    Details

      Description

      Problem
      The audit logging to the local file audit.log does not work when the audit access type is set to either LOG_ALLOW or LOG_DENY. However it works if LOG_BOTH is set

      Testcase 1
      1. Enable Audit Log Location to ALL on the centralized agent config
      2. Enable Audit Access type to LOG_DENY
      3. Acesss a forbidden page and check audit.log

      Observations

      • No entry

      Expected

      • AUDIT entry with denied access to <url> should be seen

      Testcase 2
      Similarly if the Audit access type is set to LOG_ALLOW
      The similar issue happens

      Testcase 3
      Another problem is the the Access log is ALL but the "REMOTE" logs on OpenAM is not done
      (will create a new bug for this)

      For testcase 1 & 2 the issue is in utility.c

      void update_agent_configuration_audit(am_config_t *conf) {
      
          if (AM_BITMASK_CHECK(conf->audit_level, (AM_LOG_LEVEL_AUDIT_ALLOW | AM_LOG_LEVEL_AUDIT_DENY))) {
      
      

      The above need to tested independently in eg:

          if (AM_BITMASK_CHECK(conf->audit_level, AM_LOG_LEVEL_AUDIT_ALLOW)  ||
             AM_BITMASK_CHECK(conf->audit_level, AM_LOG_LEVEL_AUDIT_DENY) ||
             AM_BITMASK_CHECK(conf->audit_level, (AM_LOG_LEVEL_AUDIT_DENY |AM_LOG_LEVEL_AUDIT_ALLOW))) {
      

        Attachments

          Issue Links

            Activity

              People

              mareks Mareks Malnacs
              chee-weng.chea C-Weng C
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: