Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3098

Cannot configure syslog audit event logger

    XMLWordPrintable

    Details

      Description

      Tried to configure the Syslog Audit Event logger in OpenDJ 3.

      config/syslog-handler.json (ip removed):

      {
          "class": "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler",
          "config": {
              "name": "SyslogAuditEventHandler",
              "topics": [ "access" ],
              "protocol": "TCP",
              "host": "x.x.x.x",
              "port": 514,
              "connectTimeout": 10000,
              "facility": "LOCAL7",
              "buffering": {
                  "enabled": false
              },
              "severityFieldMappings": [
                  {
                      "topic": "access",
                      "field": "dummy",
                      "valueMappings": {}
                  }
              ]
          }
      }
      
      dsconfig \
       create-log-publisher \
       --port 3444 \
       --hostname xxxx \
       --bindDN "cn=Directory Manager" \
       --bindPassword xxxx
       --publisher-name "Syslog Audit Access Log Publisher" \
       --type external-access \
       --set enabled:true \
       --set config-file:config/syslog-handler.json \
       --trustAll \
       --no-prompt
      

      No errors are logged to OpenDJ error log, but also events are not sent to syslog server (tcpdump shows no network traffic).

      In the meantime, the CSV file-based audit logger logs the audit events correctly to a local file.

        Attachments

          Activity

            People

            Assignee:
            Mark Mark Craig
            Reporter:
            milan_everett Milan Schwartz [X] (Inactive)
            QA Assignee:
            Ondrej Fuchsik Ondrej Fuchsik
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: