-
Notifications
You must be signed in to change notification settings - Fork 103
Auditing Module
The auditing module is activated by the Maven profile auditing. To build geostore with auditing capabilities enabled enter the src/ directory and launch:
mvn clean install -Pauditing
To run the application from Maven with the auditing capabilities enabled you also need the profile:
mvn jetty:run -Pauditing
An OS environment variable or a Java property variable of name GEOSTORE_AUDITING_CONF must exist and point to a valid configuration file.
For example as a java property variable:
-DGEOSTORE_AUDITING_CONF="/opt/geostore/conf/auditing.properties"
and as Linux environment variable:
export GEOSTORE_AUDITING_CONF="/opt/geostore/conf/auditing.properties"
If the variable above is not defined the auditing capabilities will be disabled. No exception will be throw, but an warning will appear in the application log file.
The configuration file must contain the following properties:
- auditing.enable: allow to disable or enable the auditing capabilities
- auditing.templates.directory: defines the directory that should contain the templates
- auditing.output.directory: defines the directory that should contain the produced audit information files
- auditing.templates.version: specifies the version of the current templates
- auditing.max.requests.per.file: specifies the max number of request per file
- auditing.output.files.extension: allow to define the file extension of the produced audit information files
All this properties are mandatory if one of this properties is missing an exception will be throw specifying which property is missing.
Follow the example of a configuration file:
auditing.enable=true
auditing.templates.directory=/opt/geostore/conf/templates
auditing.output.directory=/var/geostore/auditing
auditing.templates.version=1
auditing.max.requests.per.file=100
auditing.output.files.extension=xml
The auditing output format can be configured using Apache FreeMarker template language. Three templates are required header.ftl, body.ftl and footer.ftl and should be present on the templates directory.
Those are the properties that will be available:
Follow examples of the three templates that contain all the possible values.
<?xml version="1.0" encoding="UTF-8" ?>
<Requests>
<#escape x as x?xml>
<Request id="${id!""}">
<HttpMethod>${httpMethod!""}</HttpMethod>
<Path>${path!""}</Path>
<BasePath>${basePath!""}</BasePath>
<QueryString>${queryString!""}</QueryString>
<RemoteAddr>${remoteAddr!""}</RemoteAddr>
<RemoteHost>${remoteHost!""}</RemoteHost>
<RemoteUser>${remoteUser!""}</RemoteUser>
<UserName>${userName!""}</UserName>
<UserRole>${userRole!""}</UserRole>
<UserGroups>${userGroups!""}</UserGroups>
<Host>${host}</Host>
<#if bodyAsString??>
<Body>${bodyAsString}</Body>
</#if>
<#if failed??>
<Failed>true</Failed>
<ErrorMessage>${errorMessage!""}</ErrorMessage>
<#else>
<Failed>false</Failed>
</#if>
<ResponseStatus>${responseStatus!""}</ResponseStatus>
<ResponseContentType>${responseContentType!""}</ResponseContentType>
<ResponseLength>${responseLength!""}</ResponseLength>
<StartTime>${(startTime?number?number_to_datetime?iso_utc_ms)!""}</StartTime>
<EndTime>${(endTime?number?number_to_datetime?iso_utc_ms)!""}</EndTime>
<TotalTime>${totalTime!""}</TotalTime>
</Request>
</#escape>
</Requests>