Package org.forgerock.audit.handlers.syslog

Class SyslogAuditEventHandler

java.lang.Object

org.forgerock.audit.events.handlers.AuditEventHandlerBase

org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler

All Implemented Interfaces:

AuditEventHandler

public class SyslogAuditEventHandler
extends AuditEventHandlerBase

The handler publishes audit events formatted using SyslogFormatter to a syslog daemon using the configured SyslogPublisher. The publisher is flushed after each write.

Field Summary

Fields inherited from class org.forgerock.audit.events.handlers.AuditEventHandlerBase

eventTopicsMetaData

Constructor Summary

Constructors

Constructor	Description
SyslogAuditEventHandler(SyslogAuditEventHandlerConfiguration configuration, EventTopicsMetaData eventTopicsMetaData, ProductInfoProvider productInfoProvider, LocalHostNameProvider localHostNameProvider)	Create a new SyslogAuditEventHandler instance.

Method Summary

Modifier and Type	Method	Description
Promise<ResourceResponse,ResourceException>	publishEvent(org.forgerock.services.context.Context context, String topic, JsonValue event)	Publishes an event to the provided topic.
Promise<QueryResponse,ResourceException>	queryEvents(org.forgerock.services.context.Context context, String topic, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler)	Query some events from the provided topic.
Promise<ResourceResponse,ResourceException>	readEvent(org.forgerock.services.context.Context context, String topic, String resourceId)	Reads an event with the provided resource id from the provided topic.
void	shutdown()	Closes the connections established by SyslogPublisher.
void	startup()	Instruct this object that it is safe to initialize file handles and network connections.

Methods inherited from class org.forgerock.audit.events.handlers.AuditEventHandlerBase

getHandledTopics, getName, handleAction, isEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SyslogAuditEventHandler

@Inject
public SyslogAuditEventHandler(SyslogAuditEventHandlerConfiguration configuration,
                               EventTopicsMetaData eventTopicsMetaData,
                               ProductInfoProvider productInfoProvider,
                               LocalHostNameProvider localHostNameProvider)

Create a new SyslogAuditEventHandler instance.

Parameters:

configuration - Configuration parameters that can be adjusted by system administrators.

eventTopicsMetaData - Meta-data for all audit event topics.

productInfoProvider - Provides info such as product name.

localHostNameProvider - Provides local host name.

Method Detail

startup

public void startup()

Instruct this object that it is safe to initialize file handles and network connections.

Reconfiguration of the AuditService and its handlers is achieved by replacing rather than modifying the existing objects. Therefore, it's essential that the replacements do not perform any I/O that would interfere with the operation of the objects they are replacing until the old objects are shutdown. For example, when shutting down an old instance of a file-based AuditEventHandler, the old instance may need to flush buffers, apply file rotation or retention policies, or even add line or block signatures as part of tamper evident logging. Any of these operations could be broken if two handler instances are operating on the same set of files simultaneously.

shutdown

public void shutdown()

Closes the connections established by SyslogPublisher.

publishEvent

public Promise<ResourceResponse,ResourceException> publishEvent(org.forgerock.services.context.Context context,
                                                                      String topic,
                                                                      JsonValue event)

Description copied from interface: AuditEventHandler

Publishes an event to the provided topic.

Note for implementors, it is imperative that the supplied event is not modified in any way as this may cause undesirable behaviour where multiple handlers are configured. If the event must be modified, then make a copy of it and work with that.

Parameters:

context - The context chain that initiated the event.

topic - The topic where to publish the event.

event - The event to publish - which should be considered immutable.

Returns:

a promise with either a response or an exception

queryEvents

public Promise<QueryResponse,ResourceException> queryEvents(org.forgerock.services.context.Context context,
                                                                  String topic,
                                                                  QueryRequest queryRequest,
                                                                  QueryResourceHandler queryResourceHandler)

Description copied from interface: AuditEventHandler

Query some events from the provided topic.

Parameters:

context - The context chain that initiated the event.

topic - The topic on which query is performed.

queryRequest - The request with the query.

queryResourceHandler - The handler to process responses for the query.

Returns:

a promise with either a response or an exception

readEvent

public Promise<ResourceResponse,ResourceException> readEvent(org.forgerock.services.context.Context context,
                                                                   String topic,
                                                                   String resourceId)

Description copied from interface: AuditEventHandler

Reads an event with the provided resource id from the provided topic.

Parameters:

context - The context chain that initiated the event.

topic - The topic where event is read.

resourceId - The identifier of the event.

Returns:

a promise with either a response or an exception