Red Hat Bugzilla – Bug 1003774
Implement test coverage for Audit Log
Last modified: 2014-10-25 08:37:03 EDT
A Common Criteria Requirement is the ability to configure an audit log of management operations. The design note in the Eng Notes satisfies the criteria.
We will provide audit logging via a logging subsystem appender, similarly to EAP 5.
– Resistance to message deletion/alteration will be provided because it is possible for the user to configure an appender that uses syslog to ensure a copy of the log is in a location owned by a separate process or even in a separate server. JBoss Logging supports a syslog appender.
– Non-repudidation of logging messages will be possible by configuring a syslog appender that uses TLS. EAP engineering will provide such an appender as part of this task-- This facility will be limited to management operation logging; not for EE application event logging.
– See https://docs.google.com/document/d/1sR1WjX7UDW-H1f4TJO4Qsd0u8p_Mjew7PDRlVgXQ05Q/edit for an analysis of possible features in an audit logging solution. Our intent is to deliver items 1 and 2 in that list.
We need test coverage for this feature.
This issue reported against older version, cannot be reproduced against latest 6.3.0. bits, which means it was fixed earlier. Therefore, we are closing this bug. Thank you for reporting this issue.