1373382 – Handlers within Audit Logger are not removed properly when Audit Logger is removed

Bug 1373382 - Handlers within Audit Logger are not removed properly when Audit Logger is removed

Summary: Handlers within Audit Logger are not removed properly when Audit Logger is re...

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Domain Management
Sub Component:
Version:	6.4.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	jboss-set
QA Contact:	Pavel Slavicek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-06 07:09 UTC by Jan Tymel
Modified:	2019-08-19 12:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-08-19 12:47:14 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBEAP-5643	0	Major	Verified	Handlers within Audit Logger are not removed properly when Audit Logger is removed	2018-02-20 23:37:44 UTC

Description Jan Tymel 2016-09-06 07:09:07 UTC

Description of problem:
If Audit Logger is removed, destination handlers (i.e. its child nodes) are not removed properly. They are not present in the config file. They seem to be not removed "internally" though. 



Steps to Reproduce:

1. Configure AuditLog to use both File and Syslog Handlers.
<audit-log>
    <formatters>
        <json-formatter name="json-formatter"/>
    </formatters>
    <handlers>
        <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
        <syslog-handler name="my-syslog-handler" formatter="json-formatter">
            <udp host="localhost" port="514"/>
        </syslog-handler>
    </handlers>
    <logger log-boot="true" log-read-only="false" enabled="true">
        <handlers>
            <handler name="file"/>
            <handler name="my-syslog-handler"/>
        </handlers>
    </logger>
</audit-log>

2. Start the server and remove Audit Logger
/core-service=management/access=audit/logger=audit-log:remove()

3. Add Audit Logger back (without handlers)
/core-service=management/access=audit/logger=audit-log:add(enabled=true, log-boot=true, log-read-only=false)

4. Try to remove previously defined destination handlers
/core-service=management/access=audit/file-handler=file:remove()
/core-service=management/access=audit/syslog-handler=my-syslog-handler:remove()

5. Fire an auditable event and find out that AuditLog continues to send logs to previously defined destinations
/subsystem=logging/logger=com.arjuna:write-attribute(name=level,value=DEBUG)

See log in the file (EAP_HOME/standalone/data/audit-log.log)
See log in the syslog (/var/log/messages)


Actual results:
Step 4:
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.NullPointerException",
    "rolled-back" => true
}

Step 5:
There is a record of changed log level for com.arjuna in log files.


Expected results:
Step 4:
It is possible to remove handlers.

Step 5:
No record with that piece of information is logged.

Note You need to log in before you can comment on or make changes to this bug.