Description of problem: If Audit Logger is removed, destination handlers (i.e. its child nodes) are not removed properly. They are not present in the config file. They seem to be not removed "internally" though. Steps to Reproduce: 1. Configure AuditLog to use both File and Syslog Handlers. <audit-log> <formatters> <json-formatter name="json-formatter"/> </formatters> <handlers> <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> <syslog-handler name="my-syslog-handler" formatter="json-formatter"> <udp host="localhost" port="514"/> </syslog-handler> </handlers> <logger log-boot="true" log-read-only="false" enabled="true"> <handlers> <handler name="file"/> <handler name="my-syslog-handler"/> </handlers> </logger> </audit-log> 2. Start the server and remove Audit Logger /core-service=management/access=audit/logger=audit-log:remove() 3. Add Audit Logger back (without handlers) /core-service=management/access=audit/logger=audit-log:add(enabled=true, log-boot=true, log-read-only=false) 4. Try to remove previously defined destination handlers /core-service=management/access=audit/file-handler=file:remove() /core-service=management/access=audit/syslog-handler=my-syslog-handler:remove() 5. Fire an auditable event and find out that AuditLog continues to send logs to previously defined destinations /subsystem=logging/logger=com.arjuna:write-attribute(name=level,value=DEBUG) See log in the file (EAP_HOME/standalone/data/audit-log.log) See log in the syslog (/var/log/messages) Actual results: Step 4: { "outcome" => "failed", "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.NullPointerException", "rolled-back" => true } Step 5: There is a record of changed log level for com.arjuna in log files. Expected results: Step 4: It is possible to remove handlers. Step 5: No record with that piece of information is logged.