001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.client; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import org.forgerock.opendj.config.ConfigurationClient; 023import org.forgerock.opendj.config.ManagedObjectDefinition; 024import org.forgerock.opendj.config.PropertyException; 025import org.forgerock.opendj.ldap.AddressMask; 026import org.forgerock.opendj.ldap.DN; 027import org.forgerock.opendj.server.config.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType; 028import org.forgerock.opendj.server.config.server.AccessLogFilteringCriteriaCfg; 029 030 031 032/** 033 * A client-side interface for reading and modifying Access Log 034 * Filtering Criteria settings. 035 * <p> 036 * A set of rules which together determine whether a log record should 037 * be logged or not. 038 */ 039public interface AccessLogFilteringCriteriaCfgClient extends ConfigurationClient { 040 041 /** 042 * Get the configuration definition associated with this Access Log Filtering Criteria. 043 * 044 * @return Returns the configuration definition associated with this Access Log Filtering Criteria. 045 */ 046 ManagedObjectDefinition<? extends AccessLogFilteringCriteriaCfgClient, ? extends AccessLogFilteringCriteriaCfg> definition(); 047 048 049 050 /** 051 * Gets the "connection-client-address-equal-to" property. 052 * <p> 053 * Filters log records associated with connections which match at 054 * least one of the specified client host names or address masks. 055 * <p> 056 * Valid values include a host name, a fully qualified domain name, 057 * a domain name, an IP address, or a subnetwork with subnetwork 058 * mask. 059 * 060 * @return Returns the values of the "connection-client-address-equal-to" property. 061 */ 062 SortedSet<AddressMask> getConnectionClientAddressEqualTo(); 063 064 065 066 /** 067 * Sets the "connection-client-address-equal-to" property. 068 * <p> 069 * Filters log records associated with connections which match at 070 * least one of the specified client host names or address masks. 071 * <p> 072 * Valid values include a host name, a fully qualified domain name, 073 * a domain name, an IP address, or a subnetwork with subnetwork 074 * mask. 075 * 076 * @param values The values of the "connection-client-address-equal-to" property. 077 * @throws PropertyException 078 * If one or more of the new values are invalid. 079 */ 080 void setConnectionClientAddressEqualTo(Collection<AddressMask> values) throws PropertyException; 081 082 083 084 /** 085 * Gets the "connection-client-address-not-equal-to" property. 086 * <p> 087 * Filters log records associated with connections which do not 088 * match any of the specified client host names or address masks. 089 * <p> 090 * Valid values include a host name, a fully qualified domain name, 091 * a domain name, an IP address, or a subnetwork with subnetwork 092 * mask. 093 * 094 * @return Returns the values of the "connection-client-address-not-equal-to" property. 095 */ 096 SortedSet<AddressMask> getConnectionClientAddressNotEqualTo(); 097 098 099 100 /** 101 * Sets the "connection-client-address-not-equal-to" property. 102 * <p> 103 * Filters log records associated with connections which do not 104 * match any of the specified client host names or address masks. 105 * <p> 106 * Valid values include a host name, a fully qualified domain name, 107 * a domain name, an IP address, or a subnetwork with subnetwork 108 * mask. 109 * 110 * @param values The values of the "connection-client-address-not-equal-to" property. 111 * @throws PropertyException 112 * If one or more of the new values are invalid. 113 */ 114 void setConnectionClientAddressNotEqualTo(Collection<AddressMask> values) throws PropertyException; 115 116 117 118 /** 119 * Gets the "connection-port-equal-to" property. 120 * <p> 121 * Filters log records associated with connections to any of the 122 * specified listener port numbers. 123 * 124 * @return Returns the values of the "connection-port-equal-to" property. 125 */ 126 SortedSet<Integer> getConnectionPortEqualTo(); 127 128 129 130 /** 131 * Sets the "connection-port-equal-to" property. 132 * <p> 133 * Filters log records associated with connections to any of the 134 * specified listener port numbers. 135 * 136 * @param values The values of the "connection-port-equal-to" property. 137 * @throws PropertyException 138 * If one or more of the new values are invalid. 139 */ 140 void setConnectionPortEqualTo(Collection<Integer> values) throws PropertyException; 141 142 143 144 /** 145 * Gets the "connection-protocol-equal-to" property. 146 * <p> 147 * Filters log records associated with connections which match any 148 * of the specified protocols. 149 * <p> 150 * Typical values include "ldap", "ldaps", or "jmx". 151 * 152 * @return Returns the values of the "connection-protocol-equal-to" property. 153 */ 154 SortedSet<String> getConnectionProtocolEqualTo(); 155 156 157 158 /** 159 * Sets the "connection-protocol-equal-to" property. 160 * <p> 161 * Filters log records associated with connections which match any 162 * of the specified protocols. 163 * <p> 164 * Typical values include "ldap", "ldaps", or "jmx". 165 * 166 * @param values The values of the "connection-protocol-equal-to" property. 167 * @throws PropertyException 168 * If one or more of the new values are invalid. 169 */ 170 void setConnectionProtocolEqualTo(Collection<String> values) throws PropertyException; 171 172 173 174 /** 175 * Gets the "log-record-type" property. 176 * <p> 177 * Filters log records based on their type. 178 * 179 * @return Returns the values of the "log-record-type" property. 180 */ 181 SortedSet<LogRecordType> getLogRecordType(); 182 183 184 185 /** 186 * Sets the "log-record-type" property. 187 * <p> 188 * Filters log records based on their type. 189 * 190 * @param values The values of the "log-record-type" property. 191 * @throws PropertyException 192 * If one or more of the new values are invalid. 193 */ 194 void setLogRecordType(Collection<LogRecordType> values) throws PropertyException; 195 196 197 198 /** 199 * Gets the "request-target-dn-equal-to" property. 200 * <p> 201 * Filters operation log records associated with operations which 202 * target entries matching at least one of the specified DN patterns. 203 * <p> 204 * Valid DN filters are strings composed of zero or more wildcards. 205 * A double wildcard ** replaces one or more RDN components (as in 206 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 207 * either a whole RDN, or a whole type, or a value substring (as in 208 * uid=bj*,ou=people,dc=example,dc=com). 209 * 210 * @return Returns the values of the "request-target-dn-equal-to" property. 211 */ 212 SortedSet<String> getRequestTargetDNEqualTo(); 213 214 215 216 /** 217 * Sets the "request-target-dn-equal-to" property. 218 * <p> 219 * Filters operation log records associated with operations which 220 * target entries matching at least one of the specified DN patterns. 221 * <p> 222 * Valid DN filters are strings composed of zero or more wildcards. 223 * A double wildcard ** replaces one or more RDN components (as in 224 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 225 * either a whole RDN, or a whole type, or a value substring (as in 226 * uid=bj*,ou=people,dc=example,dc=com). 227 * 228 * @param values The values of the "request-target-dn-equal-to" property. 229 * @throws PropertyException 230 * If one or more of the new values are invalid. 231 */ 232 void setRequestTargetDNEqualTo(Collection<String> values) throws PropertyException; 233 234 235 236 /** 237 * Gets the "request-target-dn-not-equal-to" property. 238 * <p> 239 * Filters operation log records associated with operations which 240 * target entries matching none of the specified DN patterns. 241 * <p> 242 * Valid DN filters are strings composed of zero or more wildcards. 243 * A double wildcard ** replaces one or more RDN components (as in 244 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 245 * either a whole RDN, or a whole type, or a value substring (as in 246 * uid=bj*,ou=people,dc=example,dc=com). 247 * 248 * @return Returns the values of the "request-target-dn-not-equal-to" property. 249 */ 250 SortedSet<String> getRequestTargetDNNotEqualTo(); 251 252 253 254 /** 255 * Sets the "request-target-dn-not-equal-to" property. 256 * <p> 257 * Filters operation log records associated with operations which 258 * target entries matching none of the specified DN patterns. 259 * <p> 260 * Valid DN filters are strings composed of zero or more wildcards. 261 * A double wildcard ** replaces one or more RDN components (as in 262 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 263 * either a whole RDN, or a whole type, or a value substring (as in 264 * uid=bj*,ou=people,dc=example,dc=com). 265 * 266 * @param values The values of the "request-target-dn-not-equal-to" property. 267 * @throws PropertyException 268 * If one or more of the new values are invalid. 269 */ 270 void setRequestTargetDNNotEqualTo(Collection<String> values) throws PropertyException; 271 272 273 274 /** 275 * Gets the "response-etime-greater-than" property. 276 * <p> 277 * Filters operation response log records associated with operations 278 * which took longer than the specified number of milli-seconds to 279 * complete. 280 * <p> 281 * It is recommended to only use this criteria in conjunction with 282 * the "combined" output mode of the access logger, since this filter 283 * criteria is only applied to response log messages. 284 * 285 * @return Returns the value of the "response-etime-greater-than" property. 286 */ 287 Integer getResponseEtimeGreaterThan(); 288 289 290 291 /** 292 * Sets the "response-etime-greater-than" property. 293 * <p> 294 * Filters operation response log records associated with operations 295 * which took longer than the specified number of milli-seconds to 296 * complete. 297 * <p> 298 * It is recommended to only use this criteria in conjunction with 299 * the "combined" output mode of the access logger, since this filter 300 * criteria is only applied to response log messages. 301 * 302 * @param value The value of the "response-etime-greater-than" property. 303 * @throws PropertyException 304 * If the new value is invalid. 305 */ 306 void setResponseEtimeGreaterThan(Integer value) throws PropertyException; 307 308 309 310 /** 311 * Gets the "response-etime-less-than" property. 312 * <p> 313 * Filters operation response log records associated with operations 314 * which took less than the specified number of milli-seconds to 315 * complete. 316 * <p> 317 * It is recommended to only use this criteria in conjunction with 318 * the "combined" output mode of the access logger, since this filter 319 * criteria is only applied to response log messages. 320 * 321 * @return Returns the value of the "response-etime-less-than" property. 322 */ 323 Integer getResponseEtimeLessThan(); 324 325 326 327 /** 328 * Sets the "response-etime-less-than" property. 329 * <p> 330 * Filters operation response log records associated with operations 331 * which took less than the specified number of milli-seconds to 332 * complete. 333 * <p> 334 * It is recommended to only use this criteria in conjunction with 335 * the "combined" output mode of the access logger, since this filter 336 * criteria is only applied to response log messages. 337 * 338 * @param value The value of the "response-etime-less-than" property. 339 * @throws PropertyException 340 * If the new value is invalid. 341 */ 342 void setResponseEtimeLessThan(Integer value) throws PropertyException; 343 344 345 346 /** 347 * Gets the "response-result-code-equal-to" property. 348 * <p> 349 * Filters operation response log records associated with operations 350 * which include any of the specified result codes. 351 * <p> 352 * It is recommended to only use this criteria in conjunction with 353 * the "combined" output mode of the access logger, since this filter 354 * criteria is only applied to response log messages. 355 * 356 * @return Returns the values of the "response-result-code-equal-to" property. 357 */ 358 SortedSet<Integer> getResponseResultCodeEqualTo(); 359 360 361 362 /** 363 * Sets the "response-result-code-equal-to" property. 364 * <p> 365 * Filters operation response log records associated with operations 366 * which include any of the specified result codes. 367 * <p> 368 * It is recommended to only use this criteria in conjunction with 369 * the "combined" output mode of the access logger, since this filter 370 * criteria is only applied to response log messages. 371 * 372 * @param values The values of the "response-result-code-equal-to" property. 373 * @throws PropertyException 374 * If one or more of the new values are invalid. 375 */ 376 void setResponseResultCodeEqualTo(Collection<Integer> values) throws PropertyException; 377 378 379 380 /** 381 * Gets the "response-result-code-not-equal-to" property. 382 * <p> 383 * Filters operation response log records associated with operations 384 * which do not include any of the specified result codes. 385 * <p> 386 * It is recommended to only use this criteria in conjunction with 387 * the "combined" output mode of the access logger, since this filter 388 * criteria is only applied to response log messages. 389 * 390 * @return Returns the values of the "response-result-code-not-equal-to" property. 391 */ 392 SortedSet<Integer> getResponseResultCodeNotEqualTo(); 393 394 395 396 /** 397 * Sets the "response-result-code-not-equal-to" property. 398 * <p> 399 * Filters operation response log records associated with operations 400 * which do not include any of the specified result codes. 401 * <p> 402 * It is recommended to only use this criteria in conjunction with 403 * the "combined" output mode of the access logger, since this filter 404 * criteria is only applied to response log messages. 405 * 406 * @param values The values of the "response-result-code-not-equal-to" property. 407 * @throws PropertyException 408 * If one or more of the new values are invalid. 409 */ 410 void setResponseResultCodeNotEqualTo(Collection<Integer> values) throws PropertyException; 411 412 413 414 /** 415 * Gets the "search-response-is-indexed" property. 416 * <p> 417 * Filters search operation response log records associated with 418 * searches which were either indexed or unindexed. 419 * <p> 420 * It is recommended to only use this criteria in conjunction with 421 * the "combined" output mode of the access logger, since this filter 422 * criteria is only applied to response log messages. 423 * 424 * @return Returns the value of the "search-response-is-indexed" property. 425 */ 426 Boolean isSearchResponseIsIndexed(); 427 428 429 430 /** 431 * Sets the "search-response-is-indexed" property. 432 * <p> 433 * Filters search operation response log records associated with 434 * searches which were either indexed or unindexed. 435 * <p> 436 * It is recommended to only use this criteria in conjunction with 437 * the "combined" output mode of the access logger, since this filter 438 * criteria is only applied to response log messages. 439 * 440 * @param value The value of the "search-response-is-indexed" property. 441 * @throws PropertyException 442 * If the new value is invalid. 443 */ 444 void setSearchResponseIsIndexed(Boolean value) throws PropertyException; 445 446 447 448 /** 449 * Gets the "search-response-nentries-greater-than" property. 450 * <p> 451 * Filters search operation response log records associated with 452 * searches which returned more than the specified number of entries. 453 * <p> 454 * It is recommended to only use this criteria in conjunction with 455 * the "combined" output mode of the access logger, since this filter 456 * criteria is only applied to response log messages. 457 * 458 * @return Returns the value of the "search-response-nentries-greater-than" property. 459 */ 460 Integer getSearchResponseNentriesGreaterThan(); 461 462 463 464 /** 465 * Sets the "search-response-nentries-greater-than" property. 466 * <p> 467 * Filters search operation response log records associated with 468 * searches which returned more than the specified number of entries. 469 * <p> 470 * It is recommended to only use this criteria in conjunction with 471 * the "combined" output mode of the access logger, since this filter 472 * criteria is only applied to response log messages. 473 * 474 * @param value The value of the "search-response-nentries-greater-than" property. 475 * @throws PropertyException 476 * If the new value is invalid. 477 */ 478 void setSearchResponseNentriesGreaterThan(Integer value) throws PropertyException; 479 480 481 482 /** 483 * Gets the "search-response-nentries-less-than" property. 484 * <p> 485 * Filters search operation response log records associated with 486 * searches which returned less than the specified number of entries. 487 * <p> 488 * It is recommended to only use this criteria in conjunction with 489 * the "combined" output mode of the access logger, since this filter 490 * criteria is only applied to response log messages. 491 * 492 * @return Returns the value of the "search-response-nentries-less-than" property. 493 */ 494 Integer getSearchResponseNentriesLessThan(); 495 496 497 498 /** 499 * Sets the "search-response-nentries-less-than" property. 500 * <p> 501 * Filters search operation response log records associated with 502 * searches which returned less than the specified number of entries. 503 * <p> 504 * It is recommended to only use this criteria in conjunction with 505 * the "combined" output mode of the access logger, since this filter 506 * criteria is only applied to response log messages. 507 * 508 * @param value The value of the "search-response-nentries-less-than" property. 509 * @throws PropertyException 510 * If the new value is invalid. 511 */ 512 void setSearchResponseNentriesLessThan(Integer value) throws PropertyException; 513 514 515 516 /** 517 * Gets the "user-dn-equal-to" property. 518 * <p> 519 * Filters log records associated with users matching at least one 520 * of the specified DN patterns. 521 * <p> 522 * Valid DN filters are strings composed of zero or more wildcards. 523 * A double wildcard ** replaces one or more RDN components (as in 524 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 525 * either a whole RDN, or a whole type, or a value substring (as in 526 * uid=bj*,ou=people,dc=example,dc=com). 527 * 528 * @return Returns the values of the "user-dn-equal-to" property. 529 */ 530 SortedSet<String> getUserDNEqualTo(); 531 532 533 534 /** 535 * Sets the "user-dn-equal-to" property. 536 * <p> 537 * Filters log records associated with users matching at least one 538 * of the specified DN patterns. 539 * <p> 540 * Valid DN filters are strings composed of zero or more wildcards. 541 * A double wildcard ** replaces one or more RDN components (as in 542 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 543 * either a whole RDN, or a whole type, or a value substring (as in 544 * uid=bj*,ou=people,dc=example,dc=com). 545 * 546 * @param values The values of the "user-dn-equal-to" property. 547 * @throws PropertyException 548 * If one or more of the new values are invalid. 549 */ 550 void setUserDNEqualTo(Collection<String> values) throws PropertyException; 551 552 553 554 /** 555 * Gets the "user-dn-not-equal-to" property. 556 * <p> 557 * Filters log records associated with users which do not match any 558 * of the specified DN patterns. 559 * <p> 560 * Valid DN filters are strings composed of zero or more wildcards. 561 * A double wildcard ** replaces one or more RDN components (as in 562 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 563 * either a whole RDN, or a whole type, or a value substring (as in 564 * uid=bj*,ou=people,dc=example,dc=com). 565 * 566 * @return Returns the values of the "user-dn-not-equal-to" property. 567 */ 568 SortedSet<String> getUserDNNotEqualTo(); 569 570 571 572 /** 573 * Sets the "user-dn-not-equal-to" property. 574 * <p> 575 * Filters log records associated with users which do not match any 576 * of the specified DN patterns. 577 * <p> 578 * Valid DN filters are strings composed of zero or more wildcards. 579 * A double wildcard ** replaces one or more RDN components (as in 580 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 581 * either a whole RDN, or a whole type, or a value substring (as in 582 * uid=bj*,ou=people,dc=example,dc=com). 583 * 584 * @param values The values of the "user-dn-not-equal-to" property. 585 * @throws PropertyException 586 * If one or more of the new values are invalid. 587 */ 588 void setUserDNNotEqualTo(Collection<String> values) throws PropertyException; 589 590 591 592 /** 593 * Gets the "user-is-member-of" property. 594 * <p> 595 * Filters log records associated with users which are members of at 596 * least one of the specified groups. 597 * 598 * @return Returns the values of the "user-is-member-of" property. 599 */ 600 SortedSet<DN> getUserIsMemberOf(); 601 602 603 604 /** 605 * Sets the "user-is-member-of" property. 606 * <p> 607 * Filters log records associated with users which are members of at 608 * least one of the specified groups. 609 * 610 * @param values The values of the "user-is-member-of" property. 611 * @throws PropertyException 612 * If one or more of the new values are invalid. 613 */ 614 void setUserIsMemberOf(Collection<DN> values) throws PropertyException; 615 616 617 618 /** 619 * Gets the "user-is-not-member-of" property. 620 * <p> 621 * Filters log records associated with users which are not members 622 * of any of the specified groups. 623 * 624 * @return Returns the values of the "user-is-not-member-of" property. 625 */ 626 SortedSet<DN> getUserIsNotMemberOf(); 627 628 629 630 /** 631 * Sets the "user-is-not-member-of" property. 632 * <p> 633 * Filters log records associated with users which are not members 634 * of any of the specified groups. 635 * 636 * @param values The values of the "user-is-not-member-of" property. 637 * @throws PropertyException 638 * If one or more of the new values are invalid. 639 */ 640 void setUserIsNotMemberOf(Collection<DN> values) throws PropertyException; 641 642}