001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2015-2016 ForgeRock AS. 015 */ 016package org.forgerock.audit.handlers.syslog; 017 018import static java.util.Collections.unmodifiableMap; 019 020import java.util.ArrayList; 021import java.util.HashMap; 022import java.util.List; 023import java.util.Map; 024 025import org.forgerock.audit.events.handlers.EventHandlerConfiguration; 026 027import com.fasterxml.jackson.annotation.JsonProperty; 028import com.fasterxml.jackson.annotation.JsonPropertyDescription; 029 030/** 031 * Configuration object for the {@link SyslogAuditEventHandler}. 032 * <p> 033 * This configuration object can be created from JSON. Example of valid JSON configuration: 034 * 035 * <pre> 036 { 037 "protocol" : "TCP", 038 "host" : "https://forgerock.example.com", 039 "port" : 6514, 040 "connectTimeout" : 30000, 041 "facility" : "local0", 042 "severityFieldMappings": [{ 043 "topic" : "system-status", 044 "field" : "level", 045 "valueMappings" : { 046 "SEVERE" : "EMERGENCY", 047 "WARNING" : "WARNING", 048 "INFO" : "INFORMATIONAL" 049 }, 050 "buffering" : { 051 "enabled" : "true" 052 } 053 }] 054 } 055 </pre> 056 */ 057public class SyslogAuditEventHandlerConfiguration extends EventHandlerConfiguration { 058 059 @JsonProperty(required = true) 060 @JsonPropertyDescription("audit.handlers.syslog.transportProtocol") 061 private TransportProtocol protocol; 062 063 @JsonProperty(required = true) 064 @JsonPropertyDescription("audit.handlers.syslog.host") 065 private String host; 066 067 @JsonProperty(required = true) 068 @JsonPropertyDescription("audit.handlers.syslog.port") 069 private int port; 070 071 @JsonPropertyDescription("audit.handlers.syslog.connectTimeout") 072 private int connectTimeout; 073 074 @JsonProperty(required = true) 075 @JsonPropertyDescription("audit.handlers.syslog.facility") 076 private Facility facility; 077 078 @JsonProperty 079 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMappings") 080 private List<SeverityFieldMapping> severityFieldMappings = new ArrayList<>(); 081 082 /** Event buffering is disabled by default. */ 083 @JsonPropertyDescription("audit.handlers.syslog.buffering") 084 protected EventBufferingConfiguration buffering = new EventBufferingConfiguration(); 085 086 /** 087 * Returns the protocol over which messages transmitted to the Syslog daemon. 088 * 089 * @return the transport protocol. 090 */ 091 public TransportProtocol getProtocol() { 092 return protocol; 093 } 094 095 /** 096 * Sets the protocol over which messages transmitted to the Syslog daemon. 097 * 098 * @param protocol 099 * the transport protocol. 100 */ 101 public void setProtocol(TransportProtocol protocol) { 102 this.protocol = protocol; 103 } 104 105 /** 106 * Returns the hostname of the Syslog daemon to which messages should be published. 107 * 108 * @return the hostname. 109 */ 110 public String getHost() { 111 return host; 112 } 113 114 /** 115 * Sets the hostname of the Syslog daemon to which messages should be published. 116 * 117 * @param host 118 * the hostname. 119 */ 120 public void setHost(String host) { 121 this.host = host; 122 } 123 124 /** 125 * Returns the port of the Syslog daemon to which messages should be published. 126 * 127 * @return the port. 128 */ 129 public int getPort() { 130 return port; 131 } 132 133 /** 134 * Sets the port of the Syslog daemon to which messages should be published. 135 * 136 * @param port 137 * the port. 138 */ 139 public void setPort(int port) { 140 this.port = port; 141 } 142 143 /** 144 * Returns the timeout after which attempts to connect to the Syslog daemon will be abandoned. 145 * <p/> 146 * Only applies when {@link TransportProtocol#TCP} is active. 147 * 148 * @return the connect timeout. 149 */ 150 public int getConnectTimeout() { 151 return connectTimeout; 152 } 153 154 /** 155 * Sets the timeout after which attempts to connect to the Syslog daemon will be abandoned. 156 * <p/> 157 * Only applies when {@link TransportProtocol#TCP} is active. 158 * 159 * @param connectTimeout 160 * the connect timeout. 161 */ 162 public void setConnectTimeout(int connectTimeout) { 163 this.connectTimeout = connectTimeout; 164 } 165 166 /** 167 * Returns the facility constant that should be applied to all Syslog messages. 168 * 169 * @return the facility. 170 * 171 * @see <a href="https://tools.ietf.org/html/rfc5424#section-6.2.1">RFC-5424 section 6.2.1</a> 172 */ 173 public Facility getFacility() { 174 return facility; 175 } 176 177 /** 178 * Sets the facility constant that should be applied to all Syslog messages. 179 * 180 * @param facility 181 * the facility. 182 * 183 * @see <a href="https://tools.ietf.org/html/rfc5424#section-6.2.1">RFC-5424 section 6.2.1</a> 184 */ 185 public void setFacility(Facility facility) { 186 this.facility = facility; 187 } 188 189 /** 190 * Returns the configurations for mapping audit event field values to Syslog severity values. 191 * 192 * @return the severity field mappings. 193 */ 194 public List<SeverityFieldMapping> getSeverityFieldMappings() { 195 return severityFieldMappings; 196 } 197 198 /** 199 * Sets the configurations for mapping audit event field values to Syslog severity values. 200 * 201 * @param severityFieldMappings 202 * the severity field mappings. 203 */ 204 public void setSeverityFieldMappings(List<SeverityFieldMapping> severityFieldMappings) { 205 this.severityFieldMappings = severityFieldMappings; 206 } 207 208 /** 209 * Returns the configuration for events buffering. 210 * 211 * @return the configuration 212 */ 213 public EventBufferingConfiguration getBuffering() { 214 return buffering; 215 } 216 217 /** 218 * Sets the configuration for events buffering. 219 * 220 * @param bufferingConfiguration 221 * The configuration 222 */ 223 public void setBufferingConfiguration(EventBufferingConfiguration bufferingConfiguration) { 224 this.buffering = bufferingConfiguration; 225 } 226 227 @Override 228 public boolean isUsableForQueries() { 229 return false; 230 } 231 232 /** 233 * Encapsulates configuration for mapping audit event field values to Syslog severity values. 234 */ 235 public static final class SeverityFieldMapping { 236 237 @JsonProperty(required = true) 238 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.topic") 239 private String topic; 240 241 @JsonProperty(required = true) 242 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.field") 243 private String field; 244 245 @JsonProperty(required = true) 246 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.valueMappings") 247 private Map<String, Severity> valueMappings = new HashMap<>(); 248 249 /** 250 * Returns the name of the event topic to which this mapping applies. 251 * 252 * @return the event topic name. 253 */ 254 public String getTopic() { 255 return topic; 256 } 257 258 /** 259 * Sets the name of the event topic to which this mapping applies. 260 * 261 * @param topic 262 * the event topic name. 263 */ 264 public void setTopic(String topic) { 265 this.topic = topic; 266 } 267 268 /** 269 * Returns the name of the event topic field to which this mapping applies. 270 * <p/> 271 * If the chosen field is nested, JsonPointer notation should be used. 272 * 273 * @return the event topic field name. 274 */ 275 public String getField() { 276 return field; 277 } 278 279 /** 280 * Sets the name of the event topic field to which this mapping applies. 281 * 282 * @param field 283 * the event topic field name. 284 */ 285 public void setField(String field) { 286 this.field = field; 287 } 288 289 /** 290 * Returns the mapping of audit event values to Syslog severity values. 291 * 292 * @return the value mappings. 293 */ 294 public Map<String, Severity> getValueMappings() { 295 return unmodifiableMap(valueMappings); 296 } 297 298 /** 299 * Sets the mapping of audit event values to Syslog severity values. 300 * 301 * @param valueMappings 302 * the value mappings. 303 */ 304 public void setValueMappings(Map<String, Severity> valueMappings) { 305 this.valueMappings = new HashMap<>(valueMappings); 306 } 307 } 308 309 /** 310 * Configuration of event buffering. 311 */ 312 public static class EventBufferingConfiguration { 313 314 @JsonPropertyDescription("audit.handlers.syslog.buffering.enabled") 315 private boolean enabled; 316 317 @JsonPropertyDescription("audit.handlers.syslog.buffering.maxSize") 318 private int maxSize = 5000; 319 320 /** 321 * Indicates if event buffering is enabled. 322 * 323 * @return {@code true} if buffering is enabled. 324 */ 325 public boolean isEnabled() { 326 return enabled; 327 } 328 329 /** 330 * Sets the buffering status. 331 * 332 * @param enabled 333 * Indicates if buffering is enabled. 334 */ 335 public void setEnabled(boolean enabled) { 336 this.enabled = enabled; 337 } 338 339 } 340}