001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.client;
017
018
019
020import java.util.Collection;
021import java.util.SortedSet;
022import org.forgerock.opendj.config.ConfigurationClient;
023import org.forgerock.opendj.config.ManagedObjectDefinition;
024import org.forgerock.opendj.config.PropertyException;
025import org.forgerock.opendj.ldap.AddressMask;
026import org.forgerock.opendj.ldap.DN;
027import org.forgerock.opendj.server.config.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType;
028import org.forgerock.opendj.server.config.server.AccessLogFilteringCriteriaCfg;
029
030
031
032/**
033 * A client-side interface for reading and modifying Access Log
034 * Filtering Criteria settings.
035 * <p>
036 * A set of rules which together determine whether a log record should
037 * be logged or not.
038 */
039public interface AccessLogFilteringCriteriaCfgClient extends ConfigurationClient {
040
041  /**
042   * Get the configuration definition associated with this Access Log Filtering Criteria.
043   *
044   * @return Returns the configuration definition associated with this Access Log Filtering Criteria.
045   */
046  ManagedObjectDefinition<? extends AccessLogFilteringCriteriaCfgClient, ? extends AccessLogFilteringCriteriaCfg> definition();
047
048
049
050  /**
051   * Gets the "connection-client-address-equal-to" property.
052   * <p>
053   * Filters log records associated with connections which match at
054   * least one of the specified client host names or address masks.
055   * <p>
056   * Valid values include a host name, a fully qualified domain name,
057   * a domain name, an IP address, or a subnetwork with subnetwork
058   * mask.
059   *
060   * @return Returns the values of the "connection-client-address-equal-to" property.
061   */
062  SortedSet<AddressMask> getConnectionClientAddressEqualTo();
063
064
065
066  /**
067   * Sets the "connection-client-address-equal-to" property.
068   * <p>
069   * Filters log records associated with connections which match at
070   * least one of the specified client host names or address masks.
071   * <p>
072   * Valid values include a host name, a fully qualified domain name,
073   * a domain name, an IP address, or a subnetwork with subnetwork
074   * mask.
075   *
076   * @param values The values of the "connection-client-address-equal-to" property.
077   * @throws PropertyException
078   *           If one or more of the new values are invalid.
079   */
080  void setConnectionClientAddressEqualTo(Collection<AddressMask> values) throws PropertyException;
081
082
083
084  /**
085   * Gets the "connection-client-address-not-equal-to" property.
086   * <p>
087   * Filters log records associated with connections which do not
088   * match any of the specified client host names or address masks.
089   * <p>
090   * Valid values include a host name, a fully qualified domain name,
091   * a domain name, an IP address, or a subnetwork with subnetwork
092   * mask.
093   *
094   * @return Returns the values of the "connection-client-address-not-equal-to" property.
095   */
096  SortedSet<AddressMask> getConnectionClientAddressNotEqualTo();
097
098
099
100  /**
101   * Sets the "connection-client-address-not-equal-to" property.
102   * <p>
103   * Filters log records associated with connections which do not
104   * match any of the specified client host names or address masks.
105   * <p>
106   * Valid values include a host name, a fully qualified domain name,
107   * a domain name, an IP address, or a subnetwork with subnetwork
108   * mask.
109   *
110   * @param values The values of the "connection-client-address-not-equal-to" property.
111   * @throws PropertyException
112   *           If one or more of the new values are invalid.
113   */
114  void setConnectionClientAddressNotEqualTo(Collection<AddressMask> values) throws PropertyException;
115
116
117
118  /**
119   * Gets the "connection-port-equal-to" property.
120   * <p>
121   * Filters log records associated with connections to any of the
122   * specified listener port numbers.
123   *
124   * @return Returns the values of the "connection-port-equal-to" property.
125   */
126  SortedSet<Integer> getConnectionPortEqualTo();
127
128
129
130  /**
131   * Sets the "connection-port-equal-to" property.
132   * <p>
133   * Filters log records associated with connections to any of the
134   * specified listener port numbers.
135   *
136   * @param values The values of the "connection-port-equal-to" property.
137   * @throws PropertyException
138   *           If one or more of the new values are invalid.
139   */
140  void setConnectionPortEqualTo(Collection<Integer> values) throws PropertyException;
141
142
143
144  /**
145   * Gets the "connection-protocol-equal-to" property.
146   * <p>
147   * Filters log records associated with connections which match any
148   * of the specified protocols.
149   * <p>
150   * Typical values include "ldap", "ldaps", or "jmx".
151   *
152   * @return Returns the values of the "connection-protocol-equal-to" property.
153   */
154  SortedSet<String> getConnectionProtocolEqualTo();
155
156
157
158  /**
159   * Sets the "connection-protocol-equal-to" property.
160   * <p>
161   * Filters log records associated with connections which match any
162   * of the specified protocols.
163   * <p>
164   * Typical values include "ldap", "ldaps", or "jmx".
165   *
166   * @param values The values of the "connection-protocol-equal-to" property.
167   * @throws PropertyException
168   *           If one or more of the new values are invalid.
169   */
170  void setConnectionProtocolEqualTo(Collection<String> values) throws PropertyException;
171
172
173
174  /**
175   * Gets the "log-record-type" property.
176   * <p>
177   * Filters log records based on their type.
178   *
179   * @return Returns the values of the "log-record-type" property.
180   */
181  SortedSet<LogRecordType> getLogRecordType();
182
183
184
185  /**
186   * Sets the "log-record-type" property.
187   * <p>
188   * Filters log records based on their type.
189   *
190   * @param values The values of the "log-record-type" property.
191   * @throws PropertyException
192   *           If one or more of the new values are invalid.
193   */
194  void setLogRecordType(Collection<LogRecordType> values) throws PropertyException;
195
196
197
198  /**
199   * Gets the "request-target-dn-equal-to" property.
200   * <p>
201   * Filters operation log records associated with operations which
202   * target entries matching at least one of the specified DN patterns.
203   * <p>
204   * Valid DN filters are strings composed of zero or more wildcards.
205   * A double wildcard ** replaces one or more RDN components (as in
206   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
207   * either a whole RDN, or a whole type, or a value substring (as in
208   * uid=bj*,ou=people,dc=example,dc=com).
209   *
210   * @return Returns the values of the "request-target-dn-equal-to" property.
211   */
212  SortedSet<String> getRequestTargetDNEqualTo();
213
214
215
216  /**
217   * Sets the "request-target-dn-equal-to" property.
218   * <p>
219   * Filters operation log records associated with operations which
220   * target entries matching at least one of the specified DN patterns.
221   * <p>
222   * Valid DN filters are strings composed of zero or more wildcards.
223   * A double wildcard ** replaces one or more RDN components (as in
224   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
225   * either a whole RDN, or a whole type, or a value substring (as in
226   * uid=bj*,ou=people,dc=example,dc=com).
227   *
228   * @param values The values of the "request-target-dn-equal-to" property.
229   * @throws PropertyException
230   *           If one or more of the new values are invalid.
231   */
232  void setRequestTargetDNEqualTo(Collection<String> values) throws PropertyException;
233
234
235
236  /**
237   * Gets the "request-target-dn-not-equal-to" property.
238   * <p>
239   * Filters operation log records associated with operations which
240   * target entries matching none of the specified DN patterns.
241   * <p>
242   * Valid DN filters are strings composed of zero or more wildcards.
243   * A double wildcard ** replaces one or more RDN components (as in
244   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
245   * either a whole RDN, or a whole type, or a value substring (as in
246   * uid=bj*,ou=people,dc=example,dc=com).
247   *
248   * @return Returns the values of the "request-target-dn-not-equal-to" property.
249   */
250  SortedSet<String> getRequestTargetDNNotEqualTo();
251
252
253
254  /**
255   * Sets the "request-target-dn-not-equal-to" property.
256   * <p>
257   * Filters operation log records associated with operations which
258   * target entries matching none of the specified DN patterns.
259   * <p>
260   * Valid DN filters are strings composed of zero or more wildcards.
261   * A double wildcard ** replaces one or more RDN components (as in
262   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
263   * either a whole RDN, or a whole type, or a value substring (as in
264   * uid=bj*,ou=people,dc=example,dc=com).
265   *
266   * @param values The values of the "request-target-dn-not-equal-to" property.
267   * @throws PropertyException
268   *           If one or more of the new values are invalid.
269   */
270  void setRequestTargetDNNotEqualTo(Collection<String> values) throws PropertyException;
271
272
273
274  /**
275   * Gets the "response-etime-greater-than" property.
276   * <p>
277   * Filters operation response log records associated with operations
278   * which took longer than the specified number of milli-seconds to
279   * complete.
280   * <p>
281   * It is recommended to only use this criteria in conjunction with
282   * the "combined" output mode of the access logger, since this filter
283   * criteria is only applied to response log messages.
284   *
285   * @return Returns the value of the "response-etime-greater-than" property.
286   */
287  Integer getResponseEtimeGreaterThan();
288
289
290
291  /**
292   * Sets the "response-etime-greater-than" property.
293   * <p>
294   * Filters operation response log records associated with operations
295   * which took longer than the specified number of milli-seconds to
296   * complete.
297   * <p>
298   * It is recommended to only use this criteria in conjunction with
299   * the "combined" output mode of the access logger, since this filter
300   * criteria is only applied to response log messages.
301   *
302   * @param value The value of the "response-etime-greater-than" property.
303   * @throws PropertyException
304   *           If the new value is invalid.
305   */
306  void setResponseEtimeGreaterThan(Integer value) throws PropertyException;
307
308
309
310  /**
311   * Gets the "response-etime-less-than" property.
312   * <p>
313   * Filters operation response log records associated with operations
314   * which took less than the specified number of milli-seconds to
315   * complete.
316   * <p>
317   * It is recommended to only use this criteria in conjunction with
318   * the "combined" output mode of the access logger, since this filter
319   * criteria is only applied to response log messages.
320   *
321   * @return Returns the value of the "response-etime-less-than" property.
322   */
323  Integer getResponseEtimeLessThan();
324
325
326
327  /**
328   * Sets the "response-etime-less-than" property.
329   * <p>
330   * Filters operation response log records associated with operations
331   * which took less than the specified number of milli-seconds to
332   * complete.
333   * <p>
334   * It is recommended to only use this criteria in conjunction with
335   * the "combined" output mode of the access logger, since this filter
336   * criteria is only applied to response log messages.
337   *
338   * @param value The value of the "response-etime-less-than" property.
339   * @throws PropertyException
340   *           If the new value is invalid.
341   */
342  void setResponseEtimeLessThan(Integer value) throws PropertyException;
343
344
345
346  /**
347   * Gets the "response-result-code-equal-to" property.
348   * <p>
349   * Filters operation response log records associated with operations
350   * which include any of the specified result codes.
351   * <p>
352   * It is recommended to only use this criteria in conjunction with
353   * the "combined" output mode of the access logger, since this filter
354   * criteria is only applied to response log messages.
355   *
356   * @return Returns the values of the "response-result-code-equal-to" property.
357   */
358  SortedSet<Integer> getResponseResultCodeEqualTo();
359
360
361
362  /**
363   * Sets the "response-result-code-equal-to" property.
364   * <p>
365   * Filters operation response log records associated with operations
366   * which include any of the specified result codes.
367   * <p>
368   * It is recommended to only use this criteria in conjunction with
369   * the "combined" output mode of the access logger, since this filter
370   * criteria is only applied to response log messages.
371   *
372   * @param values The values of the "response-result-code-equal-to" property.
373   * @throws PropertyException
374   *           If one or more of the new values are invalid.
375   */
376  void setResponseResultCodeEqualTo(Collection<Integer> values) throws PropertyException;
377
378
379
380  /**
381   * Gets the "response-result-code-not-equal-to" property.
382   * <p>
383   * Filters operation response log records associated with operations
384   * which do not include any of the specified result codes.
385   * <p>
386   * It is recommended to only use this criteria in conjunction with
387   * the "combined" output mode of the access logger, since this filter
388   * criteria is only applied to response log messages.
389   *
390   * @return Returns the values of the "response-result-code-not-equal-to" property.
391   */
392  SortedSet<Integer> getResponseResultCodeNotEqualTo();
393
394
395
396  /**
397   * Sets the "response-result-code-not-equal-to" property.
398   * <p>
399   * Filters operation response log records associated with operations
400   * which do not include any of the specified result codes.
401   * <p>
402   * It is recommended to only use this criteria in conjunction with
403   * the "combined" output mode of the access logger, since this filter
404   * criteria is only applied to response log messages.
405   *
406   * @param values The values of the "response-result-code-not-equal-to" property.
407   * @throws PropertyException
408   *           If one or more of the new values are invalid.
409   */
410  void setResponseResultCodeNotEqualTo(Collection<Integer> values) throws PropertyException;
411
412
413
414  /**
415   * Gets the "search-response-is-indexed" property.
416   * <p>
417   * Filters search operation response log records associated with
418   * searches which were either indexed or unindexed.
419   * <p>
420   * It is recommended to only use this criteria in conjunction with
421   * the "combined" output mode of the access logger, since this filter
422   * criteria is only applied to response log messages.
423   *
424   * @return Returns the value of the "search-response-is-indexed" property.
425   */
426  Boolean isSearchResponseIsIndexed();
427
428
429
430  /**
431   * Sets the "search-response-is-indexed" property.
432   * <p>
433   * Filters search operation response log records associated with
434   * searches which were either indexed or unindexed.
435   * <p>
436   * It is recommended to only use this criteria in conjunction with
437   * the "combined" output mode of the access logger, since this filter
438   * criteria is only applied to response log messages.
439   *
440   * @param value The value of the "search-response-is-indexed" property.
441   * @throws PropertyException
442   *           If the new value is invalid.
443   */
444  void setSearchResponseIsIndexed(Boolean value) throws PropertyException;
445
446
447
448  /**
449   * Gets the "search-response-nentries-greater-than" property.
450   * <p>
451   * Filters search operation response log records associated with
452   * searches which returned more than the specified number of entries.
453   * <p>
454   * It is recommended to only use this criteria in conjunction with
455   * the "combined" output mode of the access logger, since this filter
456   * criteria is only applied to response log messages.
457   *
458   * @return Returns the value of the "search-response-nentries-greater-than" property.
459   */
460  Integer getSearchResponseNentriesGreaterThan();
461
462
463
464  /**
465   * Sets the "search-response-nentries-greater-than" property.
466   * <p>
467   * Filters search operation response log records associated with
468   * searches which returned more than the specified number of entries.
469   * <p>
470   * It is recommended to only use this criteria in conjunction with
471   * the "combined" output mode of the access logger, since this filter
472   * criteria is only applied to response log messages.
473   *
474   * @param value The value of the "search-response-nentries-greater-than" property.
475   * @throws PropertyException
476   *           If the new value is invalid.
477   */
478  void setSearchResponseNentriesGreaterThan(Integer value) throws PropertyException;
479
480
481
482  /**
483   * Gets the "search-response-nentries-less-than" property.
484   * <p>
485   * Filters search operation response log records associated with
486   * searches which returned less than the specified number of entries.
487   * <p>
488   * It is recommended to only use this criteria in conjunction with
489   * the "combined" output mode of the access logger, since this filter
490   * criteria is only applied to response log messages.
491   *
492   * @return Returns the value of the "search-response-nentries-less-than" property.
493   */
494  Integer getSearchResponseNentriesLessThan();
495
496
497
498  /**
499   * Sets the "search-response-nentries-less-than" property.
500   * <p>
501   * Filters search operation response log records associated with
502   * searches which returned less than the specified number of entries.
503   * <p>
504   * It is recommended to only use this criteria in conjunction with
505   * the "combined" output mode of the access logger, since this filter
506   * criteria is only applied to response log messages.
507   *
508   * @param value The value of the "search-response-nentries-less-than" property.
509   * @throws PropertyException
510   *           If the new value is invalid.
511   */
512  void setSearchResponseNentriesLessThan(Integer value) throws PropertyException;
513
514
515
516  /**
517   * Gets the "user-dn-equal-to" property.
518   * <p>
519   * Filters log records associated with users matching at least one
520   * of the specified DN patterns.
521   * <p>
522   * Valid DN filters are strings composed of zero or more wildcards.
523   * A double wildcard ** replaces one or more RDN components (as in
524   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
525   * either a whole RDN, or a whole type, or a value substring (as in
526   * uid=bj*,ou=people,dc=example,dc=com).
527   *
528   * @return Returns the values of the "user-dn-equal-to" property.
529   */
530  SortedSet<String> getUserDNEqualTo();
531
532
533
534  /**
535   * Sets the "user-dn-equal-to" property.
536   * <p>
537   * Filters log records associated with users matching at least one
538   * of the specified DN patterns.
539   * <p>
540   * Valid DN filters are strings composed of zero or more wildcards.
541   * A double wildcard ** replaces one or more RDN components (as in
542   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
543   * either a whole RDN, or a whole type, or a value substring (as in
544   * uid=bj*,ou=people,dc=example,dc=com).
545   *
546   * @param values The values of the "user-dn-equal-to" property.
547   * @throws PropertyException
548   *           If one or more of the new values are invalid.
549   */
550  void setUserDNEqualTo(Collection<String> values) throws PropertyException;
551
552
553
554  /**
555   * Gets the "user-dn-not-equal-to" property.
556   * <p>
557   * Filters log records associated with users which do not match any
558   * of the specified DN patterns.
559   * <p>
560   * Valid DN filters are strings composed of zero or more wildcards.
561   * A double wildcard ** replaces one or more RDN components (as in
562   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
563   * either a whole RDN, or a whole type, or a value substring (as in
564   * uid=bj*,ou=people,dc=example,dc=com).
565   *
566   * @return Returns the values of the "user-dn-not-equal-to" property.
567   */
568  SortedSet<String> getUserDNNotEqualTo();
569
570
571
572  /**
573   * Sets the "user-dn-not-equal-to" property.
574   * <p>
575   * Filters log records associated with users which do not match any
576   * of the specified DN patterns.
577   * <p>
578   * Valid DN filters are strings composed of zero or more wildcards.
579   * A double wildcard ** replaces one or more RDN components (as in
580   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
581   * either a whole RDN, or a whole type, or a value substring (as in
582   * uid=bj*,ou=people,dc=example,dc=com).
583   *
584   * @param values The values of the "user-dn-not-equal-to" property.
585   * @throws PropertyException
586   *           If one or more of the new values are invalid.
587   */
588  void setUserDNNotEqualTo(Collection<String> values) throws PropertyException;
589
590
591
592  /**
593   * Gets the "user-is-member-of" property.
594   * <p>
595   * Filters log records associated with users which are members of at
596   * least one of the specified groups.
597   *
598   * @return Returns the values of the "user-is-member-of" property.
599   */
600  SortedSet<DN> getUserIsMemberOf();
601
602
603
604  /**
605   * Sets the "user-is-member-of" property.
606   * <p>
607   * Filters log records associated with users which are members of at
608   * least one of the specified groups.
609   *
610   * @param values The values of the "user-is-member-of" property.
611   * @throws PropertyException
612   *           If one or more of the new values are invalid.
613   */
614  void setUserIsMemberOf(Collection<DN> values) throws PropertyException;
615
616
617
618  /**
619   * Gets the "user-is-not-member-of" property.
620   * <p>
621   * Filters log records associated with users which are not members
622   * of any of the specified groups.
623   *
624   * @return Returns the values of the "user-is-not-member-of" property.
625   */
626  SortedSet<DN> getUserIsNotMemberOf();
627
628
629
630  /**
631   * Sets the "user-is-not-member-of" property.
632   * <p>
633   * Filters log records associated with users which are not members
634   * of any of the specified groups.
635   *
636   * @param values The values of the "user-is-not-member-of" property.
637   * @throws PropertyException
638   *           If one or more of the new values are invalid.
639   */
640  void setUserIsNotMemberOf(Collection<DN> values) throws PropertyException;
641
642}