001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.server;
017
018
019
020import java.util.SortedSet;
021import org.forgerock.opendj.config.Configuration;
022import org.forgerock.opendj.config.server.ConfigurationChangeListener;
023import org.forgerock.opendj.ldap.AddressMask;
024import org.forgerock.opendj.ldap.DN;
025import org.forgerock.opendj.server.config.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType;
026
027
028
029/**
030 * A server-side interface for querying Access Log Filtering Criteria
031 * settings.
032 * <p>
033 * A set of rules which together determine whether a log record should
034 * be logged or not.
035 */
036public interface AccessLogFilteringCriteriaCfg extends Configuration {
037
038  /**
039   * Gets the configuration class associated with this Access Log Filtering Criteria.
040   *
041   * @return Returns the configuration class associated with this Access Log Filtering Criteria.
042   */
043  Class<? extends AccessLogFilteringCriteriaCfg> configurationClass();
044
045
046
047  /**
048   * Register to be notified when this Access Log Filtering Criteria is changed.
049   *
050   * @param listener
051   *          The Access Log Filtering Criteria configuration change listener.
052   */
053  void addChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener);
054
055
056
057  /**
058   * Deregister an existing Access Log Filtering Criteria configuration change listener.
059   *
060   * @param listener
061   *          The Access Log Filtering Criteria configuration change listener.
062   */
063  void removeChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener);
064
065
066
067  /**
068   * Gets the "connection-client-address-equal-to" property.
069   * <p>
070   * Filters log records associated with connections which match at
071   * least one of the specified client host names or address masks.
072   * <p>
073   * Valid values include a host name, a fully qualified domain name,
074   * a domain name, an IP address, or a subnetwork with subnetwork
075   * mask.
076   *
077   * @return Returns an unmodifiable set containing the values of the "connection-client-address-equal-to" property.
078   */
079  SortedSet<AddressMask> getConnectionClientAddressEqualTo();
080
081
082
083  /**
084   * Gets the "connection-client-address-not-equal-to" property.
085   * <p>
086   * Filters log records associated with connections which do not
087   * match any of the specified client host names or address masks.
088   * <p>
089   * Valid values include a host name, a fully qualified domain name,
090   * a domain name, an IP address, or a subnetwork with subnetwork
091   * mask.
092   *
093   * @return Returns an unmodifiable set containing the values of the "connection-client-address-not-equal-to" property.
094   */
095  SortedSet<AddressMask> getConnectionClientAddressNotEqualTo();
096
097
098
099  /**
100   * Gets the "connection-port-equal-to" property.
101   * <p>
102   * Filters log records associated with connections to any of the
103   * specified listener port numbers.
104   *
105   * @return Returns an unmodifiable set containing the values of the "connection-port-equal-to" property.
106   */
107  SortedSet<Integer> getConnectionPortEqualTo();
108
109
110
111  /**
112   * Gets the "connection-protocol-equal-to" property.
113   * <p>
114   * Filters log records associated with connections which match any
115   * of the specified protocols.
116   * <p>
117   * Typical values include "ldap", "ldaps", or "jmx".
118   *
119   * @return Returns an unmodifiable set containing the values of the "connection-protocol-equal-to" property.
120   */
121  SortedSet<String> getConnectionProtocolEqualTo();
122
123
124
125  /**
126   * Gets the "log-record-type" property.
127   * <p>
128   * Filters log records based on their type.
129   *
130   * @return Returns an unmodifiable set containing the values of the "log-record-type" property.
131   */
132  SortedSet<LogRecordType> getLogRecordType();
133
134
135
136  /**
137   * Gets the "request-target-dn-equal-to" property.
138   * <p>
139   * Filters operation log records associated with operations which
140   * target entries matching at least one of the specified DN patterns.
141   * <p>
142   * Valid DN filters are strings composed of zero or more wildcards.
143   * A double wildcard ** replaces one or more RDN components (as in
144   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
145   * either a whole RDN, or a whole type, or a value substring (as in
146   * uid=bj*,ou=people,dc=example,dc=com).
147   *
148   * @return Returns an unmodifiable set containing the values of the "request-target-dn-equal-to" property.
149   */
150  SortedSet<String> getRequestTargetDNEqualTo();
151
152
153
154  /**
155   * Gets the "request-target-dn-not-equal-to" property.
156   * <p>
157   * Filters operation log records associated with operations which
158   * target entries matching none of the specified DN patterns.
159   * <p>
160   * Valid DN filters are strings composed of zero or more wildcards.
161   * A double wildcard ** replaces one or more RDN components (as in
162   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
163   * either a whole RDN, or a whole type, or a value substring (as in
164   * uid=bj*,ou=people,dc=example,dc=com).
165   *
166   * @return Returns an unmodifiable set containing the values of the "request-target-dn-not-equal-to" property.
167   */
168  SortedSet<String> getRequestTargetDNNotEqualTo();
169
170
171
172  /**
173   * Gets the "response-etime-greater-than" property.
174   * <p>
175   * Filters operation response log records associated with operations
176   * which took longer than the specified number of milli-seconds to
177   * complete.
178   * <p>
179   * It is recommended to only use this criteria in conjunction with
180   * the "combined" output mode of the access logger, since this filter
181   * criteria is only applied to response log messages.
182   *
183   * @return Returns the value of the "response-etime-greater-than" property.
184   */
185  Integer getResponseEtimeGreaterThan();
186
187
188
189  /**
190   * Gets the "response-etime-less-than" property.
191   * <p>
192   * Filters operation response log records associated with operations
193   * which took less than the specified number of milli-seconds to
194   * complete.
195   * <p>
196   * It is recommended to only use this criteria in conjunction with
197   * the "combined" output mode of the access logger, since this filter
198   * criteria is only applied to response log messages.
199   *
200   * @return Returns the value of the "response-etime-less-than" property.
201   */
202  Integer getResponseEtimeLessThan();
203
204
205
206  /**
207   * Gets the "response-result-code-equal-to" property.
208   * <p>
209   * Filters operation response log records associated with operations
210   * which include any of the specified result codes.
211   * <p>
212   * It is recommended to only use this criteria in conjunction with
213   * the "combined" output mode of the access logger, since this filter
214   * criteria is only applied to response log messages.
215   *
216   * @return Returns an unmodifiable set containing the values of the "response-result-code-equal-to" property.
217   */
218  SortedSet<Integer> getResponseResultCodeEqualTo();
219
220
221
222  /**
223   * Gets the "response-result-code-not-equal-to" property.
224   * <p>
225   * Filters operation response log records associated with operations
226   * which do not include any of the specified result codes.
227   * <p>
228   * It is recommended to only use this criteria in conjunction with
229   * the "combined" output mode of the access logger, since this filter
230   * criteria is only applied to response log messages.
231   *
232   * @return Returns an unmodifiable set containing the values of the "response-result-code-not-equal-to" property.
233   */
234  SortedSet<Integer> getResponseResultCodeNotEqualTo();
235
236
237
238  /**
239   * Gets the "search-response-is-indexed" property.
240   * <p>
241   * Filters search operation response log records associated with
242   * searches which were either indexed or unindexed.
243   * <p>
244   * It is recommended to only use this criteria in conjunction with
245   * the "combined" output mode of the access logger, since this filter
246   * criteria is only applied to response log messages.
247   *
248   * @return Returns the value of the "search-response-is-indexed" property.
249   */
250  Boolean isSearchResponseIsIndexed();
251
252
253
254  /**
255   * Gets the "search-response-nentries-greater-than" property.
256   * <p>
257   * Filters search operation response log records associated with
258   * searches which returned more than the specified number of entries.
259   * <p>
260   * It is recommended to only use this criteria in conjunction with
261   * the "combined" output mode of the access logger, since this filter
262   * criteria is only applied to response log messages.
263   *
264   * @return Returns the value of the "search-response-nentries-greater-than" property.
265   */
266  Integer getSearchResponseNentriesGreaterThan();
267
268
269
270  /**
271   * Gets the "search-response-nentries-less-than" property.
272   * <p>
273   * Filters search operation response log records associated with
274   * searches which returned less than the specified number of entries.
275   * <p>
276   * It is recommended to only use this criteria in conjunction with
277   * the "combined" output mode of the access logger, since this filter
278   * criteria is only applied to response log messages.
279   *
280   * @return Returns the value of the "search-response-nentries-less-than" property.
281   */
282  Integer getSearchResponseNentriesLessThan();
283
284
285
286  /**
287   * Gets the "user-dn-equal-to" property.
288   * <p>
289   * Filters log records associated with users matching at least one
290   * of the specified DN patterns.
291   * <p>
292   * Valid DN filters are strings composed of zero or more wildcards.
293   * A double wildcard ** replaces one or more RDN components (as in
294   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
295   * either a whole RDN, or a whole type, or a value substring (as in
296   * uid=bj*,ou=people,dc=example,dc=com).
297   *
298   * @return Returns an unmodifiable set containing the values of the "user-dn-equal-to" property.
299   */
300  SortedSet<String> getUserDNEqualTo();
301
302
303
304  /**
305   * Gets the "user-dn-not-equal-to" property.
306   * <p>
307   * Filters log records associated with users which do not match any
308   * of the specified DN patterns.
309   * <p>
310   * Valid DN filters are strings composed of zero or more wildcards.
311   * A double wildcard ** replaces one or more RDN components (as in
312   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
313   * either a whole RDN, or a whole type, or a value substring (as in
314   * uid=bj*,ou=people,dc=example,dc=com).
315   *
316   * @return Returns an unmodifiable set containing the values of the "user-dn-not-equal-to" property.
317   */
318  SortedSet<String> getUserDNNotEqualTo();
319
320
321
322  /**
323   * Gets the "user-is-member-of" property.
324   * <p>
325   * Filters log records associated with users which are members of at
326   * least one of the specified groups.
327   *
328   * @return Returns an unmodifiable set containing the values of the "user-is-member-of" property.
329   */
330  SortedSet<DN> getUserIsMemberOf();
331
332
333
334  /**
335   * Gets the "user-is-not-member-of" property.
336   * <p>
337   * Filters log records associated with users which are not members
338   * of any of the specified groups.
339   *
340   * @return Returns an unmodifiable set containing the values of the "user-is-not-member-of" property.
341   */
342  SortedSet<DN> getUserIsNotMemberOf();
343
344}