001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.server; 017 018 019 020import java.util.SortedSet; 021import org.forgerock.opendj.config.Configuration; 022import org.forgerock.opendj.config.server.ConfigurationChangeListener; 023import org.forgerock.opendj.ldap.AddressMask; 024import org.forgerock.opendj.ldap.DN; 025import org.forgerock.opendj.server.config.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType; 026 027 028 029/** 030 * A server-side interface for querying Access Log Filtering Criteria 031 * settings. 032 * <p> 033 * A set of rules which together determine whether a log record should 034 * be logged or not. 035 */ 036public interface AccessLogFilteringCriteriaCfg extends Configuration { 037 038 /** 039 * Gets the configuration class associated with this Access Log Filtering Criteria. 040 * 041 * @return Returns the configuration class associated with this Access Log Filtering Criteria. 042 */ 043 Class<? extends AccessLogFilteringCriteriaCfg> configurationClass(); 044 045 046 047 /** 048 * Register to be notified when this Access Log Filtering Criteria is changed. 049 * 050 * @param listener 051 * The Access Log Filtering Criteria configuration change listener. 052 */ 053 void addChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener); 054 055 056 057 /** 058 * Deregister an existing Access Log Filtering Criteria configuration change listener. 059 * 060 * @param listener 061 * The Access Log Filtering Criteria configuration change listener. 062 */ 063 void removeChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener); 064 065 066 067 /** 068 * Gets the "connection-client-address-equal-to" property. 069 * <p> 070 * Filters log records associated with connections which match at 071 * least one of the specified client host names or address masks. 072 * <p> 073 * Valid values include a host name, a fully qualified domain name, 074 * a domain name, an IP address, or a subnetwork with subnetwork 075 * mask. 076 * 077 * @return Returns an unmodifiable set containing the values of the "connection-client-address-equal-to" property. 078 */ 079 SortedSet<AddressMask> getConnectionClientAddressEqualTo(); 080 081 082 083 /** 084 * Gets the "connection-client-address-not-equal-to" property. 085 * <p> 086 * Filters log records associated with connections which do not 087 * match any of the specified client host names or address masks. 088 * <p> 089 * Valid values include a host name, a fully qualified domain name, 090 * a domain name, an IP address, or a subnetwork with subnetwork 091 * mask. 092 * 093 * @return Returns an unmodifiable set containing the values of the "connection-client-address-not-equal-to" property. 094 */ 095 SortedSet<AddressMask> getConnectionClientAddressNotEqualTo(); 096 097 098 099 /** 100 * Gets the "connection-port-equal-to" property. 101 * <p> 102 * Filters log records associated with connections to any of the 103 * specified listener port numbers. 104 * 105 * @return Returns an unmodifiable set containing the values of the "connection-port-equal-to" property. 106 */ 107 SortedSet<Integer> getConnectionPortEqualTo(); 108 109 110 111 /** 112 * Gets the "connection-protocol-equal-to" property. 113 * <p> 114 * Filters log records associated with connections which match any 115 * of the specified protocols. 116 * <p> 117 * Typical values include "ldap", "ldaps", or "jmx". 118 * 119 * @return Returns an unmodifiable set containing the values of the "connection-protocol-equal-to" property. 120 */ 121 SortedSet<String> getConnectionProtocolEqualTo(); 122 123 124 125 /** 126 * Gets the "log-record-type" property. 127 * <p> 128 * Filters log records based on their type. 129 * 130 * @return Returns an unmodifiable set containing the values of the "log-record-type" property. 131 */ 132 SortedSet<LogRecordType> getLogRecordType(); 133 134 135 136 /** 137 * Gets the "request-target-dn-equal-to" property. 138 * <p> 139 * Filters operation log records associated with operations which 140 * target entries matching at least one of the specified DN patterns. 141 * <p> 142 * Valid DN filters are strings composed of zero or more wildcards. 143 * A double wildcard ** replaces one or more RDN components (as in 144 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 145 * either a whole RDN, or a whole type, or a value substring (as in 146 * uid=bj*,ou=people,dc=example,dc=com). 147 * 148 * @return Returns an unmodifiable set containing the values of the "request-target-dn-equal-to" property. 149 */ 150 SortedSet<String> getRequestTargetDNEqualTo(); 151 152 153 154 /** 155 * Gets the "request-target-dn-not-equal-to" property. 156 * <p> 157 * Filters operation log records associated with operations which 158 * target entries matching none of the specified DN patterns. 159 * <p> 160 * Valid DN filters are strings composed of zero or more wildcards. 161 * A double wildcard ** replaces one or more RDN components (as in 162 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 163 * either a whole RDN, or a whole type, or a value substring (as in 164 * uid=bj*,ou=people,dc=example,dc=com). 165 * 166 * @return Returns an unmodifiable set containing the values of the "request-target-dn-not-equal-to" property. 167 */ 168 SortedSet<String> getRequestTargetDNNotEqualTo(); 169 170 171 172 /** 173 * Gets the "response-etime-greater-than" property. 174 * <p> 175 * Filters operation response log records associated with operations 176 * which took longer than the specified number of milli-seconds to 177 * complete. 178 * <p> 179 * It is recommended to only use this criteria in conjunction with 180 * the "combined" output mode of the access logger, since this filter 181 * criteria is only applied to response log messages. 182 * 183 * @return Returns the value of the "response-etime-greater-than" property. 184 */ 185 Integer getResponseEtimeGreaterThan(); 186 187 188 189 /** 190 * Gets the "response-etime-less-than" property. 191 * <p> 192 * Filters operation response log records associated with operations 193 * which took less than the specified number of milli-seconds to 194 * complete. 195 * <p> 196 * It is recommended to only use this criteria in conjunction with 197 * the "combined" output mode of the access logger, since this filter 198 * criteria is only applied to response log messages. 199 * 200 * @return Returns the value of the "response-etime-less-than" property. 201 */ 202 Integer getResponseEtimeLessThan(); 203 204 205 206 /** 207 * Gets the "response-result-code-equal-to" property. 208 * <p> 209 * Filters operation response log records associated with operations 210 * which include any of the specified result codes. 211 * <p> 212 * It is recommended to only use this criteria in conjunction with 213 * the "combined" output mode of the access logger, since this filter 214 * criteria is only applied to response log messages. 215 * 216 * @return Returns an unmodifiable set containing the values of the "response-result-code-equal-to" property. 217 */ 218 SortedSet<Integer> getResponseResultCodeEqualTo(); 219 220 221 222 /** 223 * Gets the "response-result-code-not-equal-to" property. 224 * <p> 225 * Filters operation response log records associated with operations 226 * which do not include any of the specified result codes. 227 * <p> 228 * It is recommended to only use this criteria in conjunction with 229 * the "combined" output mode of the access logger, since this filter 230 * criteria is only applied to response log messages. 231 * 232 * @return Returns an unmodifiable set containing the values of the "response-result-code-not-equal-to" property. 233 */ 234 SortedSet<Integer> getResponseResultCodeNotEqualTo(); 235 236 237 238 /** 239 * Gets the "search-response-is-indexed" property. 240 * <p> 241 * Filters search operation response log records associated with 242 * searches which were either indexed or unindexed. 243 * <p> 244 * It is recommended to only use this criteria in conjunction with 245 * the "combined" output mode of the access logger, since this filter 246 * criteria is only applied to response log messages. 247 * 248 * @return Returns the value of the "search-response-is-indexed" property. 249 */ 250 Boolean isSearchResponseIsIndexed(); 251 252 253 254 /** 255 * Gets the "search-response-nentries-greater-than" property. 256 * <p> 257 * Filters search operation response log records associated with 258 * searches which returned more than the specified number of entries. 259 * <p> 260 * It is recommended to only use this criteria in conjunction with 261 * the "combined" output mode of the access logger, since this filter 262 * criteria is only applied to response log messages. 263 * 264 * @return Returns the value of the "search-response-nentries-greater-than" property. 265 */ 266 Integer getSearchResponseNentriesGreaterThan(); 267 268 269 270 /** 271 * Gets the "search-response-nentries-less-than" property. 272 * <p> 273 * Filters search operation response log records associated with 274 * searches which returned less than the specified number of entries. 275 * <p> 276 * It is recommended to only use this criteria in conjunction with 277 * the "combined" output mode of the access logger, since this filter 278 * criteria is only applied to response log messages. 279 * 280 * @return Returns the value of the "search-response-nentries-less-than" property. 281 */ 282 Integer getSearchResponseNentriesLessThan(); 283 284 285 286 /** 287 * Gets the "user-dn-equal-to" property. 288 * <p> 289 * Filters log records associated with users matching at least one 290 * of the specified DN patterns. 291 * <p> 292 * Valid DN filters are strings composed of zero or more wildcards. 293 * A double wildcard ** replaces one or more RDN components (as in 294 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 295 * either a whole RDN, or a whole type, or a value substring (as in 296 * uid=bj*,ou=people,dc=example,dc=com). 297 * 298 * @return Returns an unmodifiable set containing the values of the "user-dn-equal-to" property. 299 */ 300 SortedSet<String> getUserDNEqualTo(); 301 302 303 304 /** 305 * Gets the "user-dn-not-equal-to" property. 306 * <p> 307 * Filters log records associated with users which do not match any 308 * of the specified DN patterns. 309 * <p> 310 * Valid DN filters are strings composed of zero or more wildcards. 311 * A double wildcard ** replaces one or more RDN components (as in 312 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 313 * either a whole RDN, or a whole type, or a value substring (as in 314 * uid=bj*,ou=people,dc=example,dc=com). 315 * 316 * @return Returns an unmodifiable set containing the values of the "user-dn-not-equal-to" property. 317 */ 318 SortedSet<String> getUserDNNotEqualTo(); 319 320 321 322 /** 323 * Gets the "user-is-member-of" property. 324 * <p> 325 * Filters log records associated with users which are members of at 326 * least one of the specified groups. 327 * 328 * @return Returns an unmodifiable set containing the values of the "user-is-member-of" property. 329 */ 330 SortedSet<DN> getUserIsMemberOf(); 331 332 333 334 /** 335 * Gets the "user-is-not-member-of" property. 336 * <p> 337 * Filters log records associated with users which are not members 338 * of any of the specified groups. 339 * 340 * @return Returns an unmodifiable set containing the values of the "user-is-not-member-of" property. 341 */ 342 SortedSet<DN> getUserIsNotMemberOf(); 343 344}