001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2015 ForgeRock AS. 015 */ 016package org.forgerock.audit.handlers.syslog; 017 018import static java.util.Collections.unmodifiableMap; 019 020import com.fasterxml.jackson.annotation.JsonPropertyDescription; 021import org.forgerock.audit.events.handlers.EventHandlerConfiguration; 022 023import com.fasterxml.jackson.annotation.JsonProperty; 024import org.forgerock.util.Reject; 025 026import java.util.ArrayList; 027import java.util.HashMap; 028import java.util.List; 029import java.util.Map; 030 031/** 032 * Configuration object for the {@link SyslogAuditEventHandler}. 033 * <p> 034 * This configuration object can be created from JSON. Example of valid JSON configuration: 035 * 036 * <pre> 037 { 038 "protocol" : "TCP", 039 "host" : "https://forgerock.example.com", 040 "port" : 6514, 041 "connectTimeout" : 30000, 042 "facility" : "local0", 043 "severityFieldMappings": [{ 044 "topic" : "system-status", 045 "field" : "level", 046 "valueMappings" : { 047 "SEVERE" : "EMERGENCY", 048 "WARNING" : "WARNING", 049 "INFO" : "INFORMATIONAL" 050 }, 051 "buffering" : { 052 "enabled" : "true" 053 } 054 }] 055 } 056 </pre> 057 */ 058public class SyslogAuditEventHandlerConfiguration extends EventHandlerConfiguration { 059 060 @JsonProperty(required=true) 061 @JsonPropertyDescription("audit.handlers.syslog.transportProtocol") 062 private TransportProtocol protocol; 063 064 @JsonProperty(required=true) 065 @JsonPropertyDescription("audit.handlers.syslog.host") 066 private String host; 067 068 @JsonProperty(required=true) 069 @JsonPropertyDescription("audit.handlers.syslog.port") 070 private int port; 071 072 @JsonPropertyDescription("audit.handlers.syslog.connectTimeout") 073 private int connectTimeout; 074 075 @JsonProperty(required=true) 076 @JsonPropertyDescription("audit.handlers.syslog.facility") 077 private Facility facility; 078 079 @JsonProperty 080 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMappings") 081 private List<SeverityFieldMapping> severityFieldMappings = new ArrayList<>(); 082 083 /** Event buffering is disabled by default. */ 084 @JsonPropertyDescription("audit.handlers.syslog.buffering") 085 protected EventBufferingConfiguration buffering = new EventBufferingConfiguration(); 086 087 /** 088 * Returns the protocol over which messages transmitted to the Syslog daemon. 089 * 090 * @return the transport protocol. 091 */ 092 public TransportProtocol getProtocol() { 093 return protocol; 094 } 095 096 /** 097 * Sets the protocol over which messages transmitted to the Syslog daemon. 098 * 099 * @param protocol 100 * the transport protocol. 101 */ 102 public void setProtocol(TransportProtocol protocol) { 103 this.protocol = protocol; 104 } 105 106 /** 107 * Returns the hostname of the Syslog daemon to which messages should be published. 108 * 109 * @return the hostname. 110 */ 111 public String getHost() { 112 return host; 113 } 114 115 /** 116 * Sets the hostname of the Syslog daemon to which messages should be published. 117 * 118 * @param host 119 * the hostname. 120 */ 121 public void setHost(String host) { 122 this.host = host; 123 } 124 125 /** 126 * Returns the port of the Syslog daemon to which messages should be published. 127 * 128 * @return the port. 129 */ 130 public int getPort() { 131 return port; 132 } 133 134 /** 135 * Sets the port of the Syslog daemon to which messages should be published. 136 * 137 * @param port 138 * the port. 139 */ 140 public void setPort(int port) { 141 this.port = port; 142 } 143 144 /** 145 * Returns the timeout after which attempts to connect to the Syslog daemon will be abandoned. 146 * <p/> 147 * Only applies when {@link TransportProtocol#TCP} is active. 148 * 149 * @return the connect timeout. 150 */ 151 public int getConnectTimeout() { 152 return connectTimeout; 153 } 154 155 /** 156 * Sets the timeout after which attempts to connect to the Syslog daemon will be abandoned. 157 * <p/> 158 * Only applies when {@link TransportProtocol#TCP} is active. 159 * 160 * @param connectTimeout 161 * the connect timeout. 162 */ 163 public void setConnectTimeout(int connectTimeout) { 164 this.connectTimeout = connectTimeout; 165 } 166 167 /** 168 * Returns the facility constant that should be applied to all Syslog messages. 169 * 170 * @return the facility. 171 * 172 * @see <a href="https://tools.ietf.org/html/rfc5424#section-6.2.1">RFC-5424 section 6.2.1</a> 173 */ 174 public Facility getFacility() { 175 return facility; 176 } 177 178 /** 179 * Sets the facility constant that should be applied to all Syslog messages. 180 * 181 * @param facility 182 * the facility. 183 * 184 * @see <a href="https://tools.ietf.org/html/rfc5424#section-6.2.1">RFC-5424 section 6.2.1</a> 185 */ 186 public void setFacility(Facility facility) { 187 this.facility = facility; 188 } 189 190 /** 191 * Returns the configurations for mapping audit event field values to Syslog severity values. 192 * 193 * @return the severity field mappings. 194 */ 195 public List<SeverityFieldMapping> getSeverityFieldMappings() { 196 return severityFieldMappings; 197 } 198 199 /** 200 * Sets the configurations for mapping audit event field values to Syslog severity values. 201 * 202 * @param severityFieldMappings 203 * the severity field mappings. 204 */ 205 public void setSeverityFieldMappings(List<SeverityFieldMapping> severityFieldMappings) { 206 this.severityFieldMappings = severityFieldMappings; 207 } 208 209 /** 210 * Returns the configuration for events buffering. 211 * 212 * @return the configuration 213 */ 214 public EventBufferingConfiguration getBuffering() { 215 return buffering; 216 } 217 218 /** 219 * Sets the configuration for events buffering. 220 * 221 * @param bufferingConfiguration 222 * The configuration 223 */ 224 public void setBufferingConfiguration(EventBufferingConfiguration bufferingConfiguration) { 225 this.buffering = bufferingConfiguration; 226 } 227 228 /** 229 * Encapsulates configuration for mapping audit event field values to Syslog severity values. 230 */ 231 public static final class SeverityFieldMapping { 232 233 @JsonProperty(required=true) 234 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.topic") 235 private String topic; 236 237 @JsonProperty(required=true) 238 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.field") 239 private String field; 240 241 @JsonProperty(required=true) 242 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.valueMappings") 243 private Map<String, Severity> valueMappings = new HashMap<>(); 244 245 /** 246 * Returns the name of the event topic to which this mapping applies. 247 * 248 * @return the event topic name. 249 */ 250 public String getTopic() { 251 return topic; 252 } 253 254 /** 255 * Sets the name of the event topic to which this mapping applies. 256 * 257 * @param topic 258 * the event topic name. 259 */ 260 public void setTopic(String topic) { 261 this.topic = topic; 262 } 263 264 /** 265 * Returns the name of the event topic field to which this mapping applies. 266 * <p/> 267 * If the chosen field is nested, JsonPointer notation should be used. 268 * 269 * @return the event topic field name. 270 */ 271 public String getField() { 272 return field; 273 } 274 275 /** 276 * Sets the name of the event topic field to which this mapping applies. 277 * 278 * @param field 279 * the event topic field name. 280 */ 281 public void setField(String field) { 282 this.field = field; 283 } 284 285 /** 286 * Returns the mapping of audit event values to Syslog severity values. 287 * 288 * @return the value mappings. 289 */ 290 public Map<String, Severity> getValueMappings() { 291 return unmodifiableMap(valueMappings); 292 } 293 294 /** 295 * Sets the mapping of audit event values to Syslog severity values. 296 * 297 * @param valueMappings 298 * the value mappings. 299 */ 300 public void setValueMappings(Map<String, Severity> valueMappings) { 301 this.valueMappings = new HashMap<>(valueMappings); 302 } 303 } 304 305 /** 306 * Configuration of event buffering. 307 */ 308 public static class EventBufferingConfiguration { 309 310 @JsonPropertyDescription("audit.handlers.syslog.buffering.enabled") 311 private boolean enabled; 312 313 @JsonPropertyDescription("audit.handlers.syslog.buffering.maxSize") 314 private int maxSize = 5000; 315 316 /** 317 * Indicates if event buffering is enabled. 318 * 319 * @return {@code true} if buffering is enabled. 320 */ 321 public boolean isEnabled() { 322 return enabled; 323 } 324 325 /** 326 * Sets the buffering status. 327 * 328 * @param enabled 329 * Indicates if buffering is enabled. 330 */ 331 public void setEnabled(boolean enabled) { 332 this.enabled = enabled; 333 } 334 335 } 336}