1 /*
2 * The contents of this file are subject to the terms of the Common Development and
3 * Distribution License (the License). You may not use this file except in compliance with the
4 * License.
5 *
6 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
7 * specific language governing permission and limitations under the License.
8 *
9 * When distributing Covered Software, include this CDDL Header Notice in each file and include
10 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
11 * Header, with the fields enclosed by brackets [] replaced by your own identifying
12 * information: "Portions copyright [year] [name of copyright owner]".
13 *
14 * Copyright 2015-2016 ForgeRock AS.
15 */
16 package org.forgerock.audit.handlers.syslog;
17
18 import static java.util.Collections.unmodifiableMap;
19
20 import java.util.ArrayList;
21 import java.util.HashMap;
22 import java.util.List;
23 import java.util.Map;
24
25 import org.forgerock.audit.events.handlers.EventHandlerConfiguration;
26
27 import com.fasterxml.jackson.annotation.JsonProperty;
28 import com.fasterxml.jackson.annotation.JsonPropertyDescription;
29
30 /**
31 * Configuration object for the {@link SyslogAuditEventHandler}.
32 * <p>
33 * This configuration object can be created from JSON. Example of valid JSON configuration:
34 *
35 * <pre>
36 {
37 "protocol" : "TCP",
38 "host" : "https://forgerock.example.com",
39 "port" : 6514,
40 "connectTimeout" : 30000,
41 "facility" : "local0",
42 "severityFieldMappings": [{
43 "topic" : "system-status",
44 "field" : "level",
45 "valueMappings" : {
46 "SEVERE" : "EMERGENCY",
47 "WARNING" : "WARNING",
48 "INFO" : "INFORMATIONAL"
49 },
50 "buffering" : {
51 "enabled" : "true"
52 }
53 }]
54 }
55 </pre>
56 */
57 public class SyslogAuditEventHandlerConfiguration extends EventHandlerConfiguration {
58
59 @JsonProperty(required = true)
60 @JsonPropertyDescription("audit.handlers.syslog.transportProtocol")
61 private TransportProtocol protocol;
62
63 @JsonProperty(required = true)
64 @JsonPropertyDescription("audit.handlers.syslog.host")
65 private String host;
66
67 @JsonProperty(required = true)
68 @JsonPropertyDescription("audit.handlers.syslog.port")
69 private int port;
70
71 @JsonPropertyDescription("audit.handlers.syslog.connectTimeout")
72 private int connectTimeout;
73
74 @JsonProperty(required = true)
75 @JsonPropertyDescription("audit.handlers.syslog.facility")
76 private Facility facility;
77
78 @JsonProperty
79 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMappings")
80 private List<SeverityFieldMapping> severityFieldMappings = new ArrayList<>();
81
82 /** Event buffering is disabled by default. */
83 @JsonPropertyDescription("audit.handlers.syslog.buffering")
84 protected EventBufferingConfiguration buffering = new EventBufferingConfiguration();
85
86 /**
87 * Returns the protocol over which messages transmitted to the Syslog daemon.
88 *
89 * @return the transport protocol.
90 */
91 public TransportProtocol getProtocol() {
92 return protocol;
93 }
94
95 /**
96 * Sets the protocol over which messages transmitted to the Syslog daemon.
97 *
98 * @param protocol
99 * the transport protocol.
100 */
101 public void setProtocol(TransportProtocol protocol) {
102 this.protocol = protocol;
103 }
104
105 /**
106 * Returns the hostname of the Syslog daemon to which messages should be published.
107 *
108 * @return the hostname.
109 */
110 public String getHost() {
111 return host;
112 }
113
114 /**
115 * Sets the hostname of the Syslog daemon to which messages should be published.
116 *
117 * @param host
118 * the hostname.
119 */
120 public void setHost(String host) {
121 this.host = host;
122 }
123
124 /**
125 * Returns the port of the Syslog daemon to which messages should be published.
126 *
127 * @return the port.
128 */
129 public int getPort() {
130 return port;
131 }
132
133 /**
134 * Sets the port of the Syslog daemon to which messages should be published.
135 *
136 * @param port
137 * the port.
138 */
139 public void setPort(int port) {
140 this.port = port;
141 }
142
143 /**
144 * Returns the timeout after which attempts to connect to the Syslog daemon will be abandoned.
145 * <p/>
146 * Only applies when {@link TransportProtocol#TCP} is active.
147 *
148 * @return the connect timeout.
149 */
150 public int getConnectTimeout() {
151 return connectTimeout;
152 }
153
154 /**
155 * Sets the timeout after which attempts to connect to the Syslog daemon will be abandoned.
156 * <p/>
157 * Only applies when {@link TransportProtocol#TCP} is active.
158 *
159 * @param connectTimeout
160 * the connect timeout.
161 */
162 public void setConnectTimeout(int connectTimeout) {
163 this.connectTimeout = connectTimeout;
164 }
165
166 /**
167 * Returns the facility constant that should be applied to all Syslog messages.
168 *
169 * @return the facility.
170 *
171 * @see <a href="https://tools.ietf.org/html/rfc5424#section-6.2.1">RFC-5424 section 6.2.1</a>
172 */
173 public Facility getFacility() {
174 return facility;
175 }
176
177 /**
178 * Sets the facility constant that should be applied to all Syslog messages.
179 *
180 * @param facility
181 * the facility.
182 *
183 * @see <a href="https://tools.ietf.org/html/rfc5424#section-6.2.1">RFC-5424 section 6.2.1</a>
184 */
185 public void setFacility(Facility facility) {
186 this.facility = facility;
187 }
188
189 /**
190 * Returns the configurations for mapping audit event field values to Syslog severity values.
191 *
192 * @return the severity field mappings.
193 */
194 public List<SeverityFieldMapping> getSeverityFieldMappings() {
195 return severityFieldMappings;
196 }
197
198 /**
199 * Sets the configurations for mapping audit event field values to Syslog severity values.
200 *
201 * @param severityFieldMappings
202 * the severity field mappings.
203 */
204 public void setSeverityFieldMappings(List<SeverityFieldMapping> severityFieldMappings) {
205 this.severityFieldMappings = severityFieldMappings;
206 }
207
208 /**
209 * Returns the configuration for events buffering.
210 *
211 * @return the configuration
212 */
213 public EventBufferingConfiguration getBuffering() {
214 return buffering;
215 }
216
217 /**
218 * Sets the configuration for events buffering.
219 *
220 * @param bufferingConfiguration
221 * The configuration
222 */
223 public void setBufferingConfiguration(EventBufferingConfiguration bufferingConfiguration) {
224 this.buffering = bufferingConfiguration;
225 }
226
227 @Override
228 public boolean isUsableForQueries() {
229 return false;
230 }
231
232 /**
233 * Encapsulates configuration for mapping audit event field values to Syslog severity values.
234 */
235 public static final class SeverityFieldMapping {
236
237 @JsonProperty(required = true)
238 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.topic")
239 private String topic;
240
241 @JsonProperty(required = true)
242 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.field")
243 private String field;
244
245 @JsonProperty(required = true)
246 @JsonPropertyDescription("audit.handlers.syslog.severityFieldMapping.valueMappings")
247 private Map<String, Severity> valueMappings = new HashMap<>();
248
249 /**
250 * Returns the name of the event topic to which this mapping applies.
251 *
252 * @return the event topic name.
253 */
254 public String getTopic() {
255 return topic;
256 }
257
258 /**
259 * Sets the name of the event topic to which this mapping applies.
260 *
261 * @param topic
262 * the event topic name.
263 */
264 public void setTopic(String topic) {
265 this.topic = topic;
266 }
267
268 /**
269 * Returns the name of the event topic field to which this mapping applies.
270 * <p/>
271 * If the chosen field is nested, JsonPointer notation should be used.
272 *
273 * @return the event topic field name.
274 */
275 public String getField() {
276 return field;
277 }
278
279 /**
280 * Sets the name of the event topic field to which this mapping applies.
281 *
282 * @param field
283 * the event topic field name.
284 */
285 public void setField(String field) {
286 this.field = field;
287 }
288
289 /**
290 * Returns the mapping of audit event values to Syslog severity values.
291 *
292 * @return the value mappings.
293 */
294 public Map<String, Severity> getValueMappings() {
295 return unmodifiableMap(valueMappings);
296 }
297
298 /**
299 * Sets the mapping of audit event values to Syslog severity values.
300 *
301 * @param valueMappings
302 * the value mappings.
303 */
304 public void setValueMappings(Map<String, Severity> valueMappings) {
305 this.valueMappings = new HashMap<>(valueMappings);
306 }
307 }
308
309 /**
310 * Configuration of event buffering.
311 */
312 public static class EventBufferingConfiguration {
313
314 @JsonPropertyDescription("audit.handlers.syslog.buffering.enabled")
315 private boolean enabled;
316
317 @JsonPropertyDescription("audit.handlers.syslog.buffering.maxSize")
318 private int maxSize = 5000;
319
320 /**
321 * Indicates if event buffering is enabled.
322 *
323 * @return {@code true} if buffering is enabled.
324 */
325 public boolean isEnabled() {
326 return enabled;
327 }
328
329 /**
330 * Sets the buffering status.
331 *
332 * @param enabled
333 * Indicates if buffering is enabled.
334 */
335 public void setEnabled(boolean enabled) {
336 this.enabled = enabled;
337 }
338
339 }
340 }