8 第章 稽核 (Auditing) 與紀錄 (Logging) 本章概要 8.1 紀錄輸出方案 - Log4J 8.2 遠端備份紀錄 - Syslog

Similar documents
jdbc:hsqldb:hsql: jdbc:hsqldb:hsqls: jdbc:hsqldb:http: jdbc:hsqldb:https: //localhost // :9500 / /dbserver.somedomain.com /an_alias /enrollme

QVM330 多阜寬頻路由器

QVM330 多阜寬頻路由器

FINER TRACE 400 Use for messages that provide detailed information about the running state of an application. Log messages of TRACE are usually

UDP 8.2 TCP/IP OSI OSI 3 OSI TCP/IP IP TCP/IP TCP/IP Transport Control Protocol TCP User Datagram Protocol UDP TCP TCP/IP IP TCP TCP/IP TC

epub 61-2

ebook67-9


优迈科技教学大纲2009版本

SEC-220

Data Server_new_.doc

Symantec™ Sygate Enterprise Protection 防护代理安装使用指南

.. 3 N


ebook67-1

ansoft_setup21.doc

ext-web-auth-wlc.pdf

User Group SMTP

untitled

1.JasperReport ireport JasperReport ireport JDK JDK JDK JDK ant ant...6

工程师培训

59 1 CSpace 2 CSpace CSpace URL CSpace 1 CSpace URL 2 Lucene 3 ID 4 ID Web 1. 2 CSpace LireSolr 3 LireSolr 3 Web LireSolr ID

W. Richard Stevens UNIX Sockets API echo Sockets TCP OOB IO C struct C/C++ UNIX fork() select(2)/poll(2)/epoll(4) IO IO CPU 100% libevent UNIX CPU IO

ebook35-2

SiteView技术白皮书

epub83-1

穨IC-1000

<4D F736F F F696E74202D20A1B6CFEEC4BFD2BB20B3F5CAB6BCC6CBE3BBFACDF8C2E7A1B7C8CECEF1C8FD20CAECCFA A1A24950D0ADD2E9BACD4950B5D8D6B72E707074>

WebSphere Studio Application Developer IBM Portal Toolkit... 2/21 1. WebSphere Portal Portal WebSphere Application Server stopserver.bat -configfile..

SQL Server SQL Server SQL Mail Windows NT

ebook140-11

快 速 入 门 (Linux) 概 述 文 档 目 的 本 文 档 介 绍 了 如 何 快 速 创 建 Linux 系 统 实 例 远 程 连 接 实 例 部 署 环 境 等 旨 在 引 导 您 一 站 式 完 成 实 例 的 创 建 登 录 和 快 速 环 境 部 署 云 服 务 器 ECS 实

1

自由軟體教學平台


IP505SM_manual_cn.doc

C6_ppt.PDF

ebook65-20

9 Internet 10 Internet

温州市政府分散采购


Chap6.ppt

iGENUS爱琴思邮件系统技术白皮书


2005 Sun Microsystems, Inc Network Circle, Santa Clara, CA U.S.A. Sun Sun Berkeley BSD UNIX X/Open Company, Ltd. / Sun Sun Microsystems Su


ebook62-1

Microsoft Word 样章.dot

VoIP Make a Rtp Call VoIP Abstract... 2 VoIP RTP...3 Socket IP...9 Config Two Voice-hub

PowerPoint 演示文稿

Microsoft Word - linux命令及建议.doc

目 录 1. 前 言 为 什 么 要 用 ESB 技 术 发 展 业 务 需 求 IT 需 求 IT 与 业 务 一 致 性 要 求 TongIntegrator ESB v5 简 介..

TCP/IP TCP/IP OSI IP TCP IP IP TCP/IP TCP/IP

(Real-time) (Local Host) (Buffer) (Video Conference) (VoD) (NetRadio) ,000 [1]( ) ( ) 1400 (2001 ) 75 (2005 ) DFC Intelligence [2] 1

EJB-Programming-3.PDF

C3_ppt.PDF

投影片 1

(Methods) Client Server Microsoft Winsock Control VB 1 VB Microsoft Winsock Control 6.0 Microsoft Winsock Control 6.0 1(a). 2

30.00% 25.00% 25.00% 22.50% 20.00% 15.00% 12.50% 15.00% 12.50% 10.00% 7.50% 5.00% 2.50% 2.50% 0.00% 文 学 理 学 工 学 法 学 教 育 学 管 理 学 历 史 学 艺 术 学 ( 三 ) 学 生

IC-900W Wireless Pan & Tilt Wireless Pan & Tilt Remote Control / Night Vision FCC ID:RUJ-LR802UWG

ch09.PDF

<4D F736F F D20B971B8A3B577C5E9B8CBADD7A441AFC5B2C4A447B3A1A4C039372E342E3232A44AAE77AAA92E646F63>

untitled

(CIP) Web /,. :, ISBN X.W T P393.4 CIP (2004) Web ( ) ( / ) : * 787

untitled

Basic System Administration

untitled

untitled

Sun Fire V440 Server Administration Guide - zh_TW

第 11 章 互聯網技術 11.1 互聯 網 和 萬 維 網 的 發 展 歷 史 A. 互聯網的發展 互聯網是由 ARPANET 開 始發展的 1969 年 美國國防部高級研究計劃署 (ARPA) 把部分軍事研究所和大 的電腦連接起來 建造了㆒個實驗性的電腦網絡 稱為 ARPANET 並 列 的功能

使用Cassandra和Spark 2.0实现Rest API服务

軟體的安裝

(TestFailure) JUnit Framework AssertionFailedError JUnit Composite TestSuite Test TestSuite run() run() JUnit

(A)3 4 (B)5 6 (C)7 9 (D)10 2 (E) (A) (B) (C) (D) (E) ( ) ( ) ( ) (A) (B) (C) (D) (E) (A) (B) (C) (D) (E). (A) (B) (C) (D) (E). (A) (B) (C) (D) (

ebook70-13

Chapter 2

Microsoft Word - VC2K_ _cht.doc

基于CDIO一体化理念的课程教学大纲设计

Microsoft PowerPoint - 02_crime_security.pptx

输入 project name 选择完成

D C 93 2

turbomail方案

目 彔 1. 准 备 工 作 登 彔 设 置 功 能 说 明 实 时 监 控 基 本 控 制 功 能 设 置 画 质 调 节 彔 像 与 抓 拍

RUN_PC連載_8_.doc

untitled

1 Linux Linux Linux Windows NT Linux Linux UNIX Internet Linux Internet Internet Web Linux 26.3% Web Apache 60% Sendmail Internet Linux ISP/ICP

XXXXXXXX


RunPC2_.doc

最即時的Sybase ASE Server資料庫診斷工具

84

2 25ms (DX1002 DX1004 DX2004 DX2008) : 200MB 2GB CF USB CF 200MB 170 CF

经华名家讲堂


f2.eps

Sun Storage Common Array Manager 阵列管理指南,版本 6.9.0

Microsoft Word - Functional_Notes_3.90_CN.doc

<4D F736F F D B9E3B6ABCAA1CBAEC0FBB9A4B3CCCAD3C6B5BCE0BFD8CFB5CDB3BCBCCAF5B9E6B7B6A3A8CAD4D0D0A3A9C7A9B7A22E646F63>

關於本書 l 3 PhoneGap Appcelerator Titanium Sencha Touch (wrapper framework) Native App PhoneGap Build Native App Hybrid App Java Objective-C Android SDK

epub 79-1

Transcription:

Preface 作者序 Java http://books.gotop.com.tw/download/acl044800

8 第章 稽核 (Auditing) 與紀錄 (Logging) 本章概要 8.1 紀錄輸出方案 - Log4J 8.2 遠端備份紀錄 - Syslog

Java Auditing Accountability Audit trails Logging Accountability Identification Repudiation Information Disclosure Timestamp ID ID IP 8-2

Auditing Logging 8 Log Log ID ID Millisecond IP 2012 10 [1] 8-3

Java 8.1 紀錄輸出方案 Log4J Java Log Apache Apache Software Foundation Log4J Log4J 8-4

Auditing Logging 8 Log4J Package java.util Root Logger Log Level TRACE DEBUG INFO WARN ERROR FATAL Console File Java JDBC SMTP Syslog Log4J Log4J 2.2 log4j-api-2.2.jar log4j-core-2.2.jar error Log Console 8-1 log4j2.xml 01 <?xml version="1.0" encoding="utf-8"?> 02 <Configuration status="warn"> 03 <Appenders> 04 <Console name="console" target="system_out"> 05 <PatternLayout pattern="%d{yyyy-mm-dd HH:mm:ss.SSS} - %m%n"/> 06 </Console> 07 <File name="file" filename="logs/app.log"> 08 <PatternLayout pattern="%d{yyyy-mm-dd HH:mm:ss} - %m%n"/> 09 </File> 10 </Appenders> 11 <Loggers> 12 <Root level="error"> 13 <AppenderRef ref="console"/> 14 <AppenderRef ref="file"/> 15 </Root> 16 </Loggers> 17 </Configuration> 8-5

Java Logger trace debug info warn error fatal 8-2 TestLog4J.java 01 Logger logger = LogManager.getLogger(); 02 logger.trace("trace msg"); 03 logger.debug("debug msg"); 04 logger.info("info msg"); 05 logger.warn("warn msg"); 06 logger.error("error msg"); 07 logger.fatal("fatal msg"); error 2 5 debug <Root level="error"> <Root level="debug"> Log4J Log Log4J Log4J Logger Appender Layout 8-1 Log4J 8-6

Auditing Logging 8 8.1.1 Logger Level Package Appender Logger Root 8-3 log4j2_8-3.xml 01 <Loggers> 02 <Logger name="x.y.z" level="trace"> 03 <AppenderRef ref="console"/> 04 </Logger> 05 <Root level="error"> 06 <AppenderRef ref="console"/> 07 </Root> 08 </Loggers> Root error error Log4J fatal > error > warn > info > debug > trace fatal error warn info debug trace log Console Appender x.y.z Logger x.y.z trace trace Console Appender Root Logger Logger logger = LogManager.getRootLogger(); class Logger Logger logger = LogManager.getLogger(); Logger Log 8-7

Java 8-4 Log4JDemo.java 01 logger.trace("trace Message"); 02 logger.debug("debug Message"); 03 logger.info("info Message"); 04 logger.warn("warn Message"); 05 logger.error("error Message"); 06 logger.fatal("fatal Message"); Log4J class warn ConsoleAppender Warn Message Error Message Fatal Message Log level class debug Debug Message Info Message Warn Message Error Message Fatal Message 8.1.2 Appender Appender Log4J Appender ConsoleAppender FileAppender RollingFileAppender JDBCAppender SMTPAppender SyslogAppender Appenders 8-8

Auditing Logging 8 8-5 log4j2_8-5.xml 01 <Appenders> 02 <Console name="console" target="system_out"> 03... 04 </Console> 05 <File name="file" filename="logs/app.log"> 06... 07 </File> 08 <RollingFile name="rollingfile" filename="logs/app.log" 09 filepattern="logs/app-%d{yyyy-mm-dd}-%i.log"> 10 <Policies> 11 <TimeBasedTriggeringPolicy /> 12 <SizeBasedTriggeringPolicy size="200mb"/> 13 </Policies> 14... 15 </RollingFile> 16 <JDBC name="db" tablename="myschema.aplog"> 17 <DataSource jndiname="java:/comp/env/jdbc/logdb" /> 18 <Column name="event_time" iseventtimestamp="true" /> 19 <Column name="level" pattern="%level" /> 20 <Column name="class" pattern="%class" /> 21 <Column name="line" pattern="%line" /> 22 <Column name="message" pattern="%message" /> 23 <Column name="exception" pattern="%ex{full}" /> 24 </JDBC> 25 <SMTP name="mail" subject="error Log" to="" from="" 26 smtphost="localhost" smtpport="25" buffersize="50"> 27 </SMTP> 28 <Syslog name="syslog" host="localhost" port="514" protocol="tcp"/> 29 </Appenders> ConsoleAppender Console name ConsoleAppender target SYSTEM_OUT SYSTEM_ERR SYSTEM_ERR 8-9

Java FileAppender name FileAppender filename RollingFileAppender FileAppender RollingFileAppender name RollingFileAppender filename filepattern java.text.simpledateformat %i 2015 10 12 %d{yyyy-mmdd}-%i.log 2015-10-12-1.log 2015-10-12-2.log filename TimeBased Triggering Policy %d{yyyy-mm-dd}-%i.log dd SizeBased Triggering Policy size="200mb" 200MB KB MB GB Composite Triggering Policy TimeBased SizeBased 8-10

Auditing Logging 8 8-6 log4j2.xml 01 <Policies> 02 <TimeBasedTriggeringPolicy/> 03 <SizeBasedTriggeringPolicy size="200mb"/> 04 </Policies> JDBCAppender name JDBCAppender tablename DataSource jndiname JNDI JDBC Column name Column pattern PatternLayout conversion pattern iseventtimestamp Log SMTPAppender name SMTPAppender subject from to cc bcc smtphost SMTP IP smtpport SMTP smtpprotocol smtpusername SMTP smtppassword SMTP 8-11

Java SyslogAppender name SyslogAppender format RFC5424 RFC5424 BSD host Syslog port Syslog protocol TCP UDP appname Log facility Syslog KERN USER MAIL DAEMON AUTH SYSLOG LPR NEWS UUCP CRON AUTHPRIV FTP NTP AUDIT ALERT CLOCK LOCAL0 LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7 newline Syslog true messageid RFC5424 MSGID mdcid RFC5424 mdcid Log4J 2.2 8.1.3 Layout Log4J Layout Log4J JSONLayout HTMLLayout PatternLayout XMLLayout PatternLayout PatternLayout conversion pattern Log 8-12

Auditing Logging 8 8-1 PatternLayout %d {} Java Doc SimpleDateFormat %c com.abc.classa %L %m %n %p Log INFO, ERROR %t Log %c % c 8-2 PatternLayout %10c 10 - %-10c 10. %.20c 20. %10.20c 10 20 -. %-10.20c 10 20 8-13

Java PatternLayout <PatternLayout pattern="%d{yyyy-mm-dd HH:mm:ss.SSS} [%t] %-5p %c %L - %m%n"/> Logger logger = LogManager.getLogger(); logger.debug("debug msg"); logger.warn("warn msg"); PatternLayout 2015-01-01 12:25:38.123 [main] DEBUG com.abc.classa 2 - debug msg 2015-01-01 12:25:38.123 [main] WARN com.abc.classa 3 - warn msg JSONLayout Log JSON Jackson jackson-core jackson-annotations jackson-databind 2.0 JSONLayout charset character set UTF-8 complete JSON [ ] false locationinfo file class method line false JSONLayout <JsonLayout locationinfo="true" complete="false" /> 8-14

Auditing Logging 8 Logger logger = LogManager.getLogger(); logger.debug("debug msg"); logger.warn("warn msg"); JSONLayout { } { } "timemillis" : 1429163424446, "thread" : "main", "level" : "DEBUG", "loggername" : "sweb.ch8.testlog4j", "message" : "debug msg", "endofbatch" : false, "loggerfqcn" : "org.apache.logging.log4j.spi.abstractlogger", "source" : { "class" : "sweb.ch8.testlog4j", "method" : "main", "file" : "TestLog4J.java", "line" : 2 } "timemillis" : 1429163424498, "thread" : "main", "level" : "WARN", "loggername" : "sweb.ch8.testlog4j", "message" : "warn msg", "endofbatch" : false, "loggerfqcn" : "org.apache.logging.log4j.spi.abstractlogger", "source" : { "class" : "sweb.ch8.testlog4j", "method" : "main", "file" : "TestLog4J.java", "line" : 3 } 8-15

Java FileAppender HTMLLayout HTML HTML Table row HTMLLayout charset character set contenttype HTML contenttype locationinfo false title HTML title HTMLLayout <HTMLLayout locationinfo="true"/> Logger logger = LogManager.getLogger(); logger.debug("debug msg"); logger.warn("warn msg"); HTMLLayout <tr> <td>291</td> <td title="main thread">main</td> <td title="level"><font color="#339933">debug</font></td> <td title="sweb.ch8.testlog4j logger">sweb.ch8.testlog4j</td> <td>testlog4j.java:12</td> <td title="message">debug msg</td> </tr> <tr> <td>294</td> <td title="main thread">main</td> <td title="level"><font color="#993300"><strong>warn</strong></font></td> <td title="sweb.ch8.testlog4j logger">sweb.ch8.testlog4j</td> <td>testlog4j.java:14</td> 8-16

Auditing Logging 8 <td title="message">warn msg</td> </tr> XMLLayout Log XML Jackson jackson-core jackson-annotations jackson-databind jackson-dataformat-xml 2.0 XMLLayout charset character set UTF-8 UTF-16 complete XML false compact false true XMLLayout <XMLLayout charset="utf-8" complete="true" compact="true"/> Logger logger = LogManager.getLogger(); logger.debug("debug msg"); logger.warn("warn msg"); XMLLayout <?xml version="1.0" encoding="utf-8"?> <Events xmlns="http://logging.apache.org/log4j/2.0/events"> <Event xmlns="" xmlns="http://logging.apache.org/log4j/2.0/events" timemillis="1429232254605" thread="main" level="debug" loggername="sweb.ch8.testlog4j" endofbatch="false" loggerfqcn="org.apache.logging.log4j.spi.abstractlogger"> <Message>debug msg</message> </Event> <Event xmlns="" xmlns="http://logging.apache.org/log4j/2.0/events" timemillis="1429232254662" thread="main" level="warn" 8-17

Java loggername="sweb.ch8.testlog4j" endofbatch="false" loggerfqcn="org.apache.logging.log4j.spi.abstractlogger"> <Message>warn msg</message> </Event> </Events> IP Log4J message Session ID IP Log4J Thread Context Mapped Diagnostic Context MDC Thread Context Log4J Thread Context AccCtrlFilter.java request Session ID Thread Context 8-7 AccCtrlFilter.java 01 String sessionid = req.getsession().getid(); 02 String ip = req.getremoteaddr(); 03 ThreadContext.put("sessionId", sessionid); 04 ThreadContext.put("IP", ip); PatternLayout %X pattern <PatternLayout pattern="%d{yyyy-mm-dd HH:mm:ss.SSS} %X{IP} %X{sessionId} [%t] %-5p %c %L - %m%n"/> Log 2015-10-12 14:10:52.516 127.0.0.1 638F7B86154A00D9D932D047833835B0 [http-bio-80-exec-1] INFO sweb.ch7.accctrlfilter 42 - login succeed. 8-18

Auditing Logging 8 8.2 遠端備份紀錄 Syslog Java Log4J Syslog Log4J SyslogAppender Log Syslog Syslog Syslog CentOS CentOS 6 rsyslog log Syslog /etc/rsyslog.conf vi /etc/rsyslog.conf UDP 514 port # #$ModLoad imudp #UDPServerRun 514 TCP 514 port # $ModLoad imtcp $InputTCPServerRun 514 syslog Ip $template RemoteLogs,"/var/log/%FROMHOST-IP%.log" * *.*?RemoteLogs & ~ 8-19

Java rsyslogd /etc/init.d/rsyslog restart 514 port rsyslog server netstat -lnptu grep 514 參考資料 [1] http://law.moj.gov.tw/lawclass/lawall.aspx?pcode=i0050021 [2] http://logging.apache.org [3] http://www.rsyslog.com/ 8-20

2024 © docsplayer.com 隐私 | 条款 | 反馈