How can I Route Audit Messages to Windows Event Log

Document ID : KB000030198
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

 

How can i configure the Enterprise Management Server to route message queue audit messages to the Windows event log. I would like that each time the Enterprise Management Server writes an audit message to the audit log, a corresponding event is sent to the Windows event log.

 

Instructions: 

Valid on Windows 64 bits.

To route message queue audit messages to Windows event log, perform the following steps.

 1.   Stop the JBoss application server, if running.

 2.  Navigate to the following directory, where JBOSS_HOME indicates the directory where you installed JBoss:

 JBOSS_HOME\server\default\conf\

 3.  Open the jboss-log4j.xml file.

 4.  Add an appender named "ENTM_NTEventLog" in the class.

 The appender specifies the class to use for auditing and how to display the data.

 5.  Specify the logger that the appender binds to as an input channel for the audit messages. Insert the following code before the <root> element of jboss-log4j.xml:

<logger name="EventLog">
    
<appender-ref ref="ENTM_UNIXSysLog"/>
</logger>

 6.  Save and close the file.

 7.  Copy the NTEventLogAppender.dll file to the Windows System32 directory

Note:  You can find the NTEventLogAppender.dll file in the Apache log4j 1.2.16 bundle. You can download the Apache log4j 1.2.16 from the Apache Logging Services website.

 8.  Start the JBoss application server.

 The Enterprise Management Server now routes message queue audit messages to the Windows event log.

 Example: Modify the jboss-log4j.xml file to send message queue audit messages to Windows Event Log

 9.  The following snippet shows the jboss-log4j.xml file that is configured to route message queue audit messages to the Windows Event Log::

 <appender name="ENTM_NTEventLog"

    class="org.apache.log4j.nt.NTEventLogAppender"> 

   <param name="Source" value="CA Access Control Enterprise Management"/>

   <layout class="org.apache.log4j.SimpleLayout"/>              

</appender>

<logger name="EventLog"> 

   <appender-ref ref="ENTM_NTEventLog"/>

</logger>

10.  In this example, the following are the changes:

 ·         Added a new appender by the name "ENTM_NTEventLog"

 ·         Added class by the name "org.apache.log4j.nt.NTEventLogAppender"

 ·         Defined the param name: "Source"

 ·         Defined the value: "CA Access Control Enterprise Management"

 ·         Defined the layout class:"org.apache.log4j.SimpleLayout"

 ·         Defined the logger name: "EventLog"

 ·         Defined the appender-ref ref : "ENTM_NTEventLog"

 [SOLUTION]

The document is valid but the dll copied should be the 64 one, not the 32bits.

Renamed the file "NTEventLogAppender.amd64.dll " to " NTEventLogAppender.dll ".

 11.  Copy the NTEventLogAppender.dll file to the Windows System32 directory.

This is invalid in case of 64 bits --> we must copy the 64 bits dll as explained.