Audit Logging

Features > Security > Audit Logging

For many secured environments there’s a requirement to log every user management action. For that ActiveMQ Classic implements audit logging, which means that every management action made through JMX or Web Console management interface will be logged and available for later inspection.

Audit logging comes pre-configured with the distribution, so it’s very easy to turn it on or off. All you have to do is to set org.apache.activemq.audit system property.  From 5.16.0 the value can be one of “true|entry|exit|all”. When the value is all or exit, the audit captures the time the JMX operation completed. You can do that by uncommenting the following line in the startup script:

ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS -Dorg.apache.activemq.audit=true"

The actual logs are by default stored in ${ACTIVEMQ_HOME}/data/audit.log and for secured broker you may expect entries similar to the following:

2010-12-22 12:12:07,225 | INFO  | admin requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1 | qtp12205619-39
2010-12-22 12:12:14,512 | INFO  | admin requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1 | qtp12205619-36
2010-12-22 12:12:17,802 | INFO  | admin requested /admin/sendMessage.action [JMSTimeToLive='' JMSXGroupSeq='' AMQ_SCHEDULED_DELAY='' JMSType='' JMSMessageCountHeader='JMSXMessageCounter' JMSXGroupID='' JMSReplyTo='' JMSDestination='test' AMQ_SCHEDULED_PERIOD='' JMSText='Enter some text 
here for the message body...' JMSDestinationType='queue' AMQ_SCHEDULED_CRON='' JMSCorrelationID='' AMQ_SCHEDULED_REPEAT='' JMSMessageCount='1' secret='a0e1df62-14d6-4425-82a2-17aa01a16e7d' JMSPriority='' ] from 127.0.0.1 | qtp12205619-37
...
2010-12-22 12:12:57,553 | INFO  | admin called org.apache.activemq.broker.jmx.QueueView.purge[] | RMI TCP Connection(8)-192.168.1.107
2010-12-22 12:13:21,976 | INFO  | admin called org.apache.activemq.broker.jmx.QueueView.resetStatistics[] | RMI TCP Connection(8)-192.168.1.107
2010-12-22 12:13:32,457 | INFO  | admin called org.apache.activemq.broker.jmx.QueueView.sendTextMessage[message] | RMI TCP Connection(6)-192.168.1.107

In this example you can see sample entries for actions taken both in Web Console or via JMX. Log entries contain info like:

  • username (if available), or “anonymous” otherwise
  • Operation performed, which in JMX case is the method name and request URL if the operation is performed over web
  • Parameters used for the operation and
  • IP address from which call has been made

A default location of the audit log can be configured in ${ACTIVEMQ_HOME}/conf/log4j.properties

Apache, ActiveMQ, Apache ActiveMQ, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2024, The Apache Software Foundation. Licensed under Apache License 2.0.