Logging Auditable Events
Hazelcast Enterprise Edition allows observing some important cluster events
using the Auditlog feature. Auditable events have a unique type ID;
they contain a timestamp and importance level.
The events may also contain a message and parameters.
Supported event type identifiers are listed in AuditlogTypeIds
.
You can enable the auditlog feature in the configuration as follows:
Declarative Configuration:
<hazelcast>
...
<auditlog enabled="true" />
...
</hazelcast>
hazelcast:
auditlog:
enabled: true
Programmatic Configuration:
Config config = new Config();
config.getAuditLogConfig().setEnabled(true);
The default auditlog implementation uses Hazelcast logging configuration and writes the events
as log entries with the category name "hazelcast.auditlog"
.
Sample Log4j2 configuration writing auditable events to a Syslog:
<Configuration>
<Appenders>
<Syslog name="Syslog" format="RFC5424"
host="syslog.acme.com" port="514" protocol="TCP"
appName="Hazelcast" newLine="true" messageId="Audit" id="hz" />
</Appenders>
<Loggers>
<Logger name="hazelcast.auditlog" level="debug">
<AppenderRef ref="Syslog" />
</Logger>
</Loggers>
</Configuration>
Auditlog SPI
The auditlog has its own SPI allowing you to provide your implementations.
Relevant classes and interfaces are located
in the com.hazelcast.auditlog
package.
The central point of auditlog SPI is the
AuditlogService
interface
and its log(…)
methods. Their implementations are responsible for
processing auditable events, e.g., writing them to a database.
AuditlogService
also creates the
EventBuilder
instances which are used to build
AuditableEvents
.
Another important piece in the SPI is the
AuditlogServiceFactory
interface.
The factory class allows the AuditlogService
initialization based on parameters.