audit4j / audit4j-core Goto Github PK

Version 2.5.0

I have added the @Audit annotation to one of my controller methods and have implemented the MetaData interface but no audit events are triggered

	@Audit
	public void handleRequest(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		logger.info("Received request: " + request.getRequestURI() + "?" + request.getQueryString());
                ...
        }

package com.launchworks.launchbi.audit;

import org.audit4j.core.MetaData;

public class AuditData implements MetaData {

	@Override
	public String getActor() {
		return "blah";
	}

	@Override
	public String getOrigin() {
		return "booh";
	}

}

!Configuration
handlers:
- !org.audit4j.handler.db.DatabaseAuditHandler
    embedded: false
    db_driver: com.mysql.cj.jdbc.Driver
    db_url: jdbc:mysql://localhost:3306/launchbi_audit_local?serverTimezone=UTC
    db_user: ***
    db_password:***
layout: 
  !org.audit4j.core.layout.SimpleLayout
    dateFormat: MM/dd/yyyy HH:mm:ss zzz
metaData: !com.launchworks.launchbi.audit.AuditData {}

In EnvUtil.isJDK7OrHigher, the way that the check is done does not work for Java 9 (java.version is 9.0.1 v expected 1.9). This is preventing use on project with java 9 (and forthcoming differing naming conventions)

Hi,
I'm trying to implement your Auditing framework and I experienced a strange behavior.

Context

I implemented a class MetaData, I use the @Audit annotation and the org.audit4j.integration.spring.AuditAspect into my spring context.

The audited object :

public class DummyObject
{
    @Audit
    public void doSomething( final String param1)
    {
        System.out.println("something done with " + param1);
    }
}

The metadata implementation:

public class MyMetaData implements MetaData
{

    @Override
    public String getActor()
    {
        return "noOne";
    }

}

Implementation result

Log result

Audit4j:INFO Audit4j initialized. Total time: 265ms
13:23:06 �[31m[WARN ]�[0;39m �[36m[o.a.c.exception.ValidationException]�[0;39m �[35m[]�[0;39m Audit4j: Validation Exception: Invalid Input
07/17/2015 13:23:06|noOne|null|doSomething==>arg0 java.lang.String:strange,
something done with strange
Audit4j:INFO Preparing to shutdown Audit4j...

Issues

Warning log

I take a look to understand why I had a validationException thrown:

1. The AuditEvent is being audited
2. a call to this method is doneAuditEventOutputStream.write(AuditEvent event)which then, calls ValidationManager.validateEvent(event) which checks if the event has an Actor. As it doesn't, a ValidationException is thrown.
3. back into AuditEventOutputStream.write(AuditEvent event) catch clause, there is a call to TroubleshootManager.troubleshootEvent(event); which calls my MyMetaData implementation to set the actor.

I expected to have my MyMetaData implementation called before the validation of the event.

No possibility to set an Origin

As I'm using the @Audit annotation, I'm unable to set an origin and if you take a look at the previous one, the origin is null. It could be great if you could add a getOrigin method somewhere like the getActor located into the MetaData Interface.

Cheers.

I am updating my application to Java10 and found Audit4J checks Java environment, I believe due to checking version in 1.X format, which works for 1.7, 1.8 etc but in Java10 version format has changed to 10.X.
I have updated this part of audit4J-core (locally only for now), the version issue seem to resolved but now SpringAudit4jConfig is causing issues, error log below:
--//--
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.audit4j.integration.spring.SpringAudit4jConfig]: Factory method 'springAudit4jConfig' threw exception; nested exception is java.lang.LinkageError
--//--

Any suggestion please?

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springAudit4jConfig' defined in class path resource [com/sprhib/init/WebAppConfig.class]: Invocation of init method failed; nested exception is java.lang.NoSuchMethodError: org.audit4j.core.Configuration.setOptions(Ljava/lang/String;)V

Hello,

I have huge need to have opportunity to set the scheme where audit table will be created.

Can you add this property to DB handler?

Thanks

Since you are looping over all handlers and set the AuditEvent for the each of them.. it is possible to lose events - the library is therefore not thread safe.
See AuditEventProcessor L70 https://github.com/audit4j/audit4j-core/blob/master/src/main/java/org/audit4j/core/AuditEventProcessor.java#L70

Hello,

At present time (version 2,5,0) I think there is no way to add in the log more information about the user than the user name (Actor defined in MetaData)

I would like to add the "roles" coming from the authorization system.

For example, in the framework shiro you can give to a user several roles

Do you think it is a good idea ?
What must be changed to make this extension possible ?

I think this issue 45 is close to what I am describing
#45

Regards Franck

Basically that AuditFileWriter implementation opens new files on every attempt and never closes them. After some time the server crashes because of "too many open files".
I have to say this is a quite bewildering and severe bug for an audit library, whose purpose is, after all, to write to a file.

To me this method is clearly the culprit:

   @Override
    public ZeroCopyFileWriter write(String event) {
//        String realPath = FileHandlerUtil.generateOutputFilePath(path);

        String realPath = FileHandlerUtil.generateOutputFilePath(
    			path, 
    			FileHandlerUtil.generateAuditFileName());

        try {
            if (FileHandlerUtil.isFileAlreadyExists(realPath)) {
                randomAccessFile = new RandomAccessFile(realPath, CoreConstants.READ_WRITE);
            } else {
                randomAccessFile = new RandomAccessFile(new File(realPath), CoreConstants.READ_WRITE);
            }
        } catch (FileNotFoundException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        fileChannel = randomAccessFile.getChannel();
        
        String str2 = event + CoreConstants.NEW_LINE;

        long numBytes = str2.getBytes().length;

        InputStream inputStream = new ByteArrayInputStream(str2.getBytes(Charset.forName("UTF-8")));

        try {

            // move the cursor to the end of the file
            randomAccessFile.seek(randomAccessFile.length());

            // obtain the a file channel from the RandomAccessFile
            try (ReadableByteChannel inputChannel = Channels.newChannel(inputStream);) {
                fileChannel.transferFrom(inputChannel, randomAccessFile.length(), numBytes);
            } catch (IOException e) {
                e.printStackTrace();
            }

        } catch (IOException e) {
            e.printStackTrace();
        }
        return this;
    }

Dear author

I'm trying to find a way to save the content of elements column in json format, because I only care about values and don't want to save too many infos about objects' types.

It seems hard to override method behaviors of some important classes(such as DefaultAnnotationTransformer). Do you have any suggestion?

Using audit4j2.4.1 and Audit4j DB 2.4.1 .

.Reason it is trying to execute create table if not exists audit (identifier VARCHAR(200) NOT NULL,timestamp TIMESTAMP NOT NULL,actor VARCHAR(200) NOT NULL,origin VARCHAR(200),action VARCHAR(200) NOT NULL,elements VARCHAR(70000));

in which if not exists is not supported by mssqlserver. Please have a look

Hi authors, I meet SQL Exception on "create table if not exists", I use sybase DB. Could you show me how to resolve it? Thank you!

Hello

with Audit4j version 2.5.0
when I am using a config with YAML file
for CustomizableLayout, I cannot use the properties dateFormat and template

YAML example file

!Configuration # Mandatory
 
# Configure handlers, One or more handlers must be configured.
handlers:
- !org.audit4j.core.handler.ConsoleAuditHandler {}
 
# Configure handlers, Either one handler must be configured.
layout: !org.audit4j.core.layout.CustomizableLayout
   dateFormat: yyyy/MM/dd HH:mm:ss
   template: ${eventDate}|${uuid}|${actor}|${action}|${origin} => ${foreach fields field}[${field.name}:${field.value}]${end}
 
# Configure meta data.
metaData: !org.audit4j.core.DummyMetaData {}

root cause:
missing getter for the fields dateFormat and template in CustomizableLayout class

Regards Franck

Version 2.5.0

For our different environments in our deployment pipeline, our audit4j config file will have an environment name infix in the filename, e.g. 'audit4j.conf-qa.yml'

We then set the path using:

System.setProperty("audit4j.conf.file.path", System.getProperty("user.home") + File.separator + "audit4j-conf*.yml");

But this results in the following exception:

java.nio.file.InvalidPathException: Illegal char <*> at index 30: C:\Users\Jonathan\audit4j-conf*.yml

Could you use the following instead?

FileFilter fileFilter = new WildcardFileFilter(filename);
File[] files = dir.listFiles(fileFilter);
int count = files.length;
if (count != 1) {
	//file not found handling goes here
}

//file found handling goes here```

Hi,
I would like to include annotations in some classes of my web app but when i put @Audit on the class or on a method nothing is audited...
If i use AuditManager manually it works.

My application is deployed into a Tomcat 8 with jdk 8 with no java framework like spring.
And i put a the listener in my web.xml and add -scanAnnotated with my package and all seem to start :

Audit4j:INFO Initializing Audit4j...
Audit4j:INFO Loading Configurations...
Audit4j:INFO Validating Configurations...
Audit4j:INFO Initializing Commands...
Audit4j:INFO -scanAnnotated Command Initialized.
Audit4j:INFO Initializing Handlers...
Audit4j:INFO org.audit4j.core.handler.ConsoleAuditHandler Initialized.
Audit4j:INFO org.audit4j.core.handler.file.FileAuditHandler Initialized.
Audit4j:INFO Initializing Layout...
Audit4j:INFO org.audit4j.core.layout.SimpleLayout Initialized.
Audit4j:INFO Initializing Streams...
Audit4j:INFO Audit Streams Initialized.
Audit4j:INFO Executing Schedulers...
Audit4j:INFO Audit4j initialized. Total time: 3385ms

Could you please help me ?

Version 2.5

It would be nice to have support for loading the config file from the user's home directory,

String homeDirectory = System.getProperty("user.home");

Hi, is there a way to join Spring security Authentication?
There is an example inside doc about MetaData Customization where you place an implementation example
import org.audit4j.core.MetaData;
public class MyMetaData implements MetaData{
@OverRide
public String getActor() {
return MyContext.getAuthanticatedUSer();
}
}
so I tried to retrieve my spring authentication user from SecurityContext, but it returns always null authentication even if user is already logged in.

Could You please show me how to retrive a filled value from "MyContext.getAuthanticatedUSer()"?

Hello,

do you have any example with the integration of Audit4j inside a SpringBoot application ?

Regards Franck

Not really an issue but a suggestion.

The @AuditField javadoc says (also the the same on the audit4j site)
`/**

• The AuditField annotation.
• This Annotation is used to mark parameters which will include in the audit
• event.
• @author Janith Bandara
• @SInCE 1.0.0
  */`

But this is not the current behavior, audit4j now traces all method fields by default (excluding those with @IgnoreAudit). This can be a crap for new users (like me) those expects only annotated fields are picked up. The annotation is useful only for set a name on the field.

After a source code lookup i notice a new system for configure a custom annotation transfomer in 2.5 release (there's no docs for this) so I was able to reverse the behavior for my purpuose.

Very nice library!

The conversion of the method args to a List is based on the arg's toString() implementation. It would be nice to support a pluggable conversion from object to a String or even support producing multiple Field's from a single argument.

Consider the following case:

public MyDTO create(MyDTO arg) { ... }

In this case, I'd like to record a couple of different fields from the MyDTO arg as opposed to relying solely on its toString() implementation.

I'm thinking I can add the behavior I want by writing my own version of AnnotationTransformer and then using it in an AuditOutputStream but it would be nice if this had a declarative / annotation driven solution. For spring users in particular, it would be great to have the option of an annotation that produced a List using different names and SpEL (spring expression language). For example, I could annotate the above method with an array of annotations each one having a name and SpEL that would extract the field I want to include in the AuditEvent.

I was tracking an error reported by a developer on our team, and the stacktrace included the exception thrown from the following method in "YAMLConfigProvider":

    public void generateConfig(T config, String filePath) throws ConfigurationException {
        YamlWriter writer;
        try {
            writer = new YamlWriter(new FileWriter(filePath));
            writer.getConfig().setClassTag("Configuration", clazz);
            writer.write(Configuration.DEFAULT);
            writer.close();
        } catch (IOException e) {
            throw new ConfigurationException("Configuration Exception", "CONF_002");
        }
    }

That throw statement is dropping the IOException on the floor, which would likely have had information about what file path was being attempted, and that it doesn't exist (I'm making an educated guess from the circumstances of the error that was reported). This throw statement should be fixed to include the caught exception.

Hello Team

I am using audit4j library for my java application for auditing feature and found that it depends on javassist jar of version 3.12.1.GA from javassist group. But, in the javassist maven repository https://mvnrepository.com/artifact/javassist/javassist, it has been told that this artifact was moved to new group org.javassist with new artifact javassist. I looked at the latest source code from github and found that latest audit4j source still pointing to older group on maven for javassist dependency.
Is there any reason for this ? Or do you have any plan to move to newer group of org.javassist ?

In the configuration section of Audit4J documentation it says that the first step that Audit4J try to do is:

"1. Check whether configurations that are directly injected are available in the Context. If available; proceed with the injected configuration. If not, jump to step 7."

How do I "directly inject the configurations in the Context" ?

I'm not able to choose a configuration file from a folder in my application (like 'src/main/resources', for instance), Audit4J is always jumping to the step 7 and creating a new configuration file.

Thanks!

_OBS.:_ I don't know if it is a bug, but when Audit4J creates the configuration file, its name is being "auit4J.conf.yml" instead of "audit4J.conf.yml".

I have implemented Audit4j with Spring boot in my application. The application starts up and Audit4j is initialized but once I try to reach a page on the server (tomcat), I am hit with many error messages. Below are a few. I ran the sample project and that works fine, but implementing it in a larger project causes a lot of errors.
Any solutions for this?

at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:148)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
... 47 more

Caused by: org.audit4j.core.exception.Audit4jRuntimeException: Error due to converting object to string representation.
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:148)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:106)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
Audit4j:ERROR Problem while running Audit4j: Error due to converting object to string representation.
org.audit4j.core.exception.Audit4jRuntimeException: Error due to converting object to string representation.
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:148)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:87)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.serialize(ObjectToFieldsSerializer.java:166)
at org.audit4j.core.DefaultAnnotationTransformer.getFields(DefaultAnnotationTransformer.java:159)
at org.audit4j.core.DefaultAnnotationTransformer.transformToEvent(DefaultAnnotationTransformer.java:96)
at org.audit4j.core.io.AsyncAnnotationAuditOutputStream$1.accept(AsyncAnnotationAuditOutputStream.java:71)
at org.audit4j.core.io.AsyncAnnotationAuditOutputStream$1.accept(AsyncAnnotationAuditOutputStream.java:68)
at reactor.function.support.Boundary$1.accept(Boundary.java:67)
at reactor.core.action.CallbackAction.doAccept(CallbackAction.java:36)
at reactor.core.action.Action.accept(Action.java:52)
at reactor.core.action.Action.accept(Action.java:32)
at reactor.event.routing.ArgumentConvertingConsumerInvoker.invoke(ArgumentConvertingConsumerInvoker.java:73)
at reactor.event.routing.ConsumerFilteringEventRouter.route(ConsumerFilteringEventRouter.java:78)
at reactor.event.dispatch.AbstractLifecycleDispatcher.route(AbstractLifecycleDispatcher.java:64)
at reactor.event.dispatch.AbstractSingleThreadDispatcher$SingleThreadTask.run(AbstractSingleThreadDispatcher.java:50)
at reactor.event.dispatch.RingBufferDispatcher$3.onEvent(RingBufferDispatcher.java:115)
at reactor.event.dispatch.RingBufferDispatcher$3.onEvent(RingBufferDispatcher.java:112)
at com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:128)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Audit4j:ERROR Problem while running Audit4j: Error due to converting object to string representation.
org.audit4j.core.exception.Audit4jRuntimeException: Error due to converting object to string representation.
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:148)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:87)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
at org.audit4j.core.ObjectToFieldsSerializer.serialize(ObjectToFieldsSerializer.java:166)
at org.audit4j.core.DefaultAnnotationTransformer.getFields(DefaultAnnotationTransformer.java:159)
at org.audit4j.core.DefaultAnnotationTransformer.transformToEvent(DefaultAnnotationTransformer.java:96)
at org.audit4j.core.io.AsyncAnnotationAuditOutputStream$1.accept(AsyncAnnotationAuditOutputStream.java:71)
at org.audit4j.core.io.AsyncAnnotationAuditOutputStream$1.accept(AsyncAnnotationAuditOutputStream.java:68)
at reactor.function.support.Boundary$1.accept(Boundary.java:67)
at reactor.core.action.CallbackAction.doAccept(CallbackAction.java:36)
at reactor.core.action.Action.accept(Action.java:52)
at reactor.core.action.Action.accept(Action.java:32)
at reactor.event.routing.ArgumentConvertingConsumerInvoker.invoke(ArgumentConvertingConsumerInvoker.java:73)
at reactor.event.routing.ConsumerFilteringEventRouter.route(ConsumerFilteringEventRouter.java:78)
at reactor.event.dispatch.AbstractLifecycleDispatcher.route(AbstractLifecycleDispatcher.java:64)
at reactor.event.dispatch.AbstractSingleThreadDispatcher$SingleThreadTask.run(AbstractSingleThreadDispatcher.java:50)
at reactor.event.dispatch.RingBufferDispatcher$3.onEvent(RingBufferDispatcher.java:115)
at reactor.event.dispatch.RingBufferDispatcher$3.onEvent(RingBufferDispatcher.java:112)
at com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:128)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at sun.security.util.DerValue.equals(DerValue.java:799)
at sun.security.x509.AlgorithmId.equals(AlgorithmId.java:266)
at sun.security.x509.AlgorithmId.equals(AlgorithmId.java:282)
at java.util.ArrayList.indexOf(ArrayList.java:321)
at java.util.ArrayList.contains(ArrayList.java:304)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:62)
at org.audit4j.core.ObjectToFieldsSerializer.toFields(ObjectToFieldsSerializer.java:138)
... 53 more

As part of some research about the common crypto mistakes that developers make, I noticed that your application has one of them.

In EncryptionUtil.getCipher you're initializing a Cipher instance with a static IV which is insecure.

One possible solution would be to generate the initialization vector using SecureRandom:

byte[] iv = new byte[16];
new SecureRandom().nextBytes(iv);

Hi.
I have included the audit4j(core/spring/db) into my project. Everything works, but when the count of records in the audit table become equal 14, new record is not created. What it can be?

Thanks

Trying to access http://audit4j.org I get a "host not resolvable".
The domain still seems to be registered and has been updated recently:

Registry Domain ID: D171249081-LROR
Registrar WHOIS Server: whois.registrar.amazon.com
Registrar URL: registrar.amazon.com
Updated Date: 2020-05-03T00:20:25Z
Creation Date: 2014-02-27T15:52:18Z
Registry Expiry Date: 2021-02-27T15:52:18Z
Registrar Registration Expiration Date:
Registrar: Amazon Registrar, Inc.
Registrar IANA ID: 468```

On Solaris 10 with Weblogic 12c and audit4j 2.3.1, when load tests are run, we are seeing IOException due to too many open files.
java.io.FileNotFoundException: /audit/Audit_Log-2016-12-14.audit (Too many open files)
at java.io.RandomAccessFile.open0(Native Method)
at java.io.RandomAccessFile.open(RandomAccessFile.java:316)
at java.io.RandomAccessFile.(RandomAccessFile.java:243)
at java.io.RandomAccessFile.(RandomAccessFile.java:124)
at org.audit4j.core.handler.file.ZeroCopyFileWriter.write(ZeroCopyFileWriter.java:88)

When looked at the open files using pfiles -F command, we are seeing many .audit files in open mode as below:
pfiles -F | grep -i audit
.... removed audit jar files ...
/audit/Audit_Log-2016-12-15.audit
/audit/Audit_Log-2016-12-15.audit
This makes the number of open files grow very quickly to more than the allowed 65k files, causing the error.
Our code is very simple:
private static AuditManager manager = AuditManager.getInstance();
//create builder with data
manager.audit(builder.build());

I am trying to store the audit timestamp with the UTC timezone included in the database. I am using the following config

!Configuration
handlers:
- !org.audit4j.handler.db.DatabaseAuditHandler
    embedded: false
    db_driver: com.mysql.cj.jdbc.Driver
    db_url: jdbc:mysql://localhost:3306/launchbi_audit_local?serverTimezone=UTC
    db_user: ***
    db_password: ***
layout: 
  !org.audit4j.core.layout.SimpleLayout
    dateFormat: MM/dd/yyyy HH:mm:ss zzz

But this has no effect, the timestamp is stored without the timezone

I am using audit4j-core version 2.5.0 and audit4j-db version 2.5.0

Hi

I've done several test cases and found incorrect behavior in annotation work:

Description: I have one interface UserService and one implementation UserServiceImpl

Test1 - Set @Audit on interface level.
Result1 - not works at all.

Test2 - Set @Audit on class level.
Result2 - works correct.

Test3 - Set @Audit on class level and @IgnorAudit on special method.
Result3 - works incorrect, all methods are audited.

Test4 Set @Audit on method level in the class.
Result4 - not works at all.

Test5 Set @Audit on method level in interface.
Result5 - not works at all.

Test6 Set @Audit on method level in interface and class in the same time.
Result6 - works correct.

Hello,

I'm trying to get documentation about audit4j and it is "down". Did you move to other site?

Thanks,

Using audit4j.conf.yaml for configuration. When I configure a SimpleLayout with a dateFormat like this

layout: !org.audit4j.core.layout.SimpleLayout {
dateFormat: "yyyy-MM-dd HH:mm:ss"
}

I get a this exception:

Caused by: com.esotericsoftware.yamlbeans.YamlReader$YamlReaderException: Line 7, column 13: > Unable to find property 'dateFormat' on class: org.audit4j.core.layout.SimpleLayout

Adding public String getDateFormat() method to SimpleLayout seems to correct this.

I am using audit4j to audit my spring based web application. Can we create custom column in audit table?

Let say I want to store the employee id and its name along with the audit records in emp_id and emp_name column with actor, timestamp etc.

Do we have support in audit4j to achieve above scenario or workaround?

Hi,

I'm implementing my own Handler but I'm unable start my service anymore due to this exception

Caused by: org.audit4j.core.exception.InitializationException: initialization failed.!!
  at org.audit4j.core.Context.init(Context.java:122)
  at org.audit4j.core.AuditManager.init(AuditManager.java:53)
  at org.audit4j.core.AuditManager.getInstance(AuditManager.java:118)
  at org.audit4j.core.AuditManager.startWithConfiguration(AuditManager.java:176)
  at org.audit4j.integration.spring.SpringAudit4jConfig.afterPropertiesSet(SpringAudit4jConfig.java:69)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570)
  ... 40 more
Caused by: org.audit4j.core.exception.ValidationException: Handler implementation(...RepositoryHandler) shuold be a serializable type.
  at org.audit4j.core.ValidationManager.validateConfigurations(ValidationManager.java:86)
  at org.audit4j.core.Context.init(Context.java:119)
  ... 46 more

Is it possible to avoid the need of being a Serializable object, or is something mandatory ? My handler uses/implements other objects and interfaces that are not serializable.

Thanks.

Whenever using for a non primitive or non-string object ...getting some issues with regards to org.audit4j.core.ObjectToFieldsSerializer.toFields.
Audit4j:ERROR Problem while running Audit4j: Error due to converting object to string representation.
org.audit4j.core.ObjectToFieldsSerializer.toFields

Hi,

First of all, congratulations for this library. The code looks good, the site is very good with a lot of useful information.
I think to use your library in one of my project to improve the audit part. My concern is related to the number of dependencies. In my opinion is a little bit high. My application is a relative small application, that uses Pippo web framework (140K) and the target machine is ... Raspberry PI :) For this reason I wish to keep the amount of jars at minimum. I wrote in the past a tiny audit library but the performance of your library and the configurability of it, are the reasons to make me to write you.
Your modular approach (audit4j-*) is very welcome but I need to reduce somehow the number of audit4j-core + dependencies.

Hello,

bug found in Audit4j-core version 2,5,0

It is not possible to change the prefix of the audit file : this file always starts with the default prefix (Audit_log)
the property auditFilePrefix is not taken in account in FileAuditHandler, because in the class FileHandlerUtil the method generateAuditFileName() has a hardcoded prefix name.

see also the request in stackoverflow.com
https://stackoverflow.com/questions/51129472/change-the-file-name-in-audit4j

Regards Franck

I have found one of the issue with method isJDK_N_OrHigher() in EnvUtil class in audit4j-core 2.5.0

private static boolean isJDK_N_OrHigher(int n) {
       List<String> versionList = new ArrayList<String>();
       // this code should work at least until JDK 10 (assuming n parameter is
       // always 6 or more)
       for (int i = 0; i < 5; i++) {
           versionList.add("1." + (n + i));
       }

       String javaVersion = System.getProperty("java.version");
       if (javaVersion == null) {
           return false;
       }
       for (String v : versionList) {
           if (javaVersion.startsWith(v))
               return true;
       }
       return false;
   }

As the list containing 1.x and matching with system java version. It works fine upto Java 1.8 but from Java 10 versioning has been changed(10.x) due to which validation is failing. Could you please look into this.

I'm running into some issues while setting up audit4j 2.4.0 to communicate with an Oracle DB that I'm hoping you can help me with.

• The documentation for YAML configuration isn't working for me. I keep getting an "Unable to find property 'embedded' on class: org.audit4j.core.Configuration" error. Moving to using the spring configuration, I was able to at least get it to talk to the db.

After some digging it looks like the Maven repo doesn't have the correct versions of the audit4j-db jar.
The version of the DatabaseAuditHandler that I have is trying to create a table named "audit", while the github version takes a default_table_name.

        logDao.createAuditTableIFNotExist("audit");
        getDaoForTable(default_table_name);

Hello.

Would be great if you change type of column "timestamp" from varchar to date(timestamp) in audit table.

Thanks.

Maven not finding @audit4j-core version 2.6.0, any help please?

Hello,
bug found in version 'org.audit4j:audit4j-core:2.5.0'

Problem:
It is not possible to set sync mode because async always is true

Solution:
It is needed to change line 53-54:

if (options.contains(ASYNC_OPTION))
  async = true;

Setting up Audit4j (v2.3.1) in a Servlet Sepc 3.x can be quite tricky.
Now I see that you have "removed support" for it.. de72070.
Can we have insight into the motivation behind this move?

Also: If no "handlers" are found the AuditManager is started with a path taken from context.getRealPath("/WEB-INF/classes") and afterwards checked if it is a file with AuditUtil.isFileExists(configFilePath) which always leads to an InitializationException.

Currently, I am working around this by setting init parameters in my initializer like this:

        servletContext.setInitParameter("handlers", "org.audit4j.core.handler.ConsoleAuditHandler");
        servletContext.setInitParameter("layout", "org.audit4j.core.layout.SimpleLayout");
        servletContext.setInitParameter("metaData", "org.audit4j.core.DummyMetaData");

This is not the way I had anticipated my config to look like. Can you guide the way to a proper solution?

There should have a way to identify audit event is Success or Failure. Based on this question opening a new enhancement request.