001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.client; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import org.forgerock.opendj.ldap.AddressMask; 033import org.opends.server.admin.ConfigurationClient; 034import org.opends.server.admin.ManagedObjectDefinition; 035import org.opends.server.admin.PropertyException; 036import org.opends.server.admin.std.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType; 037import org.opends.server.admin.std.server.AccessLogFilteringCriteriaCfg; 038import org.opends.server.types.DN; 039 040 041 042/** 043 * A client-side interface for reading and modifying Access Log 044 * Filtering Criteria settings. 045 * <p> 046 * A set of rules which together determine whether a log record should 047 * be logged or not. 048 */ 049public interface AccessLogFilteringCriteriaCfgClient extends ConfigurationClient { 050 051 /** 052 * Get the configuration definition associated with this Access Log Filtering Criteria. 053 * 054 * @return Returns the configuration definition associated with this Access Log Filtering Criteria. 055 */ 056 ManagedObjectDefinition<? extends AccessLogFilteringCriteriaCfgClient, ? extends AccessLogFilteringCriteriaCfg> definition(); 057 058 059 060 /** 061 * Gets the "connection-client-address-equal-to" property. 062 * <p> 063 * Filters log records associated with connections which match at 064 * least one of the specified client host names or address masks. 065 * <p> 066 * Valid values include a host name, a fully qualified domain name, 067 * a domain name, an IP address, or a subnetwork with subnetwork 068 * mask. 069 * 070 * @return Returns the values of the "connection-client-address-equal-to" property. 071 */ 072 SortedSet<AddressMask> getConnectionClientAddressEqualTo(); 073 074 075 076 /** 077 * Sets the "connection-client-address-equal-to" property. 078 * <p> 079 * Filters log records associated with connections which match at 080 * least one of the specified client host names or address masks. 081 * <p> 082 * Valid values include a host name, a fully qualified domain name, 083 * a domain name, an IP address, or a subnetwork with subnetwork 084 * mask. 085 * 086 * @param values The values of the "connection-client-address-equal-to" property. 087 * @throws PropertyException 088 * If one or more of the new values are invalid. 089 */ 090 void setConnectionClientAddressEqualTo(Collection<AddressMask> values) throws PropertyException; 091 092 093 094 /** 095 * Gets the "connection-client-address-not-equal-to" property. 096 * <p> 097 * Filters log records associated with connections which do not 098 * match any of the specified client host names or address masks. 099 * <p> 100 * Valid values include a host name, a fully qualified domain name, 101 * a domain name, an IP address, or a subnetwork with subnetwork 102 * mask. 103 * 104 * @return Returns the values of the "connection-client-address-not-equal-to" property. 105 */ 106 SortedSet<AddressMask> getConnectionClientAddressNotEqualTo(); 107 108 109 110 /** 111 * Sets the "connection-client-address-not-equal-to" property. 112 * <p> 113 * Filters log records associated with connections which do not 114 * match any of the specified client host names or address masks. 115 * <p> 116 * Valid values include a host name, a fully qualified domain name, 117 * a domain name, an IP address, or a subnetwork with subnetwork 118 * mask. 119 * 120 * @param values The values of the "connection-client-address-not-equal-to" property. 121 * @throws PropertyException 122 * If one or more of the new values are invalid. 123 */ 124 void setConnectionClientAddressNotEqualTo(Collection<AddressMask> values) throws PropertyException; 125 126 127 128 /** 129 * Gets the "connection-port-equal-to" property. 130 * <p> 131 * Filters log records associated with connections to any of the 132 * specified listener port numbers. 133 * 134 * @return Returns the values of the "connection-port-equal-to" property. 135 */ 136 SortedSet<Integer> getConnectionPortEqualTo(); 137 138 139 140 /** 141 * Sets the "connection-port-equal-to" property. 142 * <p> 143 * Filters log records associated with connections to any of the 144 * specified listener port numbers. 145 * 146 * @param values The values of the "connection-port-equal-to" property. 147 * @throws PropertyException 148 * If one or more of the new values are invalid. 149 */ 150 void setConnectionPortEqualTo(Collection<Integer> values) throws PropertyException; 151 152 153 154 /** 155 * Gets the "connection-protocol-equal-to" property. 156 * <p> 157 * Filters log records associated with connections which match any 158 * of the specified protocols. 159 * <p> 160 * Typical values include "ldap", "ldaps", or "jmx". 161 * 162 * @return Returns the values of the "connection-protocol-equal-to" property. 163 */ 164 SortedSet<String> getConnectionProtocolEqualTo(); 165 166 167 168 /** 169 * Sets the "connection-protocol-equal-to" property. 170 * <p> 171 * Filters log records associated with connections which match any 172 * of the specified protocols. 173 * <p> 174 * Typical values include "ldap", "ldaps", or "jmx". 175 * 176 * @param values The values of the "connection-protocol-equal-to" property. 177 * @throws PropertyException 178 * If one or more of the new values are invalid. 179 */ 180 void setConnectionProtocolEqualTo(Collection<String> values) throws PropertyException; 181 182 183 184 /** 185 * Gets the "log-record-type" property. 186 * <p> 187 * Filters log records based on their type. 188 * 189 * @return Returns the values of the "log-record-type" property. 190 */ 191 SortedSet<LogRecordType> getLogRecordType(); 192 193 194 195 /** 196 * Sets the "log-record-type" property. 197 * <p> 198 * Filters log records based on their type. 199 * 200 * @param values The values of the "log-record-type" property. 201 * @throws PropertyException 202 * If one or more of the new values are invalid. 203 */ 204 void setLogRecordType(Collection<LogRecordType> values) throws PropertyException; 205 206 207 208 /** 209 * Gets the "request-target-dn-equal-to" property. 210 * <p> 211 * Filters operation log records associated with operations which 212 * target entries matching at least one of the specified DN patterns. 213 * <p> 214 * Valid DN filters are strings composed of zero or more wildcards. 215 * A double wildcard ** replaces one or more RDN components (as in 216 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 217 * either a whole RDN, or a whole type, or a value substring (as in 218 * uid=bj*,ou=people,dc=example,dc=com). 219 * 220 * @return Returns the values of the "request-target-dn-equal-to" property. 221 */ 222 SortedSet<String> getRequestTargetDNEqualTo(); 223 224 225 226 /** 227 * Sets the "request-target-dn-equal-to" property. 228 * <p> 229 * Filters operation log records associated with operations which 230 * target entries matching at least one of the specified DN patterns. 231 * <p> 232 * Valid DN filters are strings composed of zero or more wildcards. 233 * A double wildcard ** replaces one or more RDN components (as in 234 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 235 * either a whole RDN, or a whole type, or a value substring (as in 236 * uid=bj*,ou=people,dc=example,dc=com). 237 * 238 * @param values The values of the "request-target-dn-equal-to" property. 239 * @throws PropertyException 240 * If one or more of the new values are invalid. 241 */ 242 void setRequestTargetDNEqualTo(Collection<String> values) throws PropertyException; 243 244 245 246 /** 247 * Gets the "request-target-dn-not-equal-to" property. 248 * <p> 249 * Filters operation log records associated with operations which 250 * target entries matching none of the specified DN patterns. 251 * <p> 252 * Valid DN filters are strings composed of zero or more wildcards. 253 * A double wildcard ** replaces one or more RDN components (as in 254 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 255 * either a whole RDN, or a whole type, or a value substring (as in 256 * uid=bj*,ou=people,dc=example,dc=com). 257 * 258 * @return Returns the values of the "request-target-dn-not-equal-to" property. 259 */ 260 SortedSet<String> getRequestTargetDNNotEqualTo(); 261 262 263 264 /** 265 * Sets the "request-target-dn-not-equal-to" property. 266 * <p> 267 * Filters operation log records associated with operations which 268 * target entries matching none of the specified DN patterns. 269 * <p> 270 * Valid DN filters are strings composed of zero or more wildcards. 271 * A double wildcard ** replaces one or more RDN components (as in 272 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 273 * either a whole RDN, or a whole type, or a value substring (as in 274 * uid=bj*,ou=people,dc=example,dc=com). 275 * 276 * @param values The values of the "request-target-dn-not-equal-to" property. 277 * @throws PropertyException 278 * If one or more of the new values are invalid. 279 */ 280 void setRequestTargetDNNotEqualTo(Collection<String> values) throws PropertyException; 281 282 283 284 /** 285 * Gets the "response-etime-greater-than" property. 286 * <p> 287 * Filters operation response log records associated with operations 288 * which took longer than the specified number of milli-seconds to 289 * complete. 290 * <p> 291 * It is recommended to only use this criteria in conjunction with 292 * the "combined" output mode of the access logger, since this filter 293 * criteria is only applied to response log messages. 294 * 295 * @return Returns the value of the "response-etime-greater-than" property. 296 */ 297 Integer getResponseEtimeGreaterThan(); 298 299 300 301 /** 302 * Sets the "response-etime-greater-than" property. 303 * <p> 304 * Filters operation response log records associated with operations 305 * which took longer than the specified number of milli-seconds to 306 * complete. 307 * <p> 308 * It is recommended to only use this criteria in conjunction with 309 * the "combined" output mode of the access logger, since this filter 310 * criteria is only applied to response log messages. 311 * 312 * @param value The value of the "response-etime-greater-than" property. 313 * @throws PropertyException 314 * If the new value is invalid. 315 */ 316 void setResponseEtimeGreaterThan(Integer value) throws PropertyException; 317 318 319 320 /** 321 * Gets the "response-etime-less-than" property. 322 * <p> 323 * Filters operation response log records associated with operations 324 * which took less than the specified number of milli-seconds to 325 * complete. 326 * <p> 327 * It is recommended to only use this criteria in conjunction with 328 * the "combined" output mode of the access logger, since this filter 329 * criteria is only applied to response log messages. 330 * 331 * @return Returns the value of the "response-etime-less-than" property. 332 */ 333 Integer getResponseEtimeLessThan(); 334 335 336 337 /** 338 * Sets the "response-etime-less-than" property. 339 * <p> 340 * Filters operation response log records associated with operations 341 * which took less than the specified number of milli-seconds to 342 * complete. 343 * <p> 344 * It is recommended to only use this criteria in conjunction with 345 * the "combined" output mode of the access logger, since this filter 346 * criteria is only applied to response log messages. 347 * 348 * @param value The value of the "response-etime-less-than" property. 349 * @throws PropertyException 350 * If the new value is invalid. 351 */ 352 void setResponseEtimeLessThan(Integer value) throws PropertyException; 353 354 355 356 /** 357 * Gets the "response-result-code-equal-to" property. 358 * <p> 359 * Filters operation response log records associated with operations 360 * which include any of the specified result codes. 361 * <p> 362 * It is recommended to only use this criteria in conjunction with 363 * the "combined" output mode of the access logger, since this filter 364 * criteria is only applied to response log messages. 365 * 366 * @return Returns the values of the "response-result-code-equal-to" property. 367 */ 368 SortedSet<Integer> getResponseResultCodeEqualTo(); 369 370 371 372 /** 373 * Sets the "response-result-code-equal-to" property. 374 * <p> 375 * Filters operation response log records associated with operations 376 * which include any of the specified result codes. 377 * <p> 378 * It is recommended to only use this criteria in conjunction with 379 * the "combined" output mode of the access logger, since this filter 380 * criteria is only applied to response log messages. 381 * 382 * @param values The values of the "response-result-code-equal-to" property. 383 * @throws PropertyException 384 * If one or more of the new values are invalid. 385 */ 386 void setResponseResultCodeEqualTo(Collection<Integer> values) throws PropertyException; 387 388 389 390 /** 391 * Gets the "response-result-code-not-equal-to" property. 392 * <p> 393 * Filters operation response log records associated with operations 394 * which do not include any of the specified result codes. 395 * <p> 396 * It is recommended to only use this criteria in conjunction with 397 * the "combined" output mode of the access logger, since this filter 398 * criteria is only applied to response log messages. 399 * 400 * @return Returns the values of the "response-result-code-not-equal-to" property. 401 */ 402 SortedSet<Integer> getResponseResultCodeNotEqualTo(); 403 404 405 406 /** 407 * Sets the "response-result-code-not-equal-to" property. 408 * <p> 409 * Filters operation response log records associated with operations 410 * which do not include any of the specified result codes. 411 * <p> 412 * It is recommended to only use this criteria in conjunction with 413 * the "combined" output mode of the access logger, since this filter 414 * criteria is only applied to response log messages. 415 * 416 * @param values The values of the "response-result-code-not-equal-to" property. 417 * @throws PropertyException 418 * If one or more of the new values are invalid. 419 */ 420 void setResponseResultCodeNotEqualTo(Collection<Integer> values) throws PropertyException; 421 422 423 424 /** 425 * Gets the "search-response-is-indexed" property. 426 * <p> 427 * Filters search operation response log records associated with 428 * searches which were either indexed or unindexed. 429 * <p> 430 * It is recommended to only use this criteria in conjunction with 431 * the "combined" output mode of the access logger, since this filter 432 * criteria is only applied to response log messages. 433 * 434 * @return Returns the value of the "search-response-is-indexed" property. 435 */ 436 Boolean isSearchResponseIsIndexed(); 437 438 439 440 /** 441 * Sets the "search-response-is-indexed" property. 442 * <p> 443 * Filters search operation response log records associated with 444 * searches which were either indexed or unindexed. 445 * <p> 446 * It is recommended to only use this criteria in conjunction with 447 * the "combined" output mode of the access logger, since this filter 448 * criteria is only applied to response log messages. 449 * 450 * @param value The value of the "search-response-is-indexed" property. 451 * @throws PropertyException 452 * If the new value is invalid. 453 */ 454 void setSearchResponseIsIndexed(Boolean value) throws PropertyException; 455 456 457 458 /** 459 * Gets the "search-response-nentries-greater-than" property. 460 * <p> 461 * Filters search operation response log records associated with 462 * searches which returned more than the specified number of entries. 463 * <p> 464 * It is recommended to only use this criteria in conjunction with 465 * the "combined" output mode of the access logger, since this filter 466 * criteria is only applied to response log messages. 467 * 468 * @return Returns the value of the "search-response-nentries-greater-than" property. 469 */ 470 Integer getSearchResponseNentriesGreaterThan(); 471 472 473 474 /** 475 * Sets the "search-response-nentries-greater-than" property. 476 * <p> 477 * Filters search operation response log records associated with 478 * searches which returned more than the specified number of entries. 479 * <p> 480 * It is recommended to only use this criteria in conjunction with 481 * the "combined" output mode of the access logger, since this filter 482 * criteria is only applied to response log messages. 483 * 484 * @param value The value of the "search-response-nentries-greater-than" property. 485 * @throws PropertyException 486 * If the new value is invalid. 487 */ 488 void setSearchResponseNentriesGreaterThan(Integer value) throws PropertyException; 489 490 491 492 /** 493 * Gets the "search-response-nentries-less-than" property. 494 * <p> 495 * Filters search operation response log records associated with 496 * searches which returned less than the specified number of entries. 497 * <p> 498 * It is recommended to only use this criteria in conjunction with 499 * the "combined" output mode of the access logger, since this filter 500 * criteria is only applied to response log messages. 501 * 502 * @return Returns the value of the "search-response-nentries-less-than" property. 503 */ 504 Integer getSearchResponseNentriesLessThan(); 505 506 507 508 /** 509 * Sets the "search-response-nentries-less-than" property. 510 * <p> 511 * Filters search operation response log records associated with 512 * searches which returned less than the specified number of entries. 513 * <p> 514 * It is recommended to only use this criteria in conjunction with 515 * the "combined" output mode of the access logger, since this filter 516 * criteria is only applied to response log messages. 517 * 518 * @param value The value of the "search-response-nentries-less-than" property. 519 * @throws PropertyException 520 * If the new value is invalid. 521 */ 522 void setSearchResponseNentriesLessThan(Integer value) throws PropertyException; 523 524 525 526 /** 527 * Gets the "user-dn-equal-to" property. 528 * <p> 529 * Filters log records associated with users matching at least one 530 * of the specified DN patterns. 531 * <p> 532 * Valid DN filters are strings composed of zero or more wildcards. 533 * A double wildcard ** replaces one or more RDN components (as in 534 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 535 * either a whole RDN, or a whole type, or a value substring (as in 536 * uid=bj*,ou=people,dc=example,dc=com). 537 * 538 * @return Returns the values of the "user-dn-equal-to" property. 539 */ 540 SortedSet<String> getUserDNEqualTo(); 541 542 543 544 /** 545 * Sets the "user-dn-equal-to" property. 546 * <p> 547 * Filters log records associated with users matching at least one 548 * of the specified DN patterns. 549 * <p> 550 * Valid DN filters are strings composed of zero or more wildcards. 551 * A double wildcard ** replaces one or more RDN components (as in 552 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 553 * either a whole RDN, or a whole type, or a value substring (as in 554 * uid=bj*,ou=people,dc=example,dc=com). 555 * 556 * @param values The values of the "user-dn-equal-to" property. 557 * @throws PropertyException 558 * If one or more of the new values are invalid. 559 */ 560 void setUserDNEqualTo(Collection<String> values) throws PropertyException; 561 562 563 564 /** 565 * Gets the "user-dn-not-equal-to" property. 566 * <p> 567 * Filters log records associated with users which do not match any 568 * of the specified DN patterns. 569 * <p> 570 * Valid DN filters are strings composed of zero or more wildcards. 571 * A double wildcard ** replaces one or more RDN components (as in 572 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 573 * either a whole RDN, or a whole type, or a value substring (as in 574 * uid=bj*,ou=people,dc=example,dc=com). 575 * 576 * @return Returns the values of the "user-dn-not-equal-to" property. 577 */ 578 SortedSet<String> getUserDNNotEqualTo(); 579 580 581 582 /** 583 * Sets the "user-dn-not-equal-to" property. 584 * <p> 585 * Filters log records associated with users which do not match any 586 * of the specified DN patterns. 587 * <p> 588 * Valid DN filters are strings composed of zero or more wildcards. 589 * A double wildcard ** replaces one or more RDN components (as in 590 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 591 * either a whole RDN, or a whole type, or a value substring (as in 592 * uid=bj*,ou=people,dc=example,dc=com). 593 * 594 * @param values The values of the "user-dn-not-equal-to" property. 595 * @throws PropertyException 596 * If one or more of the new values are invalid. 597 */ 598 void setUserDNNotEqualTo(Collection<String> values) throws PropertyException; 599 600 601 602 /** 603 * Gets the "user-is-member-of" property. 604 * <p> 605 * Filters log records associated with users which are members of at 606 * least one of the specified groups. 607 * 608 * @return Returns the values of the "user-is-member-of" property. 609 */ 610 SortedSet<DN> getUserIsMemberOf(); 611 612 613 614 /** 615 * Sets the "user-is-member-of" property. 616 * <p> 617 * Filters log records associated with users which are members of at 618 * least one of the specified groups. 619 * 620 * @param values The values of the "user-is-member-of" property. 621 * @throws PropertyException 622 * If one or more of the new values are invalid. 623 */ 624 void setUserIsMemberOf(Collection<DN> values) throws PropertyException; 625 626 627 628 /** 629 * Gets the "user-is-not-member-of" property. 630 * <p> 631 * Filters log records associated with users which are not members 632 * of any of the specified groups. 633 * 634 * @return Returns the values of the "user-is-not-member-of" property. 635 */ 636 SortedSet<DN> getUserIsNotMemberOf(); 637 638 639 640 /** 641 * Sets the "user-is-not-member-of" property. 642 * <p> 643 * Filters log records associated with users which are not members 644 * of any of the specified groups. 645 * 646 * @param values The values of the "user-is-not-member-of" property. 647 * @throws PropertyException 648 * If one or more of the new values are invalid. 649 */ 650 void setUserIsNotMemberOf(Collection<DN> values) throws PropertyException; 651 652}