001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.server; 027 028 029 030import java.util.SortedSet; 031import org.forgerock.opendj.ldap.AddressMask; 032import org.opends.server.admin.Configuration; 033import org.opends.server.admin.server.ConfigurationChangeListener; 034import org.opends.server.admin.std.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType; 035import org.opends.server.types.DN; 036 037 038 039/** 040 * A server-side interface for querying Access Log Filtering Criteria 041 * settings. 042 * <p> 043 * A set of rules which together determine whether a log record should 044 * be logged or not. 045 */ 046public interface AccessLogFilteringCriteriaCfg extends Configuration { 047 048 /** 049 * Gets the configuration class associated with this Access Log Filtering Criteria. 050 * 051 * @return Returns the configuration class associated with this Access Log Filtering Criteria. 052 */ 053 Class<? extends AccessLogFilteringCriteriaCfg> configurationClass(); 054 055 056 057 /** 058 * Register to be notified when this Access Log Filtering Criteria is changed. 059 * 060 * @param listener 061 * The Access Log Filtering Criteria configuration change listener. 062 */ 063 void addChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener); 064 065 066 067 /** 068 * Deregister an existing Access Log Filtering Criteria configuration change listener. 069 * 070 * @param listener 071 * The Access Log Filtering Criteria configuration change listener. 072 */ 073 void removeChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener); 074 075 076 077 /** 078 * Gets the "connection-client-address-equal-to" property. 079 * <p> 080 * Filters log records associated with connections which match at 081 * least one of the specified client host names or address masks. 082 * <p> 083 * Valid values include a host name, a fully qualified domain name, 084 * a domain name, an IP address, or a subnetwork with subnetwork 085 * mask. 086 * 087 * @return Returns an unmodifiable set containing the values of the "connection-client-address-equal-to" property. 088 */ 089 SortedSet<AddressMask> getConnectionClientAddressEqualTo(); 090 091 092 093 /** 094 * Gets the "connection-client-address-not-equal-to" property. 095 * <p> 096 * Filters log records associated with connections which do not 097 * match any of the specified client host names or address masks. 098 * <p> 099 * Valid values include a host name, a fully qualified domain name, 100 * a domain name, an IP address, or a subnetwork with subnetwork 101 * mask. 102 * 103 * @return Returns an unmodifiable set containing the values of the "connection-client-address-not-equal-to" property. 104 */ 105 SortedSet<AddressMask> getConnectionClientAddressNotEqualTo(); 106 107 108 109 /** 110 * Gets the "connection-port-equal-to" property. 111 * <p> 112 * Filters log records associated with connections to any of the 113 * specified listener port numbers. 114 * 115 * @return Returns an unmodifiable set containing the values of the "connection-port-equal-to" property. 116 */ 117 SortedSet<Integer> getConnectionPortEqualTo(); 118 119 120 121 /** 122 * Gets the "connection-protocol-equal-to" property. 123 * <p> 124 * Filters log records associated with connections which match any 125 * of the specified protocols. 126 * <p> 127 * Typical values include "ldap", "ldaps", or "jmx". 128 * 129 * @return Returns an unmodifiable set containing the values of the "connection-protocol-equal-to" property. 130 */ 131 SortedSet<String> getConnectionProtocolEqualTo(); 132 133 134 135 /** 136 * Gets the "log-record-type" property. 137 * <p> 138 * Filters log records based on their type. 139 * 140 * @return Returns an unmodifiable set containing the values of the "log-record-type" property. 141 */ 142 SortedSet<LogRecordType> getLogRecordType(); 143 144 145 146 /** 147 * Gets the "request-target-dn-equal-to" property. 148 * <p> 149 * Filters operation log records associated with operations which 150 * target entries matching at least one of the specified DN patterns. 151 * <p> 152 * Valid DN filters are strings composed of zero or more wildcards. 153 * A double wildcard ** replaces one or more RDN components (as in 154 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 155 * either a whole RDN, or a whole type, or a value substring (as in 156 * uid=bj*,ou=people,dc=example,dc=com). 157 * 158 * @return Returns an unmodifiable set containing the values of the "request-target-dn-equal-to" property. 159 */ 160 SortedSet<String> getRequestTargetDNEqualTo(); 161 162 163 164 /** 165 * Gets the "request-target-dn-not-equal-to" property. 166 * <p> 167 * Filters operation log records associated with operations which 168 * target entries matching none of the specified DN patterns. 169 * <p> 170 * Valid DN filters are strings composed of zero or more wildcards. 171 * A double wildcard ** replaces one or more RDN components (as in 172 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 173 * either a whole RDN, or a whole type, or a value substring (as in 174 * uid=bj*,ou=people,dc=example,dc=com). 175 * 176 * @return Returns an unmodifiable set containing the values of the "request-target-dn-not-equal-to" property. 177 */ 178 SortedSet<String> getRequestTargetDNNotEqualTo(); 179 180 181 182 /** 183 * Gets the "response-etime-greater-than" property. 184 * <p> 185 * Filters operation response log records associated with operations 186 * which took longer than the specified number of milli-seconds to 187 * complete. 188 * <p> 189 * It is recommended to only use this criteria in conjunction with 190 * the "combined" output mode of the access logger, since this filter 191 * criteria is only applied to response log messages. 192 * 193 * @return Returns the value of the "response-etime-greater-than" property. 194 */ 195 Integer getResponseEtimeGreaterThan(); 196 197 198 199 /** 200 * Gets the "response-etime-less-than" property. 201 * <p> 202 * Filters operation response log records associated with operations 203 * which took less than the specified number of milli-seconds to 204 * complete. 205 * <p> 206 * It is recommended to only use this criteria in conjunction with 207 * the "combined" output mode of the access logger, since this filter 208 * criteria is only applied to response log messages. 209 * 210 * @return Returns the value of the "response-etime-less-than" property. 211 */ 212 Integer getResponseEtimeLessThan(); 213 214 215 216 /** 217 * Gets the "response-result-code-equal-to" property. 218 * <p> 219 * Filters operation response log records associated with operations 220 * which include any of the specified result codes. 221 * <p> 222 * It is recommended to only use this criteria in conjunction with 223 * the "combined" output mode of the access logger, since this filter 224 * criteria is only applied to response log messages. 225 * 226 * @return Returns an unmodifiable set containing the values of the "response-result-code-equal-to" property. 227 */ 228 SortedSet<Integer> getResponseResultCodeEqualTo(); 229 230 231 232 /** 233 * Gets the "response-result-code-not-equal-to" property. 234 * <p> 235 * Filters operation response log records associated with operations 236 * which do not include any of the specified result codes. 237 * <p> 238 * It is recommended to only use this criteria in conjunction with 239 * the "combined" output mode of the access logger, since this filter 240 * criteria is only applied to response log messages. 241 * 242 * @return Returns an unmodifiable set containing the values of the "response-result-code-not-equal-to" property. 243 */ 244 SortedSet<Integer> getResponseResultCodeNotEqualTo(); 245 246 247 248 /** 249 * Gets the "search-response-is-indexed" property. 250 * <p> 251 * Filters search operation response log records associated with 252 * searches which were either indexed or unindexed. 253 * <p> 254 * It is recommended to only use this criteria in conjunction with 255 * the "combined" output mode of the access logger, since this filter 256 * criteria is only applied to response log messages. 257 * 258 * @return Returns the value of the "search-response-is-indexed" property. 259 */ 260 Boolean isSearchResponseIsIndexed(); 261 262 263 264 /** 265 * Gets the "search-response-nentries-greater-than" property. 266 * <p> 267 * Filters search operation response log records associated with 268 * searches which returned more than the specified number of entries. 269 * <p> 270 * It is recommended to only use this criteria in conjunction with 271 * the "combined" output mode of the access logger, since this filter 272 * criteria is only applied to response log messages. 273 * 274 * @return Returns the value of the "search-response-nentries-greater-than" property. 275 */ 276 Integer getSearchResponseNentriesGreaterThan(); 277 278 279 280 /** 281 * Gets the "search-response-nentries-less-than" property. 282 * <p> 283 * Filters search operation response log records associated with 284 * searches which returned less than the specified number of entries. 285 * <p> 286 * It is recommended to only use this criteria in conjunction with 287 * the "combined" output mode of the access logger, since this filter 288 * criteria is only applied to response log messages. 289 * 290 * @return Returns the value of the "search-response-nentries-less-than" property. 291 */ 292 Integer getSearchResponseNentriesLessThan(); 293 294 295 296 /** 297 * Gets the "user-dn-equal-to" property. 298 * <p> 299 * Filters log records associated with users matching at least one 300 * of the specified DN patterns. 301 * <p> 302 * Valid DN filters are strings composed of zero or more wildcards. 303 * A double wildcard ** replaces one or more RDN components (as in 304 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 305 * either a whole RDN, or a whole type, or a value substring (as in 306 * uid=bj*,ou=people,dc=example,dc=com). 307 * 308 * @return Returns an unmodifiable set containing the values of the "user-dn-equal-to" property. 309 */ 310 SortedSet<String> getUserDNEqualTo(); 311 312 313 314 /** 315 * Gets the "user-dn-not-equal-to" property. 316 * <p> 317 * Filters log records associated with users which do not match any 318 * of the specified DN patterns. 319 * <p> 320 * Valid DN filters are strings composed of zero or more wildcards. 321 * A double wildcard ** replaces one or more RDN components (as in 322 * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces 323 * either a whole RDN, or a whole type, or a value substring (as in 324 * uid=bj*,ou=people,dc=example,dc=com). 325 * 326 * @return Returns an unmodifiable set containing the values of the "user-dn-not-equal-to" property. 327 */ 328 SortedSet<String> getUserDNNotEqualTo(); 329 330 331 332 /** 333 * Gets the "user-is-member-of" property. 334 * <p> 335 * Filters log records associated with users which are members of at 336 * least one of the specified groups. 337 * 338 * @return Returns an unmodifiable set containing the values of the "user-is-member-of" property. 339 */ 340 SortedSet<DN> getUserIsMemberOf(); 341 342 343 344 /** 345 * Gets the "user-is-not-member-of" property. 346 * <p> 347 * Filters log records associated with users which are not members 348 * of any of the specified groups. 349 * 350 * @return Returns an unmodifiable set containing the values of the "user-is-not-member-of" property. 351 */ 352 SortedSet<DN> getUserIsNotMemberOf(); 353 354}