001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.server;
027
028
029
030import java.util.SortedSet;
031import org.forgerock.opendj.ldap.AddressMask;
032import org.opends.server.admin.Configuration;
033import org.opends.server.admin.server.ConfigurationChangeListener;
034import org.opends.server.admin.std.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType;
035import org.opends.server.types.DN;
036
037
038
039/**
040 * A server-side interface for querying Access Log Filtering Criteria
041 * settings.
042 * <p>
043 * A set of rules which together determine whether a log record should
044 * be logged or not.
045 */
046public interface AccessLogFilteringCriteriaCfg extends Configuration {
047
048  /**
049   * Gets the configuration class associated with this Access Log Filtering Criteria.
050   *
051   * @return Returns the configuration class associated with this Access Log Filtering Criteria.
052   */
053  Class<? extends AccessLogFilteringCriteriaCfg> configurationClass();
054
055
056
057  /**
058   * Register to be notified when this Access Log Filtering Criteria is changed.
059   *
060   * @param listener
061   *          The Access Log Filtering Criteria configuration change listener.
062   */
063  void addChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener);
064
065
066
067  /**
068   * Deregister an existing Access Log Filtering Criteria configuration change listener.
069   *
070   * @param listener
071   *          The Access Log Filtering Criteria configuration change listener.
072   */
073  void removeChangeListener(ConfigurationChangeListener<AccessLogFilteringCriteriaCfg> listener);
074
075
076
077  /**
078   * Gets the "connection-client-address-equal-to" property.
079   * <p>
080   * Filters log records associated with connections which match at
081   * least one of the specified client host names or address masks.
082   * <p>
083   * Valid values include a host name, a fully qualified domain name,
084   * a domain name, an IP address, or a subnetwork with subnetwork
085   * mask.
086   *
087   * @return Returns an unmodifiable set containing the values of the "connection-client-address-equal-to" property.
088   */
089  SortedSet<AddressMask> getConnectionClientAddressEqualTo();
090
091
092
093  /**
094   * Gets the "connection-client-address-not-equal-to" property.
095   * <p>
096   * Filters log records associated with connections which do not
097   * match any of the specified client host names or address masks.
098   * <p>
099   * Valid values include a host name, a fully qualified domain name,
100   * a domain name, an IP address, or a subnetwork with subnetwork
101   * mask.
102   *
103   * @return Returns an unmodifiable set containing the values of the "connection-client-address-not-equal-to" property.
104   */
105  SortedSet<AddressMask> getConnectionClientAddressNotEqualTo();
106
107
108
109  /**
110   * Gets the "connection-port-equal-to" property.
111   * <p>
112   * Filters log records associated with connections to any of the
113   * specified listener port numbers.
114   *
115   * @return Returns an unmodifiable set containing the values of the "connection-port-equal-to" property.
116   */
117  SortedSet<Integer> getConnectionPortEqualTo();
118
119
120
121  /**
122   * Gets the "connection-protocol-equal-to" property.
123   * <p>
124   * Filters log records associated with connections which match any
125   * of the specified protocols.
126   * <p>
127   * Typical values include "ldap", "ldaps", or "jmx".
128   *
129   * @return Returns an unmodifiable set containing the values of the "connection-protocol-equal-to" property.
130   */
131  SortedSet<String> getConnectionProtocolEqualTo();
132
133
134
135  /**
136   * Gets the "log-record-type" property.
137   * <p>
138   * Filters log records based on their type.
139   *
140   * @return Returns an unmodifiable set containing the values of the "log-record-type" property.
141   */
142  SortedSet<LogRecordType> getLogRecordType();
143
144
145
146  /**
147   * Gets the "request-target-dn-equal-to" property.
148   * <p>
149   * Filters operation log records associated with operations which
150   * target entries matching at least one of the specified DN patterns.
151   * <p>
152   * Valid DN filters are strings composed of zero or more wildcards.
153   * A double wildcard ** replaces one or more RDN components (as in
154   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
155   * either a whole RDN, or a whole type, or a value substring (as in
156   * uid=bj*,ou=people,dc=example,dc=com).
157   *
158   * @return Returns an unmodifiable set containing the values of the "request-target-dn-equal-to" property.
159   */
160  SortedSet<String> getRequestTargetDNEqualTo();
161
162
163
164  /**
165   * Gets the "request-target-dn-not-equal-to" property.
166   * <p>
167   * Filters operation log records associated with operations which
168   * target entries matching none of the specified DN patterns.
169   * <p>
170   * Valid DN filters are strings composed of zero or more wildcards.
171   * A double wildcard ** replaces one or more RDN components (as in
172   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
173   * either a whole RDN, or a whole type, or a value substring (as in
174   * uid=bj*,ou=people,dc=example,dc=com).
175   *
176   * @return Returns an unmodifiable set containing the values of the "request-target-dn-not-equal-to" property.
177   */
178  SortedSet<String> getRequestTargetDNNotEqualTo();
179
180
181
182  /**
183   * Gets the "response-etime-greater-than" property.
184   * <p>
185   * Filters operation response log records associated with operations
186   * which took longer than the specified number of milli-seconds to
187   * complete.
188   * <p>
189   * It is recommended to only use this criteria in conjunction with
190   * the "combined" output mode of the access logger, since this filter
191   * criteria is only applied to response log messages.
192   *
193   * @return Returns the value of the "response-etime-greater-than" property.
194   */
195  Integer getResponseEtimeGreaterThan();
196
197
198
199  /**
200   * Gets the "response-etime-less-than" property.
201   * <p>
202   * Filters operation response log records associated with operations
203   * which took less than the specified number of milli-seconds to
204   * complete.
205   * <p>
206   * It is recommended to only use this criteria in conjunction with
207   * the "combined" output mode of the access logger, since this filter
208   * criteria is only applied to response log messages.
209   *
210   * @return Returns the value of the "response-etime-less-than" property.
211   */
212  Integer getResponseEtimeLessThan();
213
214
215
216  /**
217   * Gets the "response-result-code-equal-to" property.
218   * <p>
219   * Filters operation response log records associated with operations
220   * which include any of the specified result codes.
221   * <p>
222   * It is recommended to only use this criteria in conjunction with
223   * the "combined" output mode of the access logger, since this filter
224   * criteria is only applied to response log messages.
225   *
226   * @return Returns an unmodifiable set containing the values of the "response-result-code-equal-to" property.
227   */
228  SortedSet<Integer> getResponseResultCodeEqualTo();
229
230
231
232  /**
233   * Gets the "response-result-code-not-equal-to" property.
234   * <p>
235   * Filters operation response log records associated with operations
236   * which do not include any of the specified result codes.
237   * <p>
238   * It is recommended to only use this criteria in conjunction with
239   * the "combined" output mode of the access logger, since this filter
240   * criteria is only applied to response log messages.
241   *
242   * @return Returns an unmodifiable set containing the values of the "response-result-code-not-equal-to" property.
243   */
244  SortedSet<Integer> getResponseResultCodeNotEqualTo();
245
246
247
248  /**
249   * Gets the "search-response-is-indexed" property.
250   * <p>
251   * Filters search operation response log records associated with
252   * searches which were either indexed or unindexed.
253   * <p>
254   * It is recommended to only use this criteria in conjunction with
255   * the "combined" output mode of the access logger, since this filter
256   * criteria is only applied to response log messages.
257   *
258   * @return Returns the value of the "search-response-is-indexed" property.
259   */
260  Boolean isSearchResponseIsIndexed();
261
262
263
264  /**
265   * Gets the "search-response-nentries-greater-than" property.
266   * <p>
267   * Filters search operation response log records associated with
268   * searches which returned more than the specified number of entries.
269   * <p>
270   * It is recommended to only use this criteria in conjunction with
271   * the "combined" output mode of the access logger, since this filter
272   * criteria is only applied to response log messages.
273   *
274   * @return Returns the value of the "search-response-nentries-greater-than" property.
275   */
276  Integer getSearchResponseNentriesGreaterThan();
277
278
279
280  /**
281   * Gets the "search-response-nentries-less-than" property.
282   * <p>
283   * Filters search operation response log records associated with
284   * searches which returned less than the specified number of entries.
285   * <p>
286   * It is recommended to only use this criteria in conjunction with
287   * the "combined" output mode of the access logger, since this filter
288   * criteria is only applied to response log messages.
289   *
290   * @return Returns the value of the "search-response-nentries-less-than" property.
291   */
292  Integer getSearchResponseNentriesLessThan();
293
294
295
296  /**
297   * Gets the "user-dn-equal-to" property.
298   * <p>
299   * Filters log records associated with users matching at least one
300   * of the specified DN patterns.
301   * <p>
302   * Valid DN filters are strings composed of zero or more wildcards.
303   * A double wildcard ** replaces one or more RDN components (as in
304   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
305   * either a whole RDN, or a whole type, or a value substring (as in
306   * uid=bj*,ou=people,dc=example,dc=com).
307   *
308   * @return Returns an unmodifiable set containing the values of the "user-dn-equal-to" property.
309   */
310  SortedSet<String> getUserDNEqualTo();
311
312
313
314  /**
315   * Gets the "user-dn-not-equal-to" property.
316   * <p>
317   * Filters log records associated with users which do not match any
318   * of the specified DN patterns.
319   * <p>
320   * Valid DN filters are strings composed of zero or more wildcards.
321   * A double wildcard ** replaces one or more RDN components (as in
322   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
323   * either a whole RDN, or a whole type, or a value substring (as in
324   * uid=bj*,ou=people,dc=example,dc=com).
325   *
326   * @return Returns an unmodifiable set containing the values of the "user-dn-not-equal-to" property.
327   */
328  SortedSet<String> getUserDNNotEqualTo();
329
330
331
332  /**
333   * Gets the "user-is-member-of" property.
334   * <p>
335   * Filters log records associated with users which are members of at
336   * least one of the specified groups.
337   *
338   * @return Returns an unmodifiable set containing the values of the "user-is-member-of" property.
339   */
340  SortedSet<DN> getUserIsMemberOf();
341
342
343
344  /**
345   * Gets the "user-is-not-member-of" property.
346   * <p>
347   * Filters log records associated with users which are not members
348   * of any of the specified groups.
349   *
350   * @return Returns an unmodifiable set containing the values of the "user-is-not-member-of" property.
351   */
352  SortedSet<DN> getUserIsNotMemberOf();
353
354}