001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.client;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.forgerock.opendj.ldap.AddressMask;
033import org.opends.server.admin.ConfigurationClient;
034import org.opends.server.admin.ManagedObjectDefinition;
035import org.opends.server.admin.PropertyException;
036import org.opends.server.admin.std.meta.AccessLogFilteringCriteriaCfgDefn.LogRecordType;
037import org.opends.server.admin.std.server.AccessLogFilteringCriteriaCfg;
038import org.opends.server.types.DN;
039
040
041
042/**
043 * A client-side interface for reading and modifying Access Log
044 * Filtering Criteria settings.
045 * <p>
046 * A set of rules which together determine whether a log record should
047 * be logged or not.
048 */
049public interface AccessLogFilteringCriteriaCfgClient extends ConfigurationClient {
050
051  /**
052   * Get the configuration definition associated with this Access Log Filtering Criteria.
053   *
054   * @return Returns the configuration definition associated with this Access Log Filtering Criteria.
055   */
056  ManagedObjectDefinition<? extends AccessLogFilteringCriteriaCfgClient, ? extends AccessLogFilteringCriteriaCfg> definition();
057
058
059
060  /**
061   * Gets the "connection-client-address-equal-to" property.
062   * <p>
063   * Filters log records associated with connections which match at
064   * least one of the specified client host names or address masks.
065   * <p>
066   * Valid values include a host name, a fully qualified domain name,
067   * a domain name, an IP address, or a subnetwork with subnetwork
068   * mask.
069   *
070   * @return Returns the values of the "connection-client-address-equal-to" property.
071   */
072  SortedSet<AddressMask> getConnectionClientAddressEqualTo();
073
074
075
076  /**
077   * Sets the "connection-client-address-equal-to" property.
078   * <p>
079   * Filters log records associated with connections which match at
080   * least one of the specified client host names or address masks.
081   * <p>
082   * Valid values include a host name, a fully qualified domain name,
083   * a domain name, an IP address, or a subnetwork with subnetwork
084   * mask.
085   *
086   * @param values The values of the "connection-client-address-equal-to" property.
087   * @throws PropertyException
088   *           If one or more of the new values are invalid.
089   */
090  void setConnectionClientAddressEqualTo(Collection<AddressMask> values) throws PropertyException;
091
092
093
094  /**
095   * Gets the "connection-client-address-not-equal-to" property.
096   * <p>
097   * Filters log records associated with connections which do not
098   * match any of the specified client host names or address masks.
099   * <p>
100   * Valid values include a host name, a fully qualified domain name,
101   * a domain name, an IP address, or a subnetwork with subnetwork
102   * mask.
103   *
104   * @return Returns the values of the "connection-client-address-not-equal-to" property.
105   */
106  SortedSet<AddressMask> getConnectionClientAddressNotEqualTo();
107
108
109
110  /**
111   * Sets the "connection-client-address-not-equal-to" property.
112   * <p>
113   * Filters log records associated with connections which do not
114   * match any of the specified client host names or address masks.
115   * <p>
116   * Valid values include a host name, a fully qualified domain name,
117   * a domain name, an IP address, or a subnetwork with subnetwork
118   * mask.
119   *
120   * @param values The values of the "connection-client-address-not-equal-to" property.
121   * @throws PropertyException
122   *           If one or more of the new values are invalid.
123   */
124  void setConnectionClientAddressNotEqualTo(Collection<AddressMask> values) throws PropertyException;
125
126
127
128  /**
129   * Gets the "connection-port-equal-to" property.
130   * <p>
131   * Filters log records associated with connections to any of the
132   * specified listener port numbers.
133   *
134   * @return Returns the values of the "connection-port-equal-to" property.
135   */
136  SortedSet<Integer> getConnectionPortEqualTo();
137
138
139
140  /**
141   * Sets the "connection-port-equal-to" property.
142   * <p>
143   * Filters log records associated with connections to any of the
144   * specified listener port numbers.
145   *
146   * @param values The values of the "connection-port-equal-to" property.
147   * @throws PropertyException
148   *           If one or more of the new values are invalid.
149   */
150  void setConnectionPortEqualTo(Collection<Integer> values) throws PropertyException;
151
152
153
154  /**
155   * Gets the "connection-protocol-equal-to" property.
156   * <p>
157   * Filters log records associated with connections which match any
158   * of the specified protocols.
159   * <p>
160   * Typical values include "ldap", "ldaps", or "jmx".
161   *
162   * @return Returns the values of the "connection-protocol-equal-to" property.
163   */
164  SortedSet<String> getConnectionProtocolEqualTo();
165
166
167
168  /**
169   * Sets the "connection-protocol-equal-to" property.
170   * <p>
171   * Filters log records associated with connections which match any
172   * of the specified protocols.
173   * <p>
174   * Typical values include "ldap", "ldaps", or "jmx".
175   *
176   * @param values The values of the "connection-protocol-equal-to" property.
177   * @throws PropertyException
178   *           If one or more of the new values are invalid.
179   */
180  void setConnectionProtocolEqualTo(Collection<String> values) throws PropertyException;
181
182
183
184  /**
185   * Gets the "log-record-type" property.
186   * <p>
187   * Filters log records based on their type.
188   *
189   * @return Returns the values of the "log-record-type" property.
190   */
191  SortedSet<LogRecordType> getLogRecordType();
192
193
194
195  /**
196   * Sets the "log-record-type" property.
197   * <p>
198   * Filters log records based on their type.
199   *
200   * @param values The values of the "log-record-type" property.
201   * @throws PropertyException
202   *           If one or more of the new values are invalid.
203   */
204  void setLogRecordType(Collection<LogRecordType> values) throws PropertyException;
205
206
207
208  /**
209   * Gets the "request-target-dn-equal-to" property.
210   * <p>
211   * Filters operation log records associated with operations which
212   * target entries matching at least one of the specified DN patterns.
213   * <p>
214   * Valid DN filters are strings composed of zero or more wildcards.
215   * A double wildcard ** replaces one or more RDN components (as in
216   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
217   * either a whole RDN, or a whole type, or a value substring (as in
218   * uid=bj*,ou=people,dc=example,dc=com).
219   *
220   * @return Returns the values of the "request-target-dn-equal-to" property.
221   */
222  SortedSet<String> getRequestTargetDNEqualTo();
223
224
225
226  /**
227   * Sets the "request-target-dn-equal-to" property.
228   * <p>
229   * Filters operation log records associated with operations which
230   * target entries matching at least one of the specified DN patterns.
231   * <p>
232   * Valid DN filters are strings composed of zero or more wildcards.
233   * A double wildcard ** replaces one or more RDN components (as in
234   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
235   * either a whole RDN, or a whole type, or a value substring (as in
236   * uid=bj*,ou=people,dc=example,dc=com).
237   *
238   * @param values The values of the "request-target-dn-equal-to" property.
239   * @throws PropertyException
240   *           If one or more of the new values are invalid.
241   */
242  void setRequestTargetDNEqualTo(Collection<String> values) throws PropertyException;
243
244
245
246  /**
247   * Gets the "request-target-dn-not-equal-to" property.
248   * <p>
249   * Filters operation log records associated with operations which
250   * target entries matching none of the specified DN patterns.
251   * <p>
252   * Valid DN filters are strings composed of zero or more wildcards.
253   * A double wildcard ** replaces one or more RDN components (as in
254   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
255   * either a whole RDN, or a whole type, or a value substring (as in
256   * uid=bj*,ou=people,dc=example,dc=com).
257   *
258   * @return Returns the values of the "request-target-dn-not-equal-to" property.
259   */
260  SortedSet<String> getRequestTargetDNNotEqualTo();
261
262
263
264  /**
265   * Sets the "request-target-dn-not-equal-to" property.
266   * <p>
267   * Filters operation log records associated with operations which
268   * target entries matching none of the specified DN patterns.
269   * <p>
270   * Valid DN filters are strings composed of zero or more wildcards.
271   * A double wildcard ** replaces one or more RDN components (as in
272   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
273   * either a whole RDN, or a whole type, or a value substring (as in
274   * uid=bj*,ou=people,dc=example,dc=com).
275   *
276   * @param values The values of the "request-target-dn-not-equal-to" property.
277   * @throws PropertyException
278   *           If one or more of the new values are invalid.
279   */
280  void setRequestTargetDNNotEqualTo(Collection<String> values) throws PropertyException;
281
282
283
284  /**
285   * Gets the "response-etime-greater-than" property.
286   * <p>
287   * Filters operation response log records associated with operations
288   * which took longer than the specified number of milli-seconds to
289   * complete.
290   * <p>
291   * It is recommended to only use this criteria in conjunction with
292   * the "combined" output mode of the access logger, since this filter
293   * criteria is only applied to response log messages.
294   *
295   * @return Returns the value of the "response-etime-greater-than" property.
296   */
297  Integer getResponseEtimeGreaterThan();
298
299
300
301  /**
302   * Sets the "response-etime-greater-than" property.
303   * <p>
304   * Filters operation response log records associated with operations
305   * which took longer than the specified number of milli-seconds to
306   * complete.
307   * <p>
308   * It is recommended to only use this criteria in conjunction with
309   * the "combined" output mode of the access logger, since this filter
310   * criteria is only applied to response log messages.
311   *
312   * @param value The value of the "response-etime-greater-than" property.
313   * @throws PropertyException
314   *           If the new value is invalid.
315   */
316  void setResponseEtimeGreaterThan(Integer value) throws PropertyException;
317
318
319
320  /**
321   * Gets the "response-etime-less-than" property.
322   * <p>
323   * Filters operation response log records associated with operations
324   * which took less than the specified number of milli-seconds to
325   * complete.
326   * <p>
327   * It is recommended to only use this criteria in conjunction with
328   * the "combined" output mode of the access logger, since this filter
329   * criteria is only applied to response log messages.
330   *
331   * @return Returns the value of the "response-etime-less-than" property.
332   */
333  Integer getResponseEtimeLessThan();
334
335
336
337  /**
338   * Sets the "response-etime-less-than" property.
339   * <p>
340   * Filters operation response log records associated with operations
341   * which took less than the specified number of milli-seconds to
342   * complete.
343   * <p>
344   * It is recommended to only use this criteria in conjunction with
345   * the "combined" output mode of the access logger, since this filter
346   * criteria is only applied to response log messages.
347   *
348   * @param value The value of the "response-etime-less-than" property.
349   * @throws PropertyException
350   *           If the new value is invalid.
351   */
352  void setResponseEtimeLessThan(Integer value) throws PropertyException;
353
354
355
356  /**
357   * Gets the "response-result-code-equal-to" property.
358   * <p>
359   * Filters operation response log records associated with operations
360   * which include any of the specified result codes.
361   * <p>
362   * It is recommended to only use this criteria in conjunction with
363   * the "combined" output mode of the access logger, since this filter
364   * criteria is only applied to response log messages.
365   *
366   * @return Returns the values of the "response-result-code-equal-to" property.
367   */
368  SortedSet<Integer> getResponseResultCodeEqualTo();
369
370
371
372  /**
373   * Sets the "response-result-code-equal-to" property.
374   * <p>
375   * Filters operation response log records associated with operations
376   * which include any of the specified result codes.
377   * <p>
378   * It is recommended to only use this criteria in conjunction with
379   * the "combined" output mode of the access logger, since this filter
380   * criteria is only applied to response log messages.
381   *
382   * @param values The values of the "response-result-code-equal-to" property.
383   * @throws PropertyException
384   *           If one or more of the new values are invalid.
385   */
386  void setResponseResultCodeEqualTo(Collection<Integer> values) throws PropertyException;
387
388
389
390  /**
391   * Gets the "response-result-code-not-equal-to" property.
392   * <p>
393   * Filters operation response log records associated with operations
394   * which do not include any of the specified result codes.
395   * <p>
396   * It is recommended to only use this criteria in conjunction with
397   * the "combined" output mode of the access logger, since this filter
398   * criteria is only applied to response log messages.
399   *
400   * @return Returns the values of the "response-result-code-not-equal-to" property.
401   */
402  SortedSet<Integer> getResponseResultCodeNotEqualTo();
403
404
405
406  /**
407   * Sets the "response-result-code-not-equal-to" property.
408   * <p>
409   * Filters operation response log records associated with operations
410   * which do not include any of the specified result codes.
411   * <p>
412   * It is recommended to only use this criteria in conjunction with
413   * the "combined" output mode of the access logger, since this filter
414   * criteria is only applied to response log messages.
415   *
416   * @param values The values of the "response-result-code-not-equal-to" property.
417   * @throws PropertyException
418   *           If one or more of the new values are invalid.
419   */
420  void setResponseResultCodeNotEqualTo(Collection<Integer> values) throws PropertyException;
421
422
423
424  /**
425   * Gets the "search-response-is-indexed" property.
426   * <p>
427   * Filters search operation response log records associated with
428   * searches which were either indexed or unindexed.
429   * <p>
430   * It is recommended to only use this criteria in conjunction with
431   * the "combined" output mode of the access logger, since this filter
432   * criteria is only applied to response log messages.
433   *
434   * @return Returns the value of the "search-response-is-indexed" property.
435   */
436  Boolean isSearchResponseIsIndexed();
437
438
439
440  /**
441   * Sets the "search-response-is-indexed" property.
442   * <p>
443   * Filters search operation response log records associated with
444   * searches which were either indexed or unindexed.
445   * <p>
446   * It is recommended to only use this criteria in conjunction with
447   * the "combined" output mode of the access logger, since this filter
448   * criteria is only applied to response log messages.
449   *
450   * @param value The value of the "search-response-is-indexed" property.
451   * @throws PropertyException
452   *           If the new value is invalid.
453   */
454  void setSearchResponseIsIndexed(Boolean value) throws PropertyException;
455
456
457
458  /**
459   * Gets the "search-response-nentries-greater-than" property.
460   * <p>
461   * Filters search operation response log records associated with
462   * searches which returned more than the specified number of entries.
463   * <p>
464   * It is recommended to only use this criteria in conjunction with
465   * the "combined" output mode of the access logger, since this filter
466   * criteria is only applied to response log messages.
467   *
468   * @return Returns the value of the "search-response-nentries-greater-than" property.
469   */
470  Integer getSearchResponseNentriesGreaterThan();
471
472
473
474  /**
475   * Sets the "search-response-nentries-greater-than" property.
476   * <p>
477   * Filters search operation response log records associated with
478   * searches which returned more than the specified number of entries.
479   * <p>
480   * It is recommended to only use this criteria in conjunction with
481   * the "combined" output mode of the access logger, since this filter
482   * criteria is only applied to response log messages.
483   *
484   * @param value The value of the "search-response-nentries-greater-than" property.
485   * @throws PropertyException
486   *           If the new value is invalid.
487   */
488  void setSearchResponseNentriesGreaterThan(Integer value) throws PropertyException;
489
490
491
492  /**
493   * Gets the "search-response-nentries-less-than" property.
494   * <p>
495   * Filters search operation response log records associated with
496   * searches which returned less than the specified number of entries.
497   * <p>
498   * It is recommended to only use this criteria in conjunction with
499   * the "combined" output mode of the access logger, since this filter
500   * criteria is only applied to response log messages.
501   *
502   * @return Returns the value of the "search-response-nentries-less-than" property.
503   */
504  Integer getSearchResponseNentriesLessThan();
505
506
507
508  /**
509   * Sets the "search-response-nentries-less-than" property.
510   * <p>
511   * Filters search operation response log records associated with
512   * searches which returned less than the specified number of entries.
513   * <p>
514   * It is recommended to only use this criteria in conjunction with
515   * the "combined" output mode of the access logger, since this filter
516   * criteria is only applied to response log messages.
517   *
518   * @param value The value of the "search-response-nentries-less-than" property.
519   * @throws PropertyException
520   *           If the new value is invalid.
521   */
522  void setSearchResponseNentriesLessThan(Integer value) throws PropertyException;
523
524
525
526  /**
527   * Gets the "user-dn-equal-to" property.
528   * <p>
529   * Filters log records associated with users matching at least one
530   * of the specified DN patterns.
531   * <p>
532   * Valid DN filters are strings composed of zero or more wildcards.
533   * A double wildcard ** replaces one or more RDN components (as in
534   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
535   * either a whole RDN, or a whole type, or a value substring (as in
536   * uid=bj*,ou=people,dc=example,dc=com).
537   *
538   * @return Returns the values of the "user-dn-equal-to" property.
539   */
540  SortedSet<String> getUserDNEqualTo();
541
542
543
544  /**
545   * Sets the "user-dn-equal-to" property.
546   * <p>
547   * Filters log records associated with users matching at least one
548   * of the specified DN patterns.
549   * <p>
550   * Valid DN filters are strings composed of zero or more wildcards.
551   * A double wildcard ** replaces one or more RDN components (as in
552   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
553   * either a whole RDN, or a whole type, or a value substring (as in
554   * uid=bj*,ou=people,dc=example,dc=com).
555   *
556   * @param values The values of the "user-dn-equal-to" property.
557   * @throws PropertyException
558   *           If one or more of the new values are invalid.
559   */
560  void setUserDNEqualTo(Collection<String> values) throws PropertyException;
561
562
563
564  /**
565   * Gets the "user-dn-not-equal-to" property.
566   * <p>
567   * Filters log records associated with users which do not match any
568   * of the specified DN patterns.
569   * <p>
570   * Valid DN filters are strings composed of zero or more wildcards.
571   * A double wildcard ** replaces one or more RDN components (as in
572   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
573   * either a whole RDN, or a whole type, or a value substring (as in
574   * uid=bj*,ou=people,dc=example,dc=com).
575   *
576   * @return Returns the values of the "user-dn-not-equal-to" property.
577   */
578  SortedSet<String> getUserDNNotEqualTo();
579
580
581
582  /**
583   * Sets the "user-dn-not-equal-to" property.
584   * <p>
585   * Filters log records associated with users which do not match any
586   * of the specified DN patterns.
587   * <p>
588   * Valid DN filters are strings composed of zero or more wildcards.
589   * A double wildcard ** replaces one or more RDN components (as in
590   * uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces
591   * either a whole RDN, or a whole type, or a value substring (as in
592   * uid=bj*,ou=people,dc=example,dc=com).
593   *
594   * @param values The values of the "user-dn-not-equal-to" property.
595   * @throws PropertyException
596   *           If one or more of the new values are invalid.
597   */
598  void setUserDNNotEqualTo(Collection<String> values) throws PropertyException;
599
600
601
602  /**
603   * Gets the "user-is-member-of" property.
604   * <p>
605   * Filters log records associated with users which are members of at
606   * least one of the specified groups.
607   *
608   * @return Returns the values of the "user-is-member-of" property.
609   */
610  SortedSet<DN> getUserIsMemberOf();
611
612
613
614  /**
615   * Sets the "user-is-member-of" property.
616   * <p>
617   * Filters log records associated with users which are members of at
618   * least one of the specified groups.
619   *
620   * @param values The values of the "user-is-member-of" property.
621   * @throws PropertyException
622   *           If one or more of the new values are invalid.
623   */
624  void setUserIsMemberOf(Collection<DN> values) throws PropertyException;
625
626
627
628  /**
629   * Gets the "user-is-not-member-of" property.
630   * <p>
631   * Filters log records associated with users which are not members
632   * of any of the specified groups.
633   *
634   * @return Returns the values of the "user-is-not-member-of" property.
635   */
636  SortedSet<DN> getUserIsNotMemberOf();
637
638
639
640  /**
641   * Sets the "user-is-not-member-of" property.
642   * <p>
643   * Filters log records associated with users which are not members
644   * of any of the specified groups.
645   *
646   * @param values The values of the "user-is-not-member-of" property.
647   * @throws PropertyException
648   *           If one or more of the new values are invalid.
649   */
650  void setUserIsNotMemberOf(Collection<DN> values) throws PropertyException;
651
652}