This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Audit Logging
Skip to end of metadata
Go to start of metadata

For many secured environments there's a requirement to log every user management action. For that ActiveMQ implements audit logging, which means that every management action made through JMX or Web Console management interface will be logged and available for later inspection.

Audit logging comes pre-configured with the distribution, so it's very easy to turn it on or off. All you have to do is to set org.apache.activemq.audit system property.  From 5.16.0 the value can be one of "true|entry|exit|all". When the value is all or exit, the audit captures the time the JMX operation completed. You can do that by uncommenting the following line in the startup script:

ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS -Dorg.apache.activemq.audit=true"

The actual logs are by default stored in ${ACTIVEMQ_HOME}/data/audit.log and for secured broker you may expect entries similar to the following:

2010-12-22 12:12:07,225 | INFO  | admin requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' 
secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from | qtp12205619-39
2010-12-22 12:12:14,512 | INFO  | admin requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' 
secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from | qtp12205619-36
2010-12-22 12:12:17,802 | INFO  | admin requested /admin/sendMessage.action [JMSTimeToLive='' JMSXGroupSeq='' AMQ_SCHEDULED_DELAY='' JMSType='' 
JMSMessageCountHeader='JMSXMessageCounter' JMSXGroupID='' JMSReplyTo='' JMSDestination='test' AMQ_SCHEDULED_PERIOD='' JMSText='Enter some text 
here for the message body...' JMSDestinationType='queue' AMQ_SCHEDULED_CRON='' JMSCorrelationID='' AMQ_SCHEDULED_REPEAT='' JMSMessageCount='1' 
secret='a0e1df62-14d6-4425-82a2-17aa01a16e7d' JMSPriority='' ] from | qtp12205619-37


2010-12-22 12:12:57,553 | INFO  | admin called[] | RMI TCP Connection(8)-
2010-12-22 12:13:21,976 | INFO  | admin called[] | RMI TCP Connection(8)-
2010-12-22 12:13:32,457 | INFO  | admin called[message] | RMI TCP Connection(6)-

In this example you can see sample entries for actions taken both in Web Console or via JMX. Log entries contain info like:

  • username (if available), or "anonymous" otherwise
  • Operation performed, which in JMX case is the method name and request URL if the operation is performed over web
  • Parameters used for the operation and
  • IP address from which call has been made

A default location of the audit log can be configured in ${ACTIVEMQ_HOME}/conf/

  • No labels