Controlling Log output on JBOSS Servers

Apache Log4j is a java based utility and can be used with many servers for controlling logging.

This article will discuss combination of Log4j with JBoss server.

We will only talk about manipulation with the properties file and will not cover the programming aspects.

Log4j supports the following Log levels:

1. FATAL: Sever errors that cause the program to crash.
2. ERROR: Runtime errors or unexpected conditions.
3. WARN: Simple warnings (e.g for unused API's etc)
4. INFO: Runtime events ranging from startup to shutdown.
5. DEBUG: Detailed information about the activity of system.
6. TRACE: Much detailed information about system activity.

Please bear in mind that if you turn the logging level to DEBUG / TRACE, there will be a lot of information being produced in log files.

Following files need to be edited:

{JBOSS-installation}/server/{instance-name}/conf/jboss-log4j.xml

Edit it, you will see values like: 

< priority value = "INFO" />

change these values to whichever level suits your requirements.

Restart the server afterwards.

Securing JBoss Server

Some cases you require secure access to JBOSS Web Console or JMX console.

Following are the guidelines :

Secure JMX Console

1. To secure the JMX Console using a username/password file
2. Locate the jmx-console.war directory. This will normally be in $ (jboss.server.home.dir ) / deploy directory.
3. Edit WEB-INF/web.xml and uncomment the security-constraint block.
4. Edit WEB-INF/classes/jmx-console-users.properties or server/default/conf/props/jmx-console-users.properties (version >=4.0.2) and WEB-INF/classes/jmx-console-roles.properties or server/default/conf/props/jmx-console-roles.properties (version >=4.0.2) and change the users and passwords to what you desire. They will need the JBossAdmin role specified in the web.xml file to run the JMX Console.
5. Edit WEB-INF/jboss-web.xml and uncomment the security-domain block. The security-domain value of jmx-console maps is declared in the login-config.xml JAAS configuration file which defines how authentication and authorization is done.

Securing Web Console

Repeat the above steps for the Web Console but use the following path:

1. $ (jboss.server.home.dir )/ deploy / management/console-mgr.sar/web-console.war/web-inf/jboss-web.xml
2. $ (jboss.server.home.dir )/ deploy / management/console-mgr.sar/web-console.war/web-inf/web.xml
3. $ (jboss.server.home.dir )/ deploy / management/console-mgr.sar/web-console.war/web-inf/classes/web-console-users.properties
4. $ (jboss.server.home.dir )/ deploy / management/console-mgr.sar/web-console.war/web-inf/classes/web-console-roles.properties

Useful Links:

1. http://www.jboss.org/community/wiki/SecureTheJmxConsole
2. https://jira.jboss.org/jira/browse/SECURITY-31