1. Qpid
  2. QPID-4079

C++ Broker needs log messages to track object life cycles for auditing


    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.16
    • Fix Version/s: 0.19
    • Component/s: C++ Broker
    • Labels:


      The C++ broker logs are unfriendly and incomplete for customers who are hoping to audit system usage. Missing are log artifacts to expose which user created, used, or destroyed which resource.

      The proposed improvement adds INFO level log statements for the creation, destruction, and major state changes to connection, session, and subscription objects, and to exchange, queue, and binding objects.

      From this set of log messages a user could determine what user from what client system address created a connection, what sessions were created on that connection, and what subscriptions were created on those sessions. Similarly the exchange-binding-queue objects would have enough in their log messages to correlate the interactions between them.

      The log message for the destruction of an object would contain a record of all the management statistics kept for that object. Then, working through the log records a customer could attribute broker usage back to specific users.

      This class of log message has been requested by customers using Security Information and Event Management (SIEM) systems to scrape information from broker event logs.


        Justin Ross made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Chuck Rolke made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 0.19 [ 12322452 ]
        Resolution Fixed [ 1 ]
        Chuck Rolke created issue -


          • Assignee:
            Chuck Rolke
          • Votes:
            0 Vote for this issue
            2 Start watching this issue


            • Created: