Minor Description
The etc/broker_example.acl file currently contains an example of what users probably dont usually want to do with regards to logging ACL events for admin management users.
By using ALLOW-LOG or DENY-LOG for all of the rules, this will have the result of logging a lot of extraneous info to do with individual JMX calls to retrieve attributes, get mbeaninfo, perform instanceof checks etc. Just having managemetn consoles (our own, Jconsole, etc) will produce a lot of log spam as a result when they poll for new info.
What most users probably want typically is to allow 'read only' events by permissioning the 'ACCESS' operations using ALLOW and then seperately permission the others with ALLOW-LOG, thus removing the noise and ensuring only operations that can actually cause change are logged, e.g:
ACL ALLOW admin ACCESS METHOD ACL ALLOW-LOG admin ALL METHOD