Support mirroring Liberty audit events to console log

mirskifa · mirskifa · commit 6d86e856cb61 · 2025-05-30T14:29:58.000+01:00
diff --git a/cmd/runmqserver/logging.go b/cmd/runmqserver/logging.go
@@ -100,9 +100,53 @@ func formatBasic(obj map[string]interface{}) string {
 	// Convert time zone information from some logs (e.g. Liberty) for consistency
 	obj["ibm_datetime"] = strings.Replace(obj["ibm_datetime"].(string), "+0000", "Z", 1)
 	// Escape any new-line characters, so that we don't get multi-line messages messing up the output
-	obj["message"] = strings.ReplaceAll(obj["message"].(string), "\n", "\\n")
+	if message, found := obj["message"]; found {
+		obj["message"] = strings.ReplaceAll(message.(string), "\n", "\\n")
+	}
+
+	switch obj["type"] {
+	case "liberty_audit":
+		timestamp := obj["ibm_datetime"]
+		checkFields := []string{
+			"ibm_audit_eventName",
+			"ibm_audit_eventSequenceNumber",
+			"ibm_audit_outcome",
+			"ibm_audit_reason.reasonCode",
+			"ibm_audit_reason.reasonType",
+			"ibm_audit_observer.id",
+			"ibm_audit_observer.name",
+			"ibm_audit_initiator.host.address",
+			"ibm_audit_initiator.host.agent",
+			"ibm_audit_target.id",
+			"ibm_audit_target.host.address",
+			"ibm_audit_target.credential.token",
+			"ibm_audit_target.method",
+			"ibm_audit_target.name",
+			"ibm_audit_target.jmx.mbean.action",
+			"ibm_audit_target.jmx.mbean.name",
+			"ibm_audit_target.session",
+			"ibm_audit_eventTime",
+		}
+
+		msg := strings.Builder{}
+		msg.WriteString(timestamp.(string))
+		msg.WriteString(" AUDIT:")
+		for _, field := range checkFields {
+			fieldVal, found := obj[field]
+			if !found {
+				continue
+			}
+			displayName := strings.TrimPrefix(field, "ibm_audit_")
+
+			msg.WriteByte(' ')
+			msg.WriteString(displayName)
+			msg.WriteByte('=')
+			msg.WriteString(fmt.Sprintf("%#v", fieldVal))
+		}
+		msg.WriteByte('\n')
 
-	if obj["type"] != nil && (obj["type"] == "liberty_trace") {
+		return msg.String()
+	case "liberty_trace":
 		timeStamp := obj["ibm_datetime"]
 		threadID := ""
 		srtModuleName := ""
diff --git a/cmd/runmqserver/logging_test.go b/cmd/runmqserver/logging_test.go
@@ -28,24 +28,49 @@ var formatBasicTests = []struct {
 	outContains string
 }{
 	{
-		[]byte("{\"ibm_datetime\":\"2020/06/24 00:00:00\",\"message\":\"Hello world\"}"),
+		[]byte(`{"ibm_datetime":"2020/06/24 00:00:00","message":"Hello world"}`),
 		"Hello",
 	},
 	{
-		[]byte("{\"ibm_datetime\":\"2020/06/24 00:00:00\",\"message\":\"Hello world\", \"ibm_commentInsert1\":\"foo\"}"),
+		[]byte(`{"ibm_datetime":"2020/06/24 00:00:00","message":"Hello world", "ibm_commentInsert1":"foo"}`),
 		"CommentInsert1(foo)",
 	},
 	{
-		[]byte("{\"ibm_datetime\":\"2020/06/24 00:00:00\",\"message\":\"Hello world\", \"ibm_arithInsert1\":1}"),
+		[]byte(`{"ibm_datetime":"2020/06/24 00:00:00","message":"Hello world", "ibm_arithInsert1":1}`),
 		"ArithInsert1(1)",
 	},
+	{
+		[]byte(`{
+			"ibm_audit_eventName": "SECURITY_AUTHN",
+			"ibm_audit_eventSequenceNumber": "47",
+			"ibm_audit_eventTime": "2025-05-29T12:08:24.056+0000",
+			"ibm_audit_initiator.host.address": "10.254.16.2",
+			"ibm_audit_observer.id": "websphere: cp4i-audit-test-ibm-mq-0.qm.mq-test.svc.cluster.local:/mnt/mqm/data/web/installations/Installation1/:mqweb",
+			"ibm_audit_observer.name": "SecurityService",
+			"ibm_audit_outcome": "success",
+			"ibm_audit_reason.reasonCode": "200",
+			"ibm_audit_reason.reasonType": "HTTPS",
+			"ibm_audit_target.credential.token": "mquser1",
+			"ibm_audit_target.host.address": "10.254.16.109:9443",
+			"ibm_audit_target.id": "websphere: cp4i-audit-test-ibm-mq-0.qm.mq-test.svc.cluster.local:/mnt/mqm/data/web/installations/Installation1/:mqweb",
+			"ibm_audit_target.method": "GET",
+			"ibm_audit_target.name": "/ibmmq/console/",
+			"ibm_audit_target.session": "Vu5GA1hXQEyFRqmYH5mWlGS",
+			"ibm_datetime": "2025-05-29T12:08:24.057Z",
+			"type": "liberty_audit"
+		}`),
+		`AUDIT: eventName="SECURITY_AUTHN" eventSequenceNumber="47" outcome="success" reason.reasonCode="200" reason.reasonType="HTTPS" observer.id="websphere: cp4i-audit-test-ibm-mq-0.qm.mq-test.svc.cluster.local:/mnt/mqm/data/web/installations/Installation1/:mqweb" observer.name="SecurityService" initiator.host.address="10.254.16.2" target.id="websphere: cp4i-audit-test-ibm-mq-0.qm.mq-test.svc.cluster.local:/mnt/mqm/data/web/installations/Installation1/:mqweb" target.host.address="10.254.16.109:9443" target.credential.token="mquser1" target.method="GET" target.name="/ibmmq/console/" target.session="Vu5GA1hXQEyFRqmYH5mWlGS" eventTime="2025-05-29T12:08:24.056+0000"`,
+	},
 }
 
 func TestFormatBasic(t *testing.T) {
 	for i, table := range formatBasicTests {
 		t.Run(fmt.Sprintf("%v", i), func(t *testing.T) {
 			var inObj map[string]interface{}
-			json.Unmarshal(table.in, &inObj)
+			err := json.Unmarshal(table.in, &inObj)
+			if err != nil {
+				t.Fatalf("Error unmarshalling: %s", err.Error())
+			}
 			t.Logf("Unmarshalled: %+v", inObj)
 			out := formatBasic(inObj)
 			if !strings.Contains(out, table.outContains) {
