qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: Message auditing in C++ broker
Date Wed, 12 Mar 2014 17:10:18 GMT
> I assume the audit log doesn't need to be synced in anyway, i.e. if the
> machine the broker is on has a sudden power failure, its accepted that the
> activity actually recorded on disk may not be fully up to date?
Yes, I assume it would be acceptable to lose some minor parts of
information in case of rare situations like power failure.

> Would the queues being audited generally be durable or might they also be
> transient? (and what about the persistence of messages)?
In most cases persistent messages in durable queues. Having the auditing
for non-persistent messages / non-durable queues might be nice, but not
100% necessary. Such messages are unreliable anyway, so when they get lost
it is not an unexpected event - therefore one might not need an extensive
audit trail to see all the details about them.

> Would tcpdump be a possible route? I.e. capture all the AMQP data in and
> out of the broker, and perhaps then asynchronously process that into a more
> useful form in a database of some kind?
I don't think so. Large part of the communication is SSL encrypted - I
don't think it is possible to decrypt the stream without having the private
keys from both sides. Or is it? I actually never tried it.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message