Managing DirX Audit Message Broker

This chapter provides information on how to manage the DirX Audit Message Broker. It consists of the following sections:

  • Running the DirX Audit Message Broker service

  • Securing the Message Broker

  • Monitoring the Message Broker

Running the Message Broker Service

The DirX Audit Message Broker is based on the Apache ActiveMQ technology. To start and stop DirX Audit Message Broker, use the DirX Audit Message Broker service (dirx-audit-messagebroker on UNIX). (See the section "Message Broker System Service" in "Configuring DirX Audit" in the DirX Audit Installation Guide for details.)

If the DirX Audit Message Broker is restarted, the DirX Audit Server reconnects automatically within a minute. However, other connected servers may also need a restart to renew their connection to the DirX Audit Message Broker; for example, DirX Access Servers.

Securing the Message Broker

Securing the DirX Audit Message Broker includes securing its account passwords and using a secure HTTP connection. The next sections provide more detail about these tasks.

Configuring the Accounts

DirX Audit Message Broker is deployed with pre-configured authentication and authorization rules. Please set the account passwords for the following accounts in the Message Broker Core and Tenant Configuration:

Administrative credentials, in the Core Configuration

  • system (system)

  • webconsole admin (admin)

  • webconsole user (user)

User credentials, in the Tenant Configuration

  • dxt-tenantID-reader

  • dxt-tenantID-writer

Propagate these changes as follows:

  • dxt-tenantID-reader: Modify the configuration of the JMS collectors in the DirX Audit Server.

  • dxt-tenantID-writer: Modify the configuration of the DirX Identity JMS-Audit Handler Plug-in and DirX Access JMS-Audit Handler Plug-in.

See the sections "Message Broker Administrative Credentials” and "Common JMS Collector Credentials" in "Configuring DirX Audit" in the DirX Audit Installation Guide for details.

Using a Secure HTTP Connection

The DirX Audit Message Broker runs the HTTPS protocol by default. You can consult the Apache ActiveMQ documentation for additional information,
http://activemq.apache.org/how-do-i-use-ssl.html. See also the section “Preparing the Message Broker” in “Preparing Truststores and Keystores for SSL Configuration” in the “Installation Configurations” chapter of the DirX Audit Installation Guide.

Monitoring the Message Broker

You can monitor the traffic of the DirX Audit Message Broker. Open your Internet browser and type the URL for the Apache ActiveMQ Console:

https://host:port/admin/queues.jsp

where host specifies the server address and port the server port number; for example: https://localhost:30662/admin/queues.jsp

DirX Audit uses the predefined port number 30662.

The Apache ActiveMQ Console displays a table containing all registered message queues.

Use the following URL to display all active connections:

https://host:port/admin/connections.jsp

The Apache ActiveMQ Console displays a table containing all registered connections.

To access the Apache ActiveMQ Console, you need the credentials that you have set up in the Core Configuration Wizard. You can use both the webconsole admin account and the user account to access the console.