back to all blogsSee all blog posts

Collect Liberty audit logs with OpenTelemetry in 25.0.0.2-beta

image of author
David Mueller on Feb 11, 2025
announcements , microprofile , release , beta , monitoring ,
Post available in languages:

In this release, you can configure the MicroProfile Telemetry 2.0 feature to send your Liberty audit logs to the OpenTelemetry collector. You can then manage audit logs with the same solutions you use for other Liberty log sources.

Providing Liberty audit logs to OpenTelemetry using MicroProfile Telemetry 2.0

MicroProfile Telemetry 2.0 delivers the latest OpenTelemetry technology, enabling the collection and export of metrics and logs in addition to distributed tracing.

The Open Liberty Audit feature captures security-related events from the runtime environment and emits human-readable audit records to a file-based log. You can now collect Liberty audit logs and send them to your configured OpenTelemetry exporter by using the MicroProfile Telemetry 2.0 feature (mpTelemetry-2.0) with the Audit feature (audit-1.0 or audit-2.0). This update builds on existing capabilities for other Open Liberty runtime log sources (message, trace, and ffdc) and application logs generated by the java.util.logging (JUL) component.

To collect audit logs, add either the audit-1.0 or audit-2.0 feature and the mpTelemetry-2.0 feature to your server.xml file. Configure the new audit log source to the source attribute for the mpTelemetry server configuration element, as shown in the following example:

Copied to clipboard
<featureManager>
   <feature>audit-2.0</feature>
   <feature>mpTelemetry-2.0</feature>
</featureManager>

<mpTelemetry source="audit"/>

You can also configure which audit events are captured and routed to OpenTelemetry by specifying audit events and outcomes in the auditFileHandler element, as shown in the following example:

Copied to clipboard
<auditFileHandler maxFiles="5" maxFileSize="20" compact="true">
    <events name="AuditEvent_1" eventName="SECURITY_AUTHN" outcome="SUCCESS"/>
    <events name="AuditEvent_2" eventName="SECURITY_AUTHN" outcome="REDIRECT"/>
    <events name="AuditEvent_3" eventName="SECURITY_AUTHN" outcome="FAILURE"/>
    <events name="AuditEvent_4" eventName="SECURITY_AUTHZ"/>
</auditFileHandler>

For more information about the Audit feature, see the feature documentation. For more information about using OpenTelemetry as a comprehensive observability solution, see Collect logs, metrics, and traces with OpenTelemetry.

See also previous Open Liberty beta blog posts.

Try it now

To try out these features, update your build tools to pull the Open Liberty All Beta Features package instead of the main release. The beta works with Java SE 23, Java SE 21, Java SE 17, Java SE 11, and Java SE 8.

If you’re using Maven, you can install the All Beta Features package using:

Copied to clipboard
<plugin>
    <groupId>io.openliberty.tools</groupId>
    <artifactId>liberty-maven-plugin</artifactId>
    <version>3.11.2</version>
    <configuration>
        <runtimeArtifact>
          <groupId>io.openliberty.beta</groupId>
          <artifactId>openliberty-runtime</artifactId>
          <version>25.0.0.2-beta</version>
          <type>zip</type>
        </runtimeArtifact>
    </configuration>
</plugin>

You must also add dependencies to your pom.xml file for the beta version of the APIs that are associated with the beta features that you want to try. For example, the following block adds dependencies for two example beta APIs:

Copied to clipboard
<dependency>
    <groupId>org.example.spec</groupId>
    <artifactId>exampleApi</artifactId>
    <version>7.0</version>
    <type>pom</type>
    <scope>provided</scope>
</dependency>
<dependency>
    <groupId>example.platform</groupId>
    <artifactId>example.example-api</artifactId>
    <version>11.0.0</version>
    <scope>provided</scope>
</dependency>

Or for Gradle:

Copied to clipboard
buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'io.openliberty.tools:liberty-gradle-plugin:3.9.2'
    }
}
apply plugin: 'liberty'
dependencies {
    libertyRuntime group: 'io.openliberty.beta', name: 'openliberty-runtime', version: '[25.0.0.2-beta,)'
}

Or if you’re using container images:

Copied to clipboard
FROM icr.io/appcafe/open-liberty:beta

Or take a look at our Downloads page.

If you’re using IntelliJ IDEA, Visual Studio Code or Eclipse IDE, you can also take advantage of our open source Liberty developer tools to enable effective development, testing, debugging and application management all from within your IDE.

For more information on using a beta release, refer to the Installing Open Liberty beta releases documentation.

We welcome your feedback

Let us know what you think on our mailing list. If you hit a problem, post a question on StackOverflow. If you hit a bug, please raise an issue.