Audit Rules File
The ec-probe-rules.xml file defines what level of information is passed to Event Collector for auditing or publishing.
This file is located in the TIBCO ActiveMatrix BPM configuration directory. For example, C:\ProgramData\amx-bpm\tibco\data\bpm\amx.bpm.app\configuration folder.
This file:
- controls which messages and attributes are to be included in local logging and which of those are to be sent to Event Collector for processing.
- includes an example rule showing how some of the user-defined work item attributes can be included in auditing of specific events.
The ec-probe-rules.xml file defines two channels:
For each of these channels, the file defines the rules that determine what messages are eligible to be handled by that channel, and the message processes that define what is to be done with the eligible messages.
<channel name="default_centralec" target="CENTRALEC"> <rules> <rule name="BDSMessages_centralec" ruleOrder="600"> <filter> <component>BDS</component> <messageIds> <messageId>BDS_GLOBAL_DATA_CREATE_CASE</messageId> .... <messageId>BDS_GLOBAL_DATA_DELETE_DATA_VIEW</messageId> </messageIds> </filter> <action> <messageProcess>CentralECAuditProcessNoManagedObjectDetails</messageProcess> </action> </rule> <rule name="AuditMessages" ruleOrder="800"> <filter> <messageIds> <messageId>BX_INSTANCE_TASKS_CREATED</messageId> ... <messageId>BX_TEMPLATE_UNDEPLOYED</messageId> </messageIds> </filter> <action> <messageProcess>CentralECAuditProcessExclusions</messageProcess> </action> </rule> <rule name="BDSErrorWarnRule" ruleOrder="990"> <filter> <component>BDS</component> <severities> <severity>ERROR</severity> </severities> </filter> <action> <messageProcess>CentralECErrWarnProcessNoManagedObjectDetails</messageProcess> </action> </rule> <rule name="BaseErrorWarnRule" ruleOrder="1000"> <filter> <severities> <severity>ERROR</severity> </severities> </filter> <action> <messageProcess>CentralECErrWarnProcess</messageProcess> </action> </rule> </rules> </channel>
It has by default four rules, each rule defining the messages eligible for a different message process. The rule AuditMessages defines the AUDIT-level messages eligible to be sent to the central Event Collector to be processed. (In the illustration, the long list of eligible messages between the <messageIDs and tags has been mostly omitted, in order to show the rest of the channel definition more clearly.) The rule definition also specifies the message process used to handle the messages eligible under this rule, in this case the CentralECAuditProcess.
<messageProcessDefinition name="LocalLoggingProcess"> </messageProcessDefinition> <messageProcessDefinition name="CentralECAuditProcess"> <includedAttributesList> <allPrimaries>true</allPrimaries> </includedAttributesList> </messageProcessDefinition> <messageProcessDefinition name="CentralECAuditProcessExclusions" parentMessageProcess="CentralECAuditProcess"> <excludedAttributesList> <!-- Comment the following line out to enable central auditing of the Generic Attributes --> <attributeSet>genericAttributes</attributeSet> </excludedAttributesList> </messageProcessDefinition> <messageProcessDefinition name="CentralECErrWarnProcess"> </messageProcessDefinition> <messageProcessDefinition name="CentralECErrWarnProcessNoManagedObjectDetails" parentMessageProcess="CentralECErrWarnProcess"> <excludedAttributesList> <attribute>managedObjectDetails</attribute> </excludedAttributesList> </messageProcessDefinition>
Note that CentralECAuditProcess includes a line defining that all primary attributes are to be included.
See "Using Attributes in Query Filters", in "Working with Events", in the TIBCO ActiveMatrix BPM Developer’s Guide.