Log records generated for one event are entered as two separate records. The first log record records the attempt to perform an action; the second log record records the result of the attempt. The following example illustrates this two record approach.
Data: agroupSubscription1|group|/ MessageID: CONSOLE-1
and
Data: agroupSubscription1|group|/ MessageID: CONSOLE-2
In this example, CONSOLE-1 indicates an attempt to create an identity object, and CONSOLE-2 indicates that the attempt to create the identity object was successful. The root organization is noted by a forward slash (/). The variable parts of the messages (agroupSubscription1, group, and /) are separated by a pipe character (|) and continue to go into the Data field of each log record. The MessageID string is not internationalized in order to facilitate machine-readable analysis of the log records in any locale. OpenSSO Enterprise can record events in either of the following formats:
The default flat file format is the W3C Extended Log Format (ELF). OpenSSO Enterprise uses this format to record the default fields in each log record. See Recording Events for a list of default fields and their descriptions. Example 15–2 illustrates an authentication log record formatted for a flat file. The fields are in this order: Time, Data, ModuleName, MessageID, Domain, ContextID, LogLevel, LoginID, IPAddr, LoggedBy, and HostName.
"2005-08-01 16:20:28" "Login Success" LDAP AUTHENTICATION-100 dc=example,dc=com e7aac4e717dda1bd01 INFO uid=amAdmin,ou=People,dc=example,dc=com 192.18.187.152 "cn=exampleuser,ou=Example Users,dc=example,dc=com" exampleHost |
When OpenSSO Enterprise uses a relational database to log messages, the messages are stored in a database table. OpenSSO Enterprise uses Java Database Connectivity (JDBC), which provides connectivity to a wide range of databases. (Oracle® and MySQL databases are currently supported.) Table 15–2 summarizes the schema for a relational database.
Table 15–2 Relational Database Log Format