Logging Overview
The Logging Service enables Access Manager services to record information such as access denials, access approvals, authentication events, and authorization violations. Administrators can use the logs to track user actions, analyze traffic patterns, audit system usage, review authorization violations, and troubleshoot. The logged information from all Access Manager services is recorded in one centralized directory. The default location for all Access Manager log files is /var/opt/SUNWam/logs. Logging client APIs enable external applications to access the Logging framework. This section contains the following:
Logging Service
The Logging Service stores the attributes and values for the logging function. A global service configuration file named amLogging.xml defines the Logging attributes. Examples of Logging Service attributes are maximum log size, log location, and log format (flat file or relational database). The attribute values are applied across the Access Manager deployment and inherited by every configured realm. By default, amLogging.xml is located in the directory /etc/opt/SUNWam/config/xml when Access Manager is installed in a Solaris environment. (When installed on Windows, the directory is jes-install-dir\identity\config\xml; on HP-UX the directory is /etc/opt/sun/identity/config/xml.) The structure of amLogging.xml is defined by file sms.dtd.
Logging Configuration
When Access Manager starts or when any logging configuration data is changed using the Access Manager console, the logging configuration data is loaded (or reloaded) into the Logging Service. This data includes the log message format, log file name, maximum log size, and the number of history files. Applications can use the client APIs to access the Logging features from a local or remote server. The client APIs use an XML-over-HTTP layer to send logging requests to the Logging component on the server where Access Manager is installed.
Recorded Events
The client passes the Logging Service logs information to the com.sun.identity.log.LogRecord class. The following table summarizes the items logged by default in the LogRecord.
Table 6–1 Events Recorded in LogRecord|
Event |
Description |
|---|---|
|
Time |
The date (YYYY-MM-DD) and time (HH:MM:SS) at which the log message was recorded. This field is not configurable. |
|
Data |
Variable data pertaining to the log records's MESSAGE ID. This field is not configurable. |
|
Module Name |
Name of the Access Manager service or application being logged. Additional information on the value of this field can be found in “Adding Log Data” on page 88. |
|
Domain |
Access Manager domain to which the user belongs. |
|
Log Level |
The Java 2 Platform, Standard Edition (J2SE) version 1.4 log level of the log record. |
|
Login ID |
ID of the user as the subject of the log record. The user ID is taken from the session token. |
|
IP Address |
IP address from which the operation was performed. |
|
Logged By |
User who writes the log record. The information is taken from the session token passed during logger.log(logRecord, ssoToken). |
|
Host Name |
Host name associated with the IP Address above. |
|
MessageID |
Non-internationalized message identifier for this log record's message. |
|
ContextID |
Identifier associated with a particular login session. |
- © 2010, Oracle Corporation and/or its affiliates