The Logging Service enables OpenSSO Enterprise components to record information such as access denials and approvals, authentication events, and authorization violations. Administrators can use the logs to track user actions, analyze traffic patterns, audit system usage, review authorization violations, and troubleshoot. The logged information is recorded in one centralized directory. The Client SDK enables external applications to access the Logging Service. This section contains the following:
The purpose of the Logging Service is to provide the facilities to record events that can then be used to assign responsibility for actions occurring through OpenSSO Enterprise. For example, an individual's attempts to compromise the security of OpenSSO Enterprise, and to what extent those attempts penetrate, can be monitored. A global service configuration file named amLogging.xml defines the Logging Service attributes. These attributes include configuration information such as maximum log size, log location, and log format (flat file or relational database). The attribute values are applied across the OpenSSO Enterprise deployment and inherited by every configured realm. The structure of amLogging.xml is defined by file sms.dtd.
The Logging Service is fundamentally an extension of the java.util.logging.LogManager, java.util.logging.Logger, java.util.logging.LogRecord, java.util.logging.Formatter and java.util.logging.Handler classes.
When OpenSSO Enterprise starts or when any logging configuration data is changed using the administration console, the Logging Service configuration data is loaded (or reloaded) into the Logging Service. This data includes the log message format, maximum log size, and the number of history files. Authenticated and authorized entities (for example, an application) can then use the Client SDK to access the Logging Service features from a local or remote server. The Client SDK uses an XML over HTTP layer to send logging requests to the Logging Service on the server where OpenSSO Enterprise is installed.
Log records are created using the com.sun.identity.log.LogRecord class, and then logged by authenticated and authorized entities using the com.sun.identity.log.Logger class. Log records can be logged by:
Other components of the OpenSSO Enterprise server.
Utilities installed on the OpenSSO Enterprise server system.
Other OpenSSO Enterprise servers using a second instance of OpenSSO Enterprise acting as the log server.
Remote client applications (for example, policy agents) using the OpenSSO Enterprise Logging Service.
The following table summarizes the default items logged in the LogRecord.
Table 15–1 Events Recorded in LogRecord
Event |
Description |
---|---|
Time |
The date (YYYY-MM-DD) and time (HH:MM:SS) at which the log message was recorded. This field is not configurable. |
Data |
Variable data pertaining to the log records's MESSAGE ID. This field is not configurable. |
ModuleName |
Name of the OpenSSO Enterprise service or application being logged. Additional information on the value of this field can be found in “Adding Log Data” on page 88. |
Domain |
OpenSSO Enterprise domain to which the user (whom the log record is regarding) belongs. This information is taken from the session token passed in the LogRecord(level,msg,token) call. |
LogLevel |
The Java 2 Platform, Standard Edition (J2SE) version 1.4 log level of the log record. |
LoginID |
The identifier of the user (taken from the session token) as the subject of the log record. |
IPAddress |
IP address from which the operation was performed. |
LoggedBy |
User who writes the log record. The information is taken from the session token passed during logger.log(logRecord, ssoToken). |
HostName |
Host name associated with the IP address above. This is present if the Log Record Resolve Host Name attribute is enabled. If not, the IP address is printed. |
MESSAGEID |
Non-internationalized message identifier for this log record's message. |
ContextID |
Session identifier associated with a particular login session. The session identifier is for the entity about whom the log record is regarding. |