16 Setting Up Logging

Adaptive Risk Manager enables detailed logging through log4j logging mechanisms.

Log4j options that Adaptive Risk Manager uses are:

• Appenders - Used to define where log output goes. Appenders can output to files, SMTP (email), JDBC (database), or even JMS. Multiple appenders of the same type can be defined.

• Loggers - Used to define to which appenders output is logged. Loggers can have multiple appenders attached to them.

This logging system is configured by placing the log4j.xml file in the web application's WEB-INF/classes folder and by specifying the log output path for appenders and the level of logging.

16.1 Pre-requisites for Email Alerts

For email alerts to work, third-party libraries must be copied into the WEB-INF/lib folder. The required files are

• activation.jar, which can be downloaded from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp

• mail.jar, which can be downloaded from http://java.sun.com/products/javamail/

16.2 Create a Log Directory

Create directories for the log files.

Oracle recommends the directory/file permission should be (rw-,r---). Only the install owner and group should be allowed to read these files due to the sensitive nature of the information that could be contained within them.

16.3 Editing the Log4j.xml Parameters

There are various parameters that can be configured in log4j.xml based on application needs.

To edit log4j.xml parameters,

1. Locate the log4j.xml file under the oarm/WEB-INF/classes/ directory.

2. Update the log output path for each appender.

3. Search for <param name="File" value=" and change the file path for the logs appropriately.

4. Configure SMTP for emailing warnings and errors (optionally).

16.4 Commonly Edited log4j.xml Parameters

A list of commonly edited log4j.xml parameters is shown below. If you want your log files to be created in a non-default location, specify the path for the log file location. Refer to the highlighted text below.

<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
        <param name="File" value="/home/logs/oarm_log.txt" />
        <param name="DatePattern" value="'.'yyyy-MM-dd-HH" />
        <layout class="org.apache.log4j.PatternLayout">
             <param name="ConversionPattern" value="%d %-5p[app=%log4j.webapp.name%] [%t] %c - %m\n" />
        </layout>
</appender>

Note:

Ensure that you have the log file location set correctly.

16.5 Levels of Alert

Output in the logs can be configured for different levels--from detailed to specific data logging--based on the application requirements and space. The set of possible levels include INFO, WARN, ERROR and FATAL.

To change the level of logging, update the value in <level value >. Refer to the example below:

<logger name="com.bharosa">
<level value="INFO" />
</logger>

<logger name="AlertEmail" additivity="false">
        <appender-ref ref="ALERT_EMAIL" />
  </logger>

Our alerts correspond to the following log4j levels:

• FATAL - for high alerts

• ERROR - for medium alerts

• WARN - for low alerts

• INFO - for details on the alerts

16.6 Fraud Detection

For "instant alert" fraud detection, we recommend setting up an SMTP appender for alerts only. Refer to the example shown below:

<appender name="ALERT_EMAIL" class="org.apache.log4j.net.SMTPAppender">
              <param name="BufferSize" value="512" />
              <param name="SMTPHost" value="localhost" />
              <param name="From" value="vadmin" />
              <param name="To" value="lenny@localhost" />
              <param name="Subject" value="[app=fauio]Log4j:Bharosa" />
              <layout class="org.apache.log4j.PatternLayout">
                   <param name="ConversionPattern" value="[%d{ISO8601}]%n%n%-5p%n%n%c%n%n%m%n%n" />
              </layout>
        </appender>

In order to use this appender, add the logger to the log4j.xml file as shown below:

<logger name="AlertEmail" additivity="false">
               <level value="fatal"/>
          <appender-ref ref="ALERT_EMAIL" />
            </logger>

16.7 Levels of Alert

Output in the logs can be configured for different levels--from detailed to specific data logging--based on the application requirements and space. The set of possible levels include INFO, WARN, ERROR and FATAL.

Our alerts correspond to the following log4j levels:

• FATAL - for high alerts

• ERROR - for medium alerts

• WARN - for low alerts

• INFO - for details on the alerts

16.8 Best Practices

Future patches or releases might overwrite your customizations; ensure that you make a backup copy of the log4j.xml file in the event that a patch is applied to the installation and you need to perform a restore.