There are two different types of service log files: access and error. Access log files may contain records of action attempts and successful results. Error log files record errors that occur within the OpenSSO Enterprise services. Flat log files are appended with the .error or .access extension. Database column names end with _ERROR or _ACCESS for an Oracle database, or _error or _access for MySQL databases. For example, a flat file logging console events is named amConsole.access, while a database column logging the same events is named AMCONSOLE_ACCESS. The following sections describe the log files recorded by the Logging Service.
The Logging Service records the following events for the Session Service:
Login
Logout
Session Idle TimeOut
Session Max TimeOut
Failed To Login
Session Reactivation
Session Destroy
The session logs are prefixed with amSSO.
The OpenSSO Enterprise console logs record the creation, deletion, and modification of identity-related entities, policies, and services including, among others, realms, users, policies, and groups. It also records modifications of user attributes including passwords and the addition of users to or removal from groups. Additionally, the console logs record delegation and data store activities. The console logs are prefixed with amConsole.
Authentication component logs user logins and logouts. The authentication logs are prefixed with amAuthentication.
The Federation component logs federation-related events including, but not limited to, the creation of a circle of trust and the creation of a Hosted Provider. The federation logs are prefixed with amFederation.
The Policy component records policy-related events including, but not limited to, policy administration (policy creation, deletion and modification) and policy evaluation. The policy logs are prefixed with amPolicy.
The policy agent logs are responsible for logging exceptions regarding log resources that were either allowed or denied to a user. The agent logs are prefixed with amAgent. amAgent logs reside on the agent server only. Agent events are logged on the OpenSSO Enterprise server in the Authentication Logs. For more information on this function, see the documentation for the policy agent in question.
The SAML component records SAML-related events including, but not limited to, assertion and artifact creation or removal, response and request details, and SOAP errors. The session logs are prefixed with amSAML.
The ssoadm logs record events that occur during operations using the ssoadm command line tool. These include operations that have OpenSSO administration console equivalents. The ssoadm command line logs are located in the logging directory specified when running the setup script for the administration tools unzipped from ssoAdminTools.zip. The main logs are prefixed with ssoadm; other task-related log files are also have access and error suffixes.