Access Manager can record events in either of the following formats:
The default flat file format is the W3C Extended Log Format (ELF). Access Manager uses this format to record the default fields in each log record. See Recorded Events for a list of default fields and their descriptions. The following example illustrates an authentication log record formatted for a flat file. The fields are in this order: Time, Data, ModuleName, MessageID, Domain, ContextID, LogLevel, LoginID, IPAddr, LoggedBy, and HostName.
"2005-08-01 16:20:28" "Login Success" LDAP AUTHENTICATION-100 dc=example,dc=com e7aac4e717dda1bd01 INFO uid=amAdmin,ou=People,dc=example,dc=com 192.18.187.152 "cn=exampleuser,ou=Example Users,dc=example,dc=com" exampleHost |
When Access Manager uses a relational database to log messages, the messages are stored in a database table. Access Manager uses Java Database Connectivity (JDBC) to access the database table. JDBC provides connectivity to a wide range of SQL databases. JDBC also provides access to other tabular data sources such as spreadsheets or flat files. Oracle® and MySQL databases are currently supported.
For log records generated by Access Manager, the Data and MessageID fields are used slightly differently than in previous versions of Access Manager. Starting with this version of Access Manager, the MessageID field is introduced as a template for types of log messages. For example, in previous versions, Access Manager would generate the following message in the Data field:
Data: "Created group cn=agroupSubscription1,ou=Groups,dc=iplanet,dc=com"
In this version of Access Manager, two log records are recorded for the one event:
Data: agroupSubscription1|group|/ MessageID: CONSOLE-1
and
Data: agroupSubscription1|group|/ MessageID: CONSOLE-2
These log records reflect the use of identities and realms. In this example, CONSOLE-1 indicates an attempt to create an identity object, and CONSOLE-2 indicates the attempt to create an identity object was successful. The root organization notation (dc=iplanet,dc=com) is replaced with a forward slash (/). The variable parts of the messages (agroupSubscription1, group, and /) are separated by a pipe character (|), and continue to go into the Data field of each log record. The MessagID string is not internationalized in order to facilitate machine-readable analysis of the log records in any locale.
The following table summarizes the schema for a relational database.
Table 6–2 Relational Database Log Format