Sun OpenSSO Enterprise 8.0 Technical Overview

Log File Formats and Log File Types

The following sections contain information about OpenSSO Enterprise log files:

Log File Formats

Log records generated for one event are entered as two separate records. The first log record records the attempt to perform an action; the second log record records the result of the attempt. The following example illustrates this two record approach.


Example 15–1 Log Record Example

Data:	 agroupSubscription1|group|/
MessageID:	CONSOLE-1

and

Data:	agroupSubscription1|group|/
MessageID:	CONSOLE-2

In this example, CONSOLE-1 indicates an attempt to create an identity object, and CONSOLE-2 indicates that the attempt to create the identity object was successful. The root organization is noted by a forward slash (/). The variable parts of the messages (agroupSubscription1, group, and /) are separated by a pipe character (|) and continue to go into the Data field of each log record. The MessageID string is not internationalized in order to facilitate machine-readable analysis of the log records in any locale. OpenSSO Enterprise can record events in either of the following formats:

Flat File Format

The default flat file format is the W3C Extended Log Format (ELF). OpenSSO Enterprise uses this format to record the default fields in each log record. See Recording Events for a list of default fields and their descriptions. Example 15–2 illustrates an authentication log record formatted for a flat file. The fields are in this order: Time, Data, ModuleName, MessageID, Domain, ContextID, LogLevel, LoginID, IPAddr, LoggedBy, and HostName.


Example 15–2 Flat File Record From amAuthentication.access


"2005-08-01 16:20:28"   "Login Success" LDAP    AUTHENTICATION-100 
   dc=example,dc=com       e7aac4e717dda1bd01      INFO 
uid=amAdmin,ou=People,dc=example,dc=com 192.18.187.152 
"cn=exampleuser,ou=Example Users,dc=example,dc=com" exampleHost

Relational Database Format

When OpenSSO Enterprise uses a relational database to log messages, the messages are stored in a database table. OpenSSO Enterprise uses Java Database Connectivity (JDBC), which provides connectivity to a wide range of databases. (Oracle® and MySQL databases are currently supported.) Table 15–2 summarizes the schema for a relational database.

Table 15–2 Relational Database Log Format

Column Name 

Data Type 

Description 

TIME

Date (Oracle) 

DateTime (MySQL) 

The format is YYYY-MM-DD HH24:MI:SS (Oracle) or %Y-%m-%d %H:%i:%s (MySQL). The formats are specified in the Logging Service attributes. 

DATA

CLOB (Oracle) 

LONGTEXT (MySQL) 

The data type is specified in the Logging Service attributes. 

MODULENAME

VARCHAR(255) 

Name of the OpenSSO Enterprise component invoking the log record. 

DOMAIN

VARCHAR(255) 

OpenSSO Enterprise domain of the user. 

LOGLEVEL

VARCHAR(255) 

JDK 1.4 log level of the log record. 

LOGINID

VARCHAR(255) 

Login ID of the user who performed the logged operation. 

IPADDR

VARCHAR(255) 

IP Address of the machine from which the logged operation was performed. 

LOGGEDBY

VARCHAR(255) 

Login ID of the user who writes the log record. 

HOSTNAME

VARCHAR(255) 

Host name of machine from which the logged operation was performed. 

MESSAGEID

VARCHAR(255) 

Non-internationalized message identifier for this log record's message. 

CONTEXTID

VARCHAR(255) 

Identifier associated with a particular login session. 

Log File Types: Error and Access

Access log files and error log files are the two types of log files used in OpenSSO Enterprise. Access log files record general auditing information concerning the OpenSSO Enterprise deployment. An access log may contain a single record for an event (such as a successful authentication), or multiple records for the same event. For example, when an administrator uses the console to change an attribute value, the Logging Service logs the attempt to change in one record but, it also logs the results of the execution of the change in a second record. Error log files record errors that occur within the application. While an operation error is recorded in the error log, the operation attempt is recorded in the access log file.

Flat log files are appended with the .error or .access extension. Database column names end with _ERROR or _ACCESS. For example, a flat file logging console events is named amConsole.access while a database column logging the same events is named AMCONSOLE_ACCESS or amConsole_access.


Note –

The period (.) separator in a log filename is converted to an underscore (_) in database formats. Also in databases, table names may be converted to all upper case. For example, amConsole.access may be converted to AMCONSOLE_ACCESS, or it may be converted to amConsole_access.