When handling log reading requests, a valid SSOToken must be provided. The Logging Service verifies that the requester has the proper authority, and then it retrieves the requested records from the configured log location. The LogReader class provides the mechanism to read a log file and return the appropriate data to the caller. It provides the authorization check, reads the data, applies the query (if any), and returns the result as a string. The LogQuery is constructed using the getLogQuery() method.
Reading log records from a remote client program using the client SDK is not supported.
Unless all records from a log file are to be retrieved, at least one LogQuery must be constructed. The LogQuery objects qualify the search criteria.
A LogQuery can specify a list of QueryElements, each containing a value for a field (column) and a relationship. The QueryElement supports the following relationships:
Greater than
Less than
Equal to
Not equal to
Greater than or equal to
Less than or equal to
Contains
Starts with
Ends with
Log files and tables in particular can become very large. If you specify multiple logs in a single query, create queries that are very specific or limited in the number of records to return (or both specific and limited). If a large number of records are returned, the OpenSSO Enterprise resource limits (including those of the host system) can be exceeded.
The following sample code queries for all successful authentications in realm dc=example,dc=com, and returns the time, Data, MessageID, ContextID, LoginID, and Domain fields, sorted on the LoginID field:
ArrayList al = new ArrayList(); al.add (LogConstants.TIME); al.add (LogConstants.Data); al.add (LogConstants.MESSAGE_ID); al.add (LogConstants.CONTEXT_ID); al.add (LogConstants.LOGIN_ID); al.add (LogConstants.DOMAIN); LogQuery lq = new LogQuery(LogQuery.ALL_RECORDS, LogQuery.MATCH_ALL_CONDITIONS, LogConstants.LOGIN_ID); QueryElement qe1 = new QueryElement(LogConstants.MESSAGE_ID, "AUTHENTICATION-105", QueryElement.EQ); lq.addQuery(qe1); QueryElement qe2 = new QueryElement(LogConstants.DOMAIN, "dc=example,dc=com", QueryElement.EQ); lq.addQuery(qe2); |
In this code, assuming that dc=example,dc=com is the root realm, changing the qe2 relationship field to QueryElement.EW or QueryElement.CN changes the query to include all successful authentications in all realms. To read the example query from the amAuthentication.access log, assuming presence of an SSOToken, add the following:
String[][] result = new String[1][1]; result = read("amAuthentication.access", lq, ssoToken);
The first record in a log (row 0) contains the field and column names.