Logging and Auditing Operations
Oracle Health Insurance Components support several levels of logging and auditing that can be used to gather and assess information about the runtime state of the system.
Types of Log Files
The following types of log files are distinguished:
-
Application log: the main purpose of this log is to report runtime errors.
-
Security log: contains information about creation of user accounts, changes to privileges and read-access to sensitive data.
-
Protected Health Information or PHI log: if the proper filter is specified, Oracle Health Insurance Components logs sensitive information like names, addresses and Web Service payloads to a specific file that can be managed separately.
Configuration of an appender
The following snippet of XML shows an example for the configuration of a log file appender for writing log statements to a file:
<configuration>
<appender name="fileAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>target/ohiApplication_%d{yyyy-MM-dd}.log</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>%d{ISO8601} [ %t ] %ohiLevel %c - %m%n</pattern>
</encoder>
<filter class="com.oracle.healthinsurance.logging.logback.OhiSecurityLevelFilter">
<inclusive>false</inclusive>
</filter>
<filter class="com.oracle.healthinsurance.utils.logging.logback.OhiPHILevelFilter">
<inclusive>false</inclusive>
</filter>
</appender>
...
</configuration>
...Explanation of some key elements:
Line 2: appender. In logback an Appender is responsible for handling the logged messages, in most cases writing them to a file or to the console. The name attribute defines the name of this specific Appender, which is used in referencing the appender. The class attribute defines the behaviour of the Appender. A RollingFileAppender writes log messages to a file that has the capability to roll over.
Line 3: rollingPolicy. This defines when a RollingFileAppender rolls over to a new file (e.g. triggered by time or file size) and what exact behaviour is used (e.g. rename the previous logfile using a pattern, move the previous logfile to a different directory). The class ch.qos.logback.core.rolling.TimeBasedRollingPolicy can be used to create a new log file everyday.
Line 4: fileNamePattern. This defines the location and name of the logfiles. For a TimeBasedRollingPolicy a valid %d conversion specifier is required. The %d conversion specifier may contain a date-and-time pattern as specified by the java.text.SimpleDateFormat class. If the date-and-time pattern is omitted, then the default pattern yyyy-MM-dd is assumed. **The rollover period is inferred from the value of fileNamePattern.
Line 6/7: The encoder is responsible for formatting the log message. The pattern defines the format of the output of the log line.
Line 9: A filter can be used to identify log messages based on most any criterium. The OhiSecurityLevelFilter and OhiPHILevelFilter filter the Securiy resp. the Phi messages. This can be used to clear this information from the regular application log.
Line 10: The inclusive tag defines whether the filtered lines should be included or excluded for the appender
For more information on logback configuration see the Logback websitehttp://logback.qos.ch/[.]
Security audit log
Oracle Health Insurance Components issues specific, security related log statements. Examples include the following:
-
2010-06-11 21:01:24,077 [ [ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' ] SECURITY com.oracle.healthinsurance.provisioning.service.impl.ProvisioningServiceImpl - User 322 with loginName FN0023P0002 was created.
-
2010-06-11 21:01:24,398 [ [ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' ] SECURITY com.oracle.healthinsurance.provisioning.service.impl.ProvisioningServiceImpl - User 322 with loginName FN0023P0002 was modified.
For auditing purposes, the setup for the security audit log is likely to be different, e.g. security audit data is retained for a longer period of time.
Security related log data can be captured in an appender by specifying filter class "com.oracle.healthinsurance.logging.logback.OhiSecurityLevelFilter" as is shown in the following example:
<appender name="securityAppender" class="ch.qos.logback.core.FileAppender">
<file>target/ohiSecurity.log</file>
<append>true</append>
<encoder>
<pattern>%d{ISO8601} [ %t ] %marker %c - %m%n</pattern>
</encoder>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>100MB</maxFileSize>
</triggeringPolicy>
<filter class="com.oracle.healthinsurance.utils.logging.logback.OhiPHILevelFilter">
false
</filter>
<filter class="com.oracle.healthinsurance.utils.logging.logback.OhiSecurityLevelFilter" />
</appender>Protected Health Information (PHI) log
Oracle Health Insurance Components logs Protected Health Information, i.e. user sensitive information like name, address, DOB and so on in a separate log file. This way, protected health information logs can be managed in a specific, perhaps more secure manner.
The message payload for all integration points is logged to the PHI log (if that is configured).
PHI related log data can be captured by applying filter "com.oracle.healthinsurance.utils.logging.logback.OhiPHILevelFilter" as is shown in the following example (in this case for writing to a file):
<appender name="phiAppender" class="ch.qos.logback.core.FileAppender">
<file>target/ohiPhi.log</file>
<append>true</append>
<encoder>
<pattern>%d{ISO8601} [ %t ] %marker %c - %m%n</pattern>
</encoder>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>100MB</maxFileSize>
</triggeringPolicy>
<filter class="com.oracle.healthinsurance.utils.logging.logback.OhiSecurityLevelFilter">
false
</filter>
<filter class="com.oracle.healthinsurance.utils.logging.logback.OhiPHILevelFilter"/>
</appender>Note:Make sure to apply the OhiPHILevelFilter for every appender, if only to prevent that Protected Health Information is not filtered and appears in logs (files or otherwise) in which it should not appear. That is, use the following configuration for all loggers that should not log protected health information:
<filter class="com.oracle.healthinsurance.utils.logging.logback.OhiPHILevelFilter">
false
</filter>Using a custom logback configuration
A default logback.xml file is bundled with Oracle Health Insurance applications. Steps for using a customized logback configuration:
-
Create a custom logback.xml configuration file.
-
Use the -Dlogback.configurationFile Java option to point to the custom configuration file. For example:
-Dlogback.configurationFile=/fully/qualified/path/to/logback.xml
Logback Log Levels
Possible log levels, in order of no logging to all logging:
-
error
-
warn
-
info
-
debug
-
trace
The Oracle Health Insurance custom level "security" and "phi" are between warn and info.
Associating a log level with an appender
The following configuration example shows how to specify the logging detail level with a specific appender:
<root level="debug">
<appender-ref ref="fileAppender" />
</root>It is also possible to customize log levels for specific parts of the system or for specific Java classes. This may be requested for support purposes.
Note:Oracle recommends to use a fileAppender for Oracle Health Insurance logging only. Do not log to the console also as this does not provide additional data (only the same data in a multiple places) and the additional logging decreases the performance of the system.
Making changes to logging
Care should be taken in changing logging parameters. For example, more fine-grained logging or logging to multiple channels impacts the performance of the system.
Logback can be configured to automatically scan its configuration file for changes. For example, with the following settings, any changes made to a logback.xml configuration file are activated after 60 seconds without restarting the system:
<configuration scan="true" scanPeriod="60 seconds">
...
</configuration>..