PingAuthorize Server Documentation Index
Configuration Reference Home

JSON Formatted Audit Log Publisher

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

Note: this is an abstract component that cannot be instantiated.

JSON Formatted Audit Log Publishers format audit log messages (which provide details about changes applied through add, delete, modify, and modify DN operations) as JSON objects. The content will be formatted as an LDIF change record, but other fields will provide additional metadata about the operation.

Direct Subcomponents
Parent Component
Relations from This Component
Properties
dsconfig Usage

Direct Subcomponents

The following JSON Formatted Audit Log Publishers are available in the server :

These JSON Formatted Audit Log Publishers inherit from the properties described below.

Parent Component

The JSON Formatted Audit Log Publisher component inherits from the Access Log Publisher

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ logging-error-behavior
Log File Management Basic Properties: Advanced Properties:
↓ write-multi-line-messages  None
Log Messages To Include Basic Properties: Advanced Properties:
↓ log-security-negotiation  None
↓ suppress-internal-operations
↓ suppress-replication-operations
Log Message Elements To Include Basic Properties: Advanced Properties:
↓ use-reversible-form ↓ include-thread-id
↓ obscure-attribute
↓ exclude-attribute
↓ include-product-name
↓ include-instance-name
↓ include-startup-id
↓ include-requester-dn
↓ include-requester-ip-address
↓ include-request-controls
↓ include-response-controls

Basic Properties

description

Property Group
General Configuration
Description
A description for this Log Publisher
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the Log Publisher is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

logging-error-behavior

Property Group
General Configuration
Description
Specifies the behavior that the server should exhibit if an error occurs during logging processing.
Default Value
standard-error
Allowed Values
standard-error - Write a message to standard error in the event of a logging failure.

lockdown-mode - Place the server in lockdown mode in the event of a logging failure.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

write-multi-line-messages

Property Group
Log File Management
Description
Indicates whether the JSON objects should use a multi-line representation (with each object field and array value on its own line) that may be easier for administrators to read, but each message will be larger (because of additional spaces and end-of-line markers), and it may be more difficult to consume and parse through some text-oriented tools.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-security-negotiation

Property Group
Log Messages To Include
Description
Indicates whether to log information about the result of any security negotiation (e.g., SSL handshake) processing that has been performed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-internal-operations

Property Group
Log Messages To Include
Description
Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-replication-operations

Property Group
Log Messages To Include
Description
Indicates whether access messages that are generated by replication operations should be suppressed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

use-reversible-form

Property Group
Log Message Elements To Include
Description
Indicates whether the audit log should be written in reversible form so that it is possible to revert the changes if desired. If this property is set true then the audit log is written in reversible form. For delete operations there will be comments with the contents of the entry. For modify operations the changes will only contain delete of the previous values and add of the new values (omitting those that didn't change). For modify DN operations there will be comments with the attribute additions or deletions, if any, caused by the RDN change.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

obscure-attribute

Property Group
Log Message Elements To Include
Description
Specifies the names of any attribute types that should have their values obscured in the audit log because they may be considered sensitive. Note that values are not obscured from any DN.
Default Value
None
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

exclude-attribute

Property Group
Log Message Elements To Include
Description
Specifies the names of any attribute types that should be excluded from the audit log.
Default Value
ds-sync-hist
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

include-product-name

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the product name for the PingAuthorize Server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-instance-name

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the instance name for the PingAuthorize Server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-startup-id

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the startup ID for the PingAuthorize Server, which is a value assigned to the server instance at startup and may be used to identify when the server has been restarted.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-dn

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include the DN of the authenticated user for the client connection on which the operation was requested.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-ip-address

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include the IP address of the client that requested the operation.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-controls

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include a list of the OIDs of any controls included in the request.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-response-controls

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation results should include a list of the OIDs of any controls included in the result.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

include-thread-id (Advanced Property)

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the thread ID for the PingAuthorize Server in each log message. This ID can be used to correlate log messages from the same thread within a single log as well as generated by the same thread across different types of log files. More information about the thread with a specific ID can be obtained using the cn=JVM Stack Trace,cn=monitor entry.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Log Publishers:

dsconfig list-log-publishers
     [--property {propertyName}] ...

To view the configuration for an existing Log Publisher:

dsconfig get-log-publisher-prop
     --publisher-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Publisher:

dsconfig set-log-publisher-prop
     --publisher-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To delete an existing Log Publisher:

dsconfig delete-log-publisher
     --publisher-name {name}