PingAuthorize Server Documentation Index
Configuration Reference Home

Syslog JSON Access Log Publisher

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Syslog JSON Access Log Publisher can be used to write JSON-formatted access log messages to a syslog server.

Parent Component
Relations from This Component
Properties
dsconfig Usage

Parent Component

The Syslog JSON Access Log Publisher component inherits from the JSON Formatted Access Log Publisher

Relations from This Component

The following components have a direct aggregation relation from Syslog JSON Access Log Publishers:

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ logging-error-behavior
Syslog Configuration Basic Properties: Advanced Properties:
↓ syslog-external-server ↓ queue-size
↓ syslog-facility
↓ syslog-severity
↓ syslog-message-host-name
↓ syslog-message-application-name
Log Messages To Include Basic Properties: Advanced Properties:
↓ log-connects  None
↓ log-disconnects
↓ log-security-negotiation
↓ log-client-certificates
↓ log-requests
↓ log-results
↓ log-search-entries
↓ log-search-references
↓ log-intermediate-responses
↓ suppress-internal-operations
↓ suppress-replication-operations
↓ correlate-requests-and-results
Log Message Elements To Include Basic Properties: Advanced Properties:
↓ include-product-name ↓ include-thread-id
↓ include-instance-name
↓ include-startup-id
↓ include-requester-dn
↓ include-requester-ip-address
↓ include-request-details-in-result-messages
↓ include-request-details-in-search-entry-messages
↓ include-request-details-in-search-reference-messages
↓ include-request-details-in-intermediate-response-messages
↓ include-result-code-names
↓ include-extended-search-request-details
↓ include-add-attribute-names
↓ include-modify-attribute-names
↓ include-search-entry-attribute-names
↓ include-request-controls
↓ include-response-controls
Other Configuration Basic Properties: Advanced Properties:
 None ↓ max-string-length

Basic Properties

description

Property Group
General Configuration
Description
A description for this Log Publisher
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the Log Publisher is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

logging-error-behavior

Property Group
General Configuration
Description
Specifies the behavior that the server should exhibit if an error occurs during logging processing.
Default Value
standard-error
Allowed Values
standard-error - Write a message to standard error in the event of a logging failure.

lockdown-mode - Place the server in lockdown mode in the event of a logging failure.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

syslog-external-server

Property Group
Syslog Configuration
Description
The syslog server to which messages should be sent. Multiple servers can be configured for the sake of redundancy. If multiple servers are configured, then they must all be configured to communicate over TCP (with or without TLS encryption). When sending a syslog message, servers will be tried in the order in which they are listed.
Default Value
None
Allowed Values
The DN of any Syslog External Server.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

syslog-facility

Property Group
Syslog Configuration
Description
The syslog facility to use for the messages that are logged by this Syslog JSON Access Log Publisher.
Default Value
system-daemons
Allowed Values
user-level-messages - A facility that is commonly used for messages logged by user applications running on the system. This facility has an integer value of 1.

system-daemons - A facility that is commonly used for messages logged by daemon processes running on the system. This facility has an integer value of 3.

security-and-authorization - A facility that is commonly used for messages related to security and authorization-related processing. This facility has an integer value of 4.

security-and-authorization-alternative - An alternative facility for messages related to security and authorization-related processing. This facility has an integer value of 10.

log-audit - A facility for messages related to log audit processing. This facility has an integer value of 13.

log-alert - A facility for messages related to log alert processing. This facility has an integer value of 14.

local-use-0 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 16.

local-use-1 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 17.

local-use-2 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 18.

local-use-3 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 19.

local-use-4 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 20.

local-use-5 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 21.

local-use-6 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 22.

local-use-7 - A facility that does not have any predefined purpose and may be used for any arbitrary purpose. This facility has an integer value of 23.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

syslog-severity

Property Group
Syslog Configuration
Description
The syslog severity to use for the messages that are logged by this Syslog JSON Access Log Publisher.
Default Value
informational
Allowed Values
emergency - A severity that is commonly used for messages indicating that the system is unusable. This severity has an integer value of 0.

alert - A severity that is commonly used for messages that require immediate administrative action. This severity has an integer value of 1.

critical - A severity that is commonly used for messages that represent critical error conditions. This severity has an integer value of 2.

error - A severity that is commonly used for messages that represent non-critical error conditions. This severity has an integer value of 3.

warning - A severity that is commonly used for messages that represent warning conditions. This severity has an integer value of 4.

notice - A severity that is commonly used for messages that represent normal but significant conditions. This severity has an integer value of 5.

informational - A severity that is commonly used for informational messages. This severity has an integer value of 6.

debug - A severity that is commonly used for debug messages. This severity has an integer value of 7.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

syslog-message-host-name

Property Group
Syslog Configuration
Description
The local host name that will be included in syslog messages that are logged by this Syslog JSON Access Log Publisher. If this is specified, then the value must be between 1 and 255 characters in length, and it must contain only printable ASCII characters between 0x21 (the '!' character) and 0x7E (the '~') character, inclusive. It should represent a qualified or unqualified hostname, an IPv4 address, or an IPv6 address.

If this is not specified, then the server will attempt to automatically determine the hostname for the local system.

If no hostname should be included in syslog messages, then a value of "-" should be used.

Default Value
The server will attempt to automatically determine the hostname for the local system.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

syslog-message-application-name

Property Group
Syslog Configuration
Description
The application name that will be included in syslog messages that are logged by this Syslog JSON Access Log Publisher. If this is specified, then the value must be between 1 and 48 characters in length, and it must contain only printable ASCII characters between 0x21 (the '!' character) and 0x7E (the '~') character, inclusive.

If this is not specified, then the server will use a default value of "PingAuthorize".

If no application name should be included in syslog messages, then a value of "-" should be used.

Default Value
The server will use a default value of "PingAuthorize".
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-connects

Property Group
Log Messages To Include
Description
Indicates whether to log information about connections established to the server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-disconnects

Property Group
Log Messages To Include
Description
Indicates whether to log information about connections that have been closed by the client or terminated by the server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-security-negotiation

Property Group
Log Messages To Include
Description
Indicates whether to log information about the result of any security negotiation (e.g., SSL handshake) processing that has been performed.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-client-certificates

Property Group
Log Messages To Include
Description
Indicates whether to log information about any client certificates presented to the server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-requests

Property Group
Log Messages To Include
Description
Indicates whether to log information about requests received from clients.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-results

Property Group
Log Messages To Include
Description
Indicates whether to log information about the results of client requests.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-search-entries

Property Group
Log Messages To Include
Description
Indicates whether to log information about search result entries sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-search-references

Property Group
Log Messages To Include
Description
Indicates whether to log information about search result references sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-intermediate-responses

Property Group
Log Messages To Include
Description
Indicates whether to log information about intermediate responses sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-internal-operations

Property Group
Log Messages To Include
Description
Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-replication-operations

Property Group
Log Messages To Include
Description
Indicates whether access messages that are generated by replication operations should be suppressed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

correlate-requests-and-results

Property Group
Log Messages To Include
Description
Indicates whether to automatically log result messages for any operation in which the corresponding request was logged. In such cases, the result, entry, and reference criteria will be ignored, although the log-responses, log-search-entries, and log-search-references properties will be honored.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-product-name

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the product name for the PingAuthorize Server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-instance-name

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the instance name for the PingAuthorize Server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-startup-id

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the startup ID for the PingAuthorize Server, which is a value assigned to the server instance at startup and may be used to identify when the server has been restarted.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-dn

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include the DN of the authenticated user for the client connection on which the operation was requested.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-ip-address

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include the IP address of the client that requested the operation.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-result-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation results should include information about both the request and the result. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-search-entry-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search result entries should include information about the associated search request. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-search-reference-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search result references should include information about the associated search request. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-intermediate-response-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for intermediate responses should include information about the associated operation request. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-result-code-names

Property Group
Log Message Elements To Include
Description
Indicates whether result log messages should include human-readable names for result codes in addition to their numeric values.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-extended-search-request-details

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search requests should include extended information from the request, including the requested size limit, time limit, alias dereferencing behavior, and types only behavior.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-add-attribute-names

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for add requests should include a list of the names of the attributes included in the entry to add.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-modify-attribute-names

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for modify requests should include a list of the names of the attributes to be modified.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-search-entry-attribute-names

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search result entries should include a list of the names of the attributes included in the entry that was returned.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-controls

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include a list of the OIDs of any controls included in the request.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-response-controls

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation results should include a list of the OIDs of any controls included in the result.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

queue-size (Advanced Property)

Property Group
Syslog Configuration
Description
The maximum number of log records that can be stored in the asynchronous queue. The server will continuously flush messages from the queue to the log. That is, it does not wait for the queue to fill up before flushing to the log. Lowering this value can impact performance.
Default Value
100000
Allowed Values
An integer value. Lower limit is 1000. Upper limit is 100000 .
Multi-Valued
No
Required
No
Admin Action Required
The Syslog JSON Access Log Publisher must be restarted if this property is changed and the asynchronous property is set to true.

include-thread-id (Advanced Property)

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the thread ID for the PingAuthorize Server in each log message. This ID can be used to correlate log messages from the same thread within a single log as well as generated by the same thread across different types of log files. More information about the thread with a specific ID can be obtained using the cn=JVM Stack Trace,cn=monitor entry.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

max-string-length (Advanced Property)

Property Group
Other Configuration
Description
Specifies the maximum number of characters that may be included in any string in a log message before that string is truncated and replaced with a placeholder indicating the number of characters that were omitted. This can help prevent extremely long log messages from being written. A value of zero indicates that no limit will be imposed.
Default Value
2000
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Log Publishers:

dsconfig list-log-publishers
     [--property {propertyName}] ...

To view the configuration for an existing Log Publisher:

dsconfig get-log-publisher-prop
     --publisher-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Publisher:

dsconfig set-log-publisher-prop
     --publisher-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Syslog JSON Access Log Publisher:

dsconfig create-log-publisher
     --publisher-name {name}
     --type {type}
     --set enabled:{propertyValue}
     --set syslog-external-server:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Log Publisher:

dsconfig delete-log-publisher
     --publisher-name {name}