Ping Identity Data Metrics Server - Detailed HTTP Operation Log Publisher

Data Metrics Server Documentation Index
Configuration Reference Home

Detailed HTTP Operation Log Publisher

The Detailed HTTP Operation Log Publisher may be used to obtain detailed information about interaction with clients using the HTTP protocol. It is not compatible with the W3C common log format, but provides much more detailed information.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Detailed HTTP Operation Log Publisher component inherits from the HTTP Operation Log Publisher

Relations from This Component

The following components have a direct aggregation relation from Detailed HTTP Operation Log Publishers:

Log File Rotation Listener

Log Retention Policy

Log Rotation Policy

Properties

The properties supported by this managed object are as follows:

General Configuration Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
Log File Management Basic Properties:	Advanced Properties:
↓ log-file	↓ compression-mechanism
↓ log-file-permissions
↓ rotation-policy
↓ rotation-listener
↓ retention-policy
↓ sign-log
↓ encrypt-log
↓ encryption-settings-definition-id
↓ append
Log Messages To Include Basic Properties:	Advanced Properties:
↓ log-requests	None
↓ log-results
Log Message Elements To Include Basic Properties:	Advanced Properties:
↓ include-product-name	↓ include-thread-id
↓ include-instance-name
↓ include-startup-id
↓ include-request-details-in-result-messages
↓ log-request-headers
↓ suppressed-request-header-name
↓ log-response-headers
↓ suppressed-response-header-name
↓ log-request-authorization-type
↓ log-request-cookie-names
↓ log-response-cookie-names
↓ log-request-parameters
↓ log-request-protocol
↓ suppressed-request-parameter-name
↓ log-redirect-uri
Other Configuration Basic Properties:	Advanced Properties:
None	↓ asynchronous
	↓ auto-flush
	↓ buffer-size
	↓ max-string-length
	↓ queue-size
	↓ time-interval

Basic Properties

description

Property Group	General Configuration
Description	A description for this Log Publisher
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Property Group	General Configuration
Description	Indicates whether the Log Publisher is enabled for use.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

log-file

Property Group	Log File Management
Description	The file name to use for the log files generated by the Detailed HTTP Operation Log Publisher. The path to the file can be specified either as relative to the server root or as an absolute path.
Default Value	None
Allowed Values	A filesystem path
Multi-Valued	No
Required	Yes
Admin Action Required	The Detailed HTTP Operation Log Publisher must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

log-file-permissions

Property Group	Log File Management
Description	The UNIX permissions of the log files created by this Detailed HTTP Operation Log Publisher.
Default Value	600
Allowed Values	A valid UNIX mode string. The mode string must contain three digits between zero and seven.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

rotation-policy

Property Group	Log File Management
Description	The rotation policy to use for the Detailed HTTP Operation Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met.
Default Value	No rotation policy is used and log rotation will not occur.
Allowed Values	The DN of any Log Rotation Policy.
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

rotation-listener

Property Group	Log File Management
Description	A listener that should be notified whenever a log file is rotated out of service.
Default Value	None
Allowed Values	The DN of any Log File Rotation Listener. If this Detailed HTTP Operation Log Publisher is enabled, then the associated log file rotation listener must also be enabled.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

retention-policy

Property Group	Log File Management
Description	The retention policy to use for the Detailed HTTP Operation Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met.
Default Value	No retention policy is used and log files are never cleaned.
Allowed Values	The DN of any Log Retention Policy.
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

sign-log

Property Group	Log File Management
Description	Indicates whether the log should be cryptographically signed so that the log content cannot be altered in an undetectable manner. Log file signatures can be validated using the validate-file-signature tool provided with the server. Note that when enabling signing for a logger that already exists and was enabled without signing, the first log file will not be completely verifiable because it will still contain unsigned content from before signing was enabled. Only log files whose entire content was written with signing enabled will be considered completely valid. For the same reason, if a log file is still open for writing, then signature validation will not indicate that the log is completely valid because the log will not include the necessary "end signed content" indicator at the end of the file.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	The Detailed HTTP Operation Log Publisher must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

encrypt-log (Read-Only)

Property Group	Log File Management
Description	Indicates whether log files should be encrypted so that their content is not available to unauthorized users. If this property is configured with a value of true, then log data will be encrypted using a key generated from an encryption settings definition. If the encryption-settings-definition-id property has a value, then the specified encryption settings definition will be used; otherwise, the server's preferred encryption settings definition will be used. For best compatibility, you should use an encryption settings definition that was created from a user-supplied passphrase, so that passphrase can be used to decrypt its content. If this property is configured with a value of false, then log data will not be encrypted. Encrypted log files can be decrypted on the command line with the encrypt-file tool (using the --decrypt argument). Encrypted log files can be accessed programmatically using the com.unboundid.util.PassphraseEncryptedInputStream class in the UnboundID LDAP SDK for Java. If a log file is to be encrypted, then you will also likely want to enable compression (by giving the compression-mechanism property a value of 'gzip'). This will reduce the amount of data that needs to be encrypted, and will also dramatically reduce the size of the log files that are generated.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	The Detailed HTTP Operation Log Publisher must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

encryption-settings-definition-id

Property Group	Log File Management
Description	Specifies the ID of the encryption settings definition that should be used to encrypt the data. If this is not provided, the server's preferred encryption settings definition will be used. The "encryption-settings list" command can be used to obtain a list of the encryption settings definitions available in the server.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

append

Property Group	Log File Management
Description	Specifies whether to append to existing log files.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-requests

Property Group	Log Messages To Include
Description	Indicates whether to record a log message with information about requests received from the client.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-results

Property Group	Log Messages To Include
Description	Indicates whether to record a log message with information about the result of processing a requested HTTP operation.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

include-product-name

Property Group	Log Message Elements To Include
Description	Indicates whether log messages should include the product name for the Data Metrics Server.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

include-instance-name

Property Group	Log Message Elements To Include
Description	Indicates whether log messages should include the instance name for the Data Metrics Server.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

include-startup-id

Property Group	Log Message Elements To Include
Description	Indicates whether log messages should include the startup ID for the Data Metrics Server, which is a value assigned to the server instance at startup and may be used to identify when the server has been restarted.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

include-request-details-in-result-messages

Property Group	Log Message Elements To Include
Description	Indicates whether result log messages should include all of the elements of request log messages. This may be used to record a single message per operation with details about both the request and response.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-request-headers

Property Group	Log Message Elements To Include
Description	Indicates whether request log messages should include information about HTTP headers included in the request.
Default Value	none
Allowed Values	none - Indicates that no information about request headers should be logged. header-names - Indicates that only the names of request headers should be logged, but the values should be suppressed. header-names-and-values - Indicates that request header names and values should be logged. Note that request headers may include sensitive information, so it may be desirable to suppress information about one or more such request headers.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

suppressed-request-header-name

Property Group	Log Message Elements To Include
Description	Specifies the case-insensitive names of request headers that should be omitted from log messages (e.g., for the purpose of brevity or security). This will only be used if the log-request-headers property has a value of true. For security reasons, the "Authorization" and "Cookie" headers will be suppressed by default. The "Content-Length" header will be suppressed because it will be included in the contentLength element, and the "Content-Type" header will be suppressed because it will be included in the contentType log element. If all request headers should be logged, then a nonsense value that will not appear as a valid request header should be provided.
Default Value	Authorization Content-Length Content-Type Cookie
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

log-response-headers

Property Group	Log Message Elements To Include
Description	Indicates whether response log messages should include information about HTTP headers included in the response.
Default Value	none
Allowed Values	none - Indicates that no information about response headers should be logged. header-names - Indicates that only the names of response headers should be logged, but the values should be suppressed. header-names-and-values - Indicates that response header names and values should be logged. Note that response headers may include sensitive information, so it may be desirable to suppress information about one or more such response headers.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

suppressed-response-header-name

Property Group	Log Message Elements To Include
Description	Specifies the case-insensitive names of response headers that should be omitted from log messages (e.g., for the purpose of brevity or security). This will only be used if the log-response-headers property has a value of true. For security reasons, the "Set-Cookie" header will be suppressed by default. The "Location" header will also be suppressed because its value will normally be included in the redirectURI log element, the "Content-Length" header will be suppressed because it will be included in the contentLength log element, and the "Content-Type" will be suppressed because it will e included in the contentType element. If all response headers should be logged, then a nonsense value that will not appear as a valid response header should be provided.
Default Value	Content-Length Content-Type Location Set-Cookie
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

log-request-authorization-type

Property Group	Log Message Elements To Include
Description	Indicates whether to log the type of credentials given if an "Authorization" header was included in the request. Logging the authorization type may be useful, and is much more secure than logging the entire value of the "Authorization" header.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-request-cookie-names

Property Group	Log Message Elements To Include
Description	Indicates whether to log the names of any cookies included in an HTTP request. Logging cookie names may be useful and is much more secure than logging the entire content of the cookies (which may include sensitive information).
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-response-cookie-names

Property Group	Log Message Elements To Include
Description	Indicates whether to log the names of any cookies set in an HTTP response. Logging cookie names may be useful and is much more secure than logging the entire content of the cookies (which may include sensitive information).
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-request-parameters

Property Group	Log Message Elements To Include
Description	Indicates what (if any) information about request parameters should be included in request log messages. Note that this will only be used for requests with a method other than GET, since GET request parameters will be included in the request URL.
Default Value	parameter-names
Allowed Values	none - Indicates that no information about request parameters should be logged. parameter-names - Indicates that only the names of request parameters should be logged, but the values should be suppressed. parameter-names-and-values - Indicates that request parameter names and values should be logged. Note that request parameters may include sensitive information, so it may be desirable to suppress information about one or more such request parameters.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-request-protocol

Property Group	Log Message Elements To Include
Description	Indicates whether request log messages should include information about the HTTP version specified in the request.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

suppressed-request-parameter-name

Property Group	Log Message Elements To Include
Description	Specifies the case-insensitive names of request parameters that should be omitted from log messages (e.g., for the purpose of brevity or security). This will only be used if the log-request-parameters property has a value of parameter-names or parameter-names-and-values.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

log-redirect-uri

Property Group	Log Message Elements To Include
Description	Indicates whether the redirect URI (i.e., the value of the "Location" header from responses) should be included in response log messages.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

Advanced Properties

compression-mechanism (Advanced Property, Read-Only)

Property Group	Log File Management
Description	Specifies the type of compression (if any) to use for log files that are written. Note that this setting cannot be changed once the logger has been created, because of the possibility of mixing compressed and uncompressed data in the same file. Further, because it is difficult to append to a compressed file, any existing active log file will automatically be rotated when the server is started. If compressed logging is used, it may also be desirable to have another logger enabled that does not use compression. The rotation and retention policies for the uncompressed logger can be configured to minimize the amount of space it consumes, but having ready access to information about recent operations in uncompressed form may be convenient for debugging purposes. Alternately, you could consider having the uncompressed logger defined but not enabled so that it can be turned on as needed for debugging such problems.
Default Value	none
Allowed Values	none - No compression will be performed. gzip - Compress file data using gzip with the default compression level. If this compression level is specified, then files will automatically be given a ".gz" extension.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

include-thread-id (Advanced Property)

Property Group	Log Message Elements To Include
Description	Indicates whether log messages should include the thread ID for the Data Metrics Server in each log message. This ID can be used to correlate log messages from the same thread within a single log as well as generated by the same thread across different types of log files. More information about the thread with a specific ID can be obtained using the cn=JVM Stack Trace,cn=monitor entry.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

asynchronous (Advanced Property)

Property Group	Other Configuration
Description	Indicates whether the Detailed HTTP Operation Log Publisher will publish records asynchronously.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

auto-flush (Advanced Property)

Property Group	Other Configuration
Description	Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

buffer-size (Advanced Property)

Property Group	Other Configuration
Description	Specifies the log file buffer size.
Default Value	64kb
Allowed Values	A positive integer representing a size. Lower limit is 1.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

max-string-length (Advanced Property)

Property Group	Other Configuration
Description	Specifies the maximum length of any individual string that should be logged. If a log message includes a string longer than this number of characters, it will be truncated. A value of zero indicates that no truncation will be used.
Default Value	2000
Allowed Values	An integer value. Lower limit is 0.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

queue-size (Advanced Property)

Property Group	Other Configuration
Description	The maximum number of log records that can be stored in the asynchronous queue. The server will continuously flush messages from the queue to the log. That is, it does not wait for the queue to fill up before flushing to the log. Lowering this value can impact performance.
Default Value	10000
Allowed Values	An integer value. Lower limit is 1000. Upper limit is 100000 .
Multi-Valued	No
Required	No
Admin Action Required	The Detailed HTTP Operation Log Publisher must be restarted if this property is changed and the asynchronous property is set to true.

time-interval (Advanced Property)

Property Group	Other Configuration
Description	Specifies the interval at which to check whether the log files need to be rotated.
Default Value	5s
Allowed Values	A duration. Lower limit is 1 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Log Publishers:

dsconfig list-log-publishers
     [--property {propertyName}] ...

To view the configuration for an existing Log Publisher:

dsconfig get-log-publisher-prop
     --publisher-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Publisher:

dsconfig set-log-publisher-prop
     --publisher-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Detailed HTTP Operation Log Publisher:

dsconfig create-log-publisher
     --publisher-name {name}
     --type detailed
     --set enabled:{propertyValue}
     --set log-file:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Log Publisher:

dsconfig delete-log-publisher
     --publisher-name {name}