Log Field Behavior

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

Note: this is an abstract component that cannot be instantiated.

Log Field Behaviors are used to define the behaviors to use for various log fields.

Direct Subcomponents Properties dsconfig Usage

Direct Subcomponents

The following Log Field Behaviors are available in the server :

These Log Field Behaviors inherit from the properties described below.

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 default-behavior

Basic Properties

description

Description
A description for this Log Field Behavior
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

default-behavior

Description
The default behavior that the server should exhibit for fields for which no explicit behavior is defined. If no default behavior is defined, the server will fall back to using the default behavior configured for the syntax used for each log field.
Default Value
None
Allowed Values
preserve - Log the field with the intended value. The value will be preserved, although it may be sanitized for parsability or safety purposes (for example, to escape special characters in the value), and it may be truncated if the value is too long.

omit - Completely omit the field from the log message. Neither the field name or its value will be included.

redact-entire-value - Log the field name, but redact the entire value so that it is not possible to determine what the original value was. In many cases, the redacted value will preserve the syntax for the original value (for example, the redacted representation of an integer will be a placeholder integer value), but this may not be possible for all syntaxes (for example, Boolean values).

redact-value-components - Log the field name, but redact components of the provided value to the extent possible. If values of this syntax may be comprised of multiple components, then some components may be individually redacted (for example, in an LDAP DN or search filter, attribute names may be preserved while the values are redacted, and it may even be possible to configure redaction for only values of a subset of attributes). If the syntax does not support redacting components within a value, then the entire value will be redacted.

tokenize-entire-value - Log the field name, but generate a token for the entire value that protects the actual content of the original value while still making it possible to identify other places where the same value appears elsewhere in the log. In many cases, the tokenized value will preserve the syntax for the original value, but this may not be possible for all syntaxes.

tokenize-value-components - Log the field name, but tokenize components of the provided value to the extent possible (for example, in an LDAP DN or search filter, each attribute value may be replaced with a token that represents that value, while attribute names may be preserved). If the syntax does not support tokenizing components within a value, then the entire value will be tokenized.
Multi-Valued
No
Required
No
Admin Action Required
The Log Field Behavior must be disabled and re-enabled for changes to this setting to take effect. Any changes made to the set of default-behavior values will not take effect until the server is restarted or access loggers configured to use it have been disabled and re-enabled.


dsconfig Usage

To list the configured Log Field Behaviors:

dsconfig list-log-field-behaviors
     [--property {propertyName}] ...

To view the configuration for an existing Log Field Behavior:

dsconfig get-log-field-behavior-prop
     --behavior-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Field Behavior:

dsconfig set-log-field-behavior-prop
     --behavior-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To delete an existing Log Field Behavior:

dsconfig delete-log-field-behavior
     --behavior-name {name}