Trace Log Publisher

Note: this is an abstract component that cannot be instantiated.

Trace Log Publishers are used for tracing the processing of HTTP requests within the Directory Server.

Direct Subcomponents Parent Component Properties dsconfig Usage

Direct Subcomponents

The following Trace Log Publishers are available in the server :

These Trace Log Publishers inherit from the properties described below.

Parent Component

The Trace Log Publisher component inherits from the Log Publisher

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
 description  None
 enabled
 logging-error-behavior
Log Messages To Include Basic Properties: Advanced Properties:
 debug-message-type  None
 http-message-type
 access-token-validator-message-type
 id-token-validator-message-type
 scim-message-type
 consent-message-type
 directory-rest-api-message-type
 extension-message-type
 include-path-pattern
 exclude-path-pattern

Basic Properties

description

Property Group
General Configuration
Description
A description for this Log Publisher
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the Log Publisher is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

logging-error-behavior

Property Group
General Configuration
Description
Specifies the behavior that the server should exhibit if an error occurs during logging processing.
Default Value
standard-error
Allowed Values
standard-error - Write a message to standard error in the event of a logging failure.

lockdown-mode - Place the server in lockdown mode in the event of a logging failure.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

debug-message-type

Property Group
Log Messages To Include
Description
Specifies the debug message types which can be logged. Note that enabling these may result in sensitive information being logged.
Default Value
No debug messages are logged.
Allowed Values
http-full-request-and-response - The full HTTP request and response for an inbound request to the Directory Server.

server-sdk-extension - The messages logged by Server SDK extensions.

access-token-validator-request-and-response - The full HTTP request and response of an outbound request initiated by an access token validator to an authorization server.

access-token-validator-processing - Detailed information about access token processing.

id-token-validator-request-and-response - The full HTTP request and response of an outbound request initiated by an ID token validator to an OpenID Connect provider.

id-token-validator-processing - Detailed information about ID token processing.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

http-message-type

Property Group
Log Messages To Include
Description
Specifies the HTTP message types which can be logged.
Default Value
No HTTP messages are logged.
Allowed Values
request - The HTTP request summary.

response - The HTTP response summary.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

access-token-validator-message-type

Property Group
Log Messages To Include
Description
Specifies the access token validator message types that can be logged.
Default Value
No access token validator messages are logged.
Allowed Values
subject-lookup - Access token subject lookup events.

external-server-request - Summary information about an outbound HTTP request made by an access token validator.

external-server-response - Summary information about the response to an outbound HTTP request made by an access token validator.

validation - Access token validation events.

error - Potentially fatal errors in access token validator processing.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

id-token-validator-message-type

Property Group
Log Messages To Include
Description
Specifies the ID token validator message types that can be logged.
Default Value
No ID token validator messages are logged.
Allowed Values
external-server-request - Summary information about an outbound HTTP request made by an ID token validator.

external-server-response - Summary information about the response to an outbound HTTP request made by an ID token validator.

validation - ID token validation events.

warning - Warnings about ID token validator processing.

error - Potentially fatal errors in ID token validator processing.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

scim-message-type

Property Group
Log Messages To Include
Description
Specifies the SCIM message types which can be logged.
Default Value
No SCIM messages are logged.
Allowed Values
request - Information about SCIM requests received from clients.

result - Information about the results of SCIM requests received from clients.

internal-request - Information about SCIM requests that initiated internally (for example, operations initiated during processing of a client request).

internal-result - Information about the results of SCIM requests that initiated internally (for example, operations initiated by plugins).

error - SCIM errors caused by exceptions.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

consent-message-type

Property Group
Log Messages To Include
Description
Specifies the consent message types that can be logged.
Default Value
No consent messages are logged.
Allowed Values
consent-created - Consent record created.

consent-updated - Consent record updated.

consent-deleted - Consent record deleted.

consent-retrieved - Consent record retrieved.

consent-search - Consent records searched.

definition-created - Consent definition created.

definition-updated - Consent definition updated.

definition-deleted - Consent definition deleted.

definition-retrieved - Consent definition retrieved.

definition-search - Consent definitions searched.

localization-created - Consent definition localization created.

localization-updated - Consent definition localization updated.

localization-deleted - Consent definition localization deleted.

localization-retrieved - Consent definition localization retrieved.

localization-search - Consent definition localizations searched.

error - Consent error.

audit - Detailed information about a consent resource before and/or after a create, update, or delete operation.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

directory-rest-api-message-type

Property Group
Log Messages To Include
Description
Specifies the Directory REST API message types which can be logged.
Default Value
No Directory REST API messages are logged.
Allowed Values
error - Directory REST API errors caused by exceptions.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

extension-message-type

Property Group
Log Messages To Include
Description
Specifies the Server SDK extension message types that can be logged.
Default Value
No Server SDK extension messages are logged.
Allowed Values
error - An error logged by a Server SDK extension.

warning - A warning logged by a Server SDK extension.

notice - A notice message logged by a Server SDK extension.

info - An informational message logged by a Server SDK extension.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

include-path-pattern

Property Group
Log Messages To Include
Description
Specifies a set of HTTP request URL paths to determine whether log messages are included for a HTTP request. Log messages are included for a HTTP request if the request path does not match any exclude-path-pattern, and the request path does match an include-path-pattern (or no include-path-pattern is specified). Paths are matched using the following rules:
  • '?' matches one character within a path segment
  • '*' matches zero or more characters within a path segment (i.e. does not match the '/' separator)
  • '/**/' matches zero or more segments in a path (segments are separated by '/')

Some pattern examples:

  • /example/t?st - matches /example/test but also /example/tast or /example/txst
  • /example/*.png - matches all .png files directly under /example (does not match /example/path1/test.png)
  • /example/**/test.png - matches all test.png files whose path starts with /example
  • /scim/v2/Users/** - matches the path to any SCIM resource whose resource type endpoint is Users
  • /example/path1/**/*.png - matches all .png files whose path starts with /example/path1
  • /example/**/servlet/bla - matches /example/path1/servlet/bla but also /example/path1/testing/servlet/bla and /example/servlet/bla

Default Value
All request paths are included except any specified in exclude-path-pattern.
Allowed Values
A string
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

exclude-path-pattern

Property Group
Log Messages To Include
Description
Specifies a set of HTTP request URL paths to determine whether log messages are excluded for a HTTP request. Log messages are included for a HTTP request if the request path does not match any exclude-path-pattern, and the request path does match an include-path-pattern (or no include-path-pattern is specified). Paths are matched using the following rules:
  • '?' matches one character within a path segment
  • '*' matches zero or more characters within a path segment (i.e. does not match the '/' separator)
  • '/**/' matches zero or more segments in a path (segments are separated by '/')

Some pattern examples:

  • /example/t?st - matches /example/test but also /example/tast or /example/txst
  • /example/*.png - matches all .png files directly under /example (does not match /example/path1/test.png)
  • /example/**/test.png - matches all test.png files whose path starts with /example
  • /scim/v2/Users/** - matches the path to any SCIM resource whose resource type endpoint is Users
  • /example/path1/**/*.png - matches all .png files whose path starts with /example/path1
  • /example/**/servlet/bla - matches /example/path1/servlet/bla but also /example/path1/testing/servlet/bla and /example/servlet/bla

Default Value
No request paths are explicitly excluded.
Allowed Values
A string
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Log Publishers:

dsconfig list-log-publishers
     [--property {propertyName}] ...

To view the configuration for an existing Log Publisher:

dsconfig get-log-publisher-prop
     --publisher-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Publisher:

dsconfig set-log-publisher-prop
     --publisher-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To delete an existing Log Publisher:

dsconfig delete-log-publisher
     --publisher-name {name}