Implementing the Classic Logging Service

Note

AM supports two Audit Logging Services: the classic Logging Service, which is based on a Java SDK and is available in AM versions prior to AM 5.0, and a common REST-based Audit Logging Service. The classic Logging Service is deprecated.

To configure AM logging properties, in the AM console, go to Configure > Global Services > Logging.

For more information on the available settings, see "Audit Logging" reference.

Audit Logging to Flat Files

By default, AM audit logs are written to files in the configuration directory for the instance, such as $HOME/openam/log/.

AM sends messages to different log files, each named after the service logging the message, with two different types log files per service: .access and.error. Thus, the current log files for the authentication service are named amAuthentication.access and amAuthentication.error.

For details, see Log Files and Messages.

Audit Logging to a Syslog Server

AM supports sending audit log messages to a syslog server for collation.

You can enable syslog audit logging by using the AM console, or the ssoadm command.

Enabling Syslog Audit Logging (UI)

  1. In the AM console, go to Configure > Global Services > Logging.

  2. On the Syslog tab, configure the following settings as appropriate for your syslog server, and save your changes:

    • Syslog server host

    • Syslog server port

    • Syslog server protocol

    • Syslog facility

    • Syslog connection timeout

    For information on these settings, see "Logging".

  3. On the General tab, set the Logging Type drop-down list to Syslog, and save your changes.

Enabling Syslog Audit Logging by Using the ssoadm Command

  1. Create a text file, for example, MySyslogServerSettings.txt containing the settings used when audit logging to a syslog server, as shown below:

    iplanet-am-logging-syslog-port=514
iplanet-am-logging-syslog-protocol=UDP
iplanet-am-logging-type=Syslog
iplanet-am-logging-syslog-connection-timeout=30
iplanet-am-logging-syslog-host=localhost
iplanet-am-logging-syslog-facility=local5

  2. Use the following SSOADM command to configure audit logging to a syslog server:

    $ ssoadm \
  set-attr-defs \
  --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
  --password-file /tmp/pwd.txt \
  --servicename iPlanetAMLoggingService \
  --schematype Global \
  --datafile MySyslogServerSettings.txt
Schema attribute defaults were set.
Read a different version of :