Logging iovation events

Update the PingAccess logging file to log iovation events.

About this task

This procedure modifies the existing <PA_HOME>/conf/log4j2.xml file to log communications with iovation to a new log file. In a clustered environment, you must perform this procedure on every node.

Steps

Edit the <PA_HOME>/conf/log4j2.xml file.

Locate the Appenders section and add a section to create the new log file.

Example:

<RollingFile name="Iovation-File"
                     fileName="${sys:pa.home}/log/pingaccess_iovation_audit.log"
                     filePattern="${sys:pa.home}/log/pingaccess_iovation_audit.%d{yyyy-MM-dd}.log"
                     ignoreExceptions="false">
            <PatternLayout>
                <pattern>%d{ISO8601}| %X{exchangeId}| %X{IOVATION_AUDIT.trackingNumber} | %X{IOVATION_AUDIT.deviceAlias} | %X{IOVATION_AUDIT.accountCode} | %X{IOVATION_AUDIT.result} | %X{IOVATION_AUDIT.reason} | %X{IOVATION_AUDIT.ruleName} | %X{IOVATION_AUDIT.iovationId} | %X{IOVATION_AUDIT.statedIp} %n</pattern>
            </PatternLayout>
            <Policies>
                <TimeBasedTriggeringPolicy/>
            </Policies>
</RollingFile>

This example uses a log file name of <PA_HOME>/log/pingaccess_iovation_audit.log.

The following variables are used in this example.

Variable Definition

Variable	Definition
`%d`	The transaction time.
`exchangeId`	The ID for a specific request/response pair.
`IOVATION_AUDIT.trackingNumber`	An iovation-assigned unique ID for the transaction that can be used to locate the transaction in searches and reports.
`IOVATION_AUDIT.deviceAlias`	The iovation identifier for the requesting device. If no blackbox is present at the time of the iovation authorization request, a value of 0 is used.
`IOVATION_AUDIT.accountCode`	The value of the `accountCode` attribute for the transaction.
`IOVATION_AUDIT.result`	The iovation risk check result. Valid values are: A – Accept D – Deny R – Review
`IOVATION_AUDIT.reason`	The iovation admin-specified value corresponding to the iovation rule that contributed most to the result.
`IOVATION_AUDIT.ruleName`	The name of the PingAccess rule responsible for this iovation Fraud check.
`IOVATION_AUDIT.iovationId`	A unique ID provided by iovation for the request.
`IOVATION_AUDIT.statedIp`	The Internet Protocol (IP) address of the requesting client. This value is provided as the statedIp of the iovation Fraud API request.

%d

The transaction time.

exchangeId

The ID for a specific request/response pair.

IOVATION_AUDIT.trackingNumber

An iovation-assigned unique ID for the transaction that can be used to locate the transaction in searches and reports.

IOVATION_AUDIT.deviceAlias

The iovation identifier for the requesting device. If no blackbox is present at the time of the iovation authorization request, a value of 0 is used.

IOVATION_AUDIT.accountCode

The value of the accountCode attribute for the transaction.

IOVATION_AUDIT.result

The iovation risk check result. Valid values are:

A – Accept
D – Deny
R – Review

IOVATION_AUDIT.reason

The iovation admin-specified value corresponding to the iovation rule that contributed most to the result.

IOVATION_AUDIT.ruleName

The name of the PingAccess rule responsible for this iovation Fraud check.

IOVATION_AUDIT.iovationId

A unique ID provided by iovation for the request.

IOVATION_AUDIT.statedIp

The Internet Protocol (IP) address of the requesting client. This value is provided as the statedIp of the iovation Fraud API request.

Locate the Loggers section and add an entry to enable logging.

Example:

<Logger name="iovationaudit" level="INFO" additivity="false">
      <AppenderRef ref="Iovation-File"/>
</Logger>

Restart PingAccess.