Creating an error-only server log
Modify your log4j2.xml
file to set up a specific log to log only ERROR
-level and higher notifications.
About this task
Monitor the pingaccess.log
file for ERROR
-level messages. You can configure alerts to send notifications when events occur and to improve the monitoring of these events. Even when levels are down to a minimum, the server log generates large amounts of information in an active production environment. You can set up a specific log to log only ERROR
-level and higher alerts, which can be sent to a security information and event management (SIEM) tool, such as Splunk, when they occur.
To change your log4j2.xml
file to enable a separate log file:
Steps
-
Create an appender.
The simplest way to create an appender is to copy an existing one to use as a base.
In the following example, the
RollingFile
is the same one that thepingaccess.log
file uses. The bold text identifies items that have been changed.<!-- Error Only Main Log : A size based file rolling appender --> <RollingFile name="FILEERR" fileName="${sys:pa.home}/log/pingaccess.error.log" filePattern="${sys:pa.home}/log/pingaccess.error.log.%i" ignoreExceptions="false"> <PatternLayout> <!-- Uncomment this if you want to use UTF-8 encoding instead of system's default encoding. --> <!-- <charset>UTF-8</charset> --> <!-- To Activate location information uncomment the following pattern, comment out the current pattern and set "includeLocation" to true in "com.pingidentity" async logger. --> <!-- <pattern>%d{ISO8601} %5p [%X{exchangeId}] %c:%L - %m%n</pattern> --> <pattern>%d{ISO8601} %5p [%X{exchangeId}] %c - %m%n</pattern> </PatternLayout> <Policies> <SizeBasedTriggeringPolicy size="100000 KB"/> </Policies> <DefaultRolloverStrategy max="10"/> </RollingFile>
-
Set the appender that you created in step 1 for
AsyncRoot
at the end of yourlog4j2.xml
file.The following example shows the necessary changes. In this example, the
level
attribute indicates the level of messages that are sent to the log file.<!-- Root Logger--> <AsyncRoot level="INFO" includeLocation="false" > <AppenderRef ref="File"/> <AppenderRef ref="FILEERR" level="ERROR"/> </AsyncRoot>
-
Remove the attribute
additivity="false"
from all other loggers that contain a reference to theFile
appender.Example:
<AsyncLogger name="com.pingidentity" level="DEBUG" additivity="false" includeLocation="false">
Becomes:
<AsyncLogger name="com.pingidentity" level="DEBUG" includeLocation="false">
-
Restart the PingAccess server.
-
If you have a clustered environment, perform steps 1-4 on all nodes within the cluster.
To expedite this step, create a base file with the appropriate changes and copy it to all the nodes.