PingAccess

Creating an error-only server log

Modify your log4j2.xml file to set up a specific log to log only ERROR-level and higher notifications.

About this task

Monitor the pingaccess.log file for ERROR-level messages. You can configure alerts to send notifications when events occur and to improve the monitoring of these events. Even when levels are down to a minimum, the server log generates large amounts of information in an active production environment. You can set up a specific log to log only ERROR-level and higher alerts, which can be sent to a security information and event management (SIEM) tool, such as Splunk, when they occur.

To change your log4j2.xml file to enable a separate log file:

Steps

  1. Create an appender.

    The simplest way to create an appender is to copy an existing one to use as a base.

    In the following example, the RollingFile is the same one that the pingaccess.log file uses. The bold text identifies items that have been changed.

    <!-- Error Only Main Log : A size based file rolling appender -->
<RollingFile name="FILEERR"
         	fileName="${sys:pa.home}/log/pingaccess.error.log"
         	filePattern="${sys:pa.home}/log/pingaccess.error.log.%i"
         	ignoreExceptions="false">
	<PatternLayout>
    	<!-- Uncomment this if you want to use UTF-8 encoding instead of system's default encoding. -->
    	<!--
    	<charset>UTF-8</charset>
    	-->
    	<!--
        	To Activate location information uncomment the following pattern,
        	comment out the current pattern and set "includeLocation" to true
        	in "com.pingidentity" async logger.
    	-->
    	<!--
    	<pattern>%d{ISO8601} %5p [%X{exchangeId}] %c:%L - %m%n</pattern>
    	-->
    	<pattern>%d{ISO8601} %5p [%X{exchangeId}] %c - %m%n</pattern>
	</PatternLayout>
	<Policies>
    	<SizeBasedTriggeringPolicy size="100000 KB"/>
	</Policies>
	<DefaultRolloverStrategy max="10"/>
</RollingFile>

  2. Set the appender that you created in step 1 for AsyncRoot at the end of your log4j2.xml file.

    The following example shows the necessary changes. In this example, the level attribute indicates the level of messages that are sent to the log file.

    <!-- Root Logger-->
<AsyncRoot level="INFO" includeLocation="false" >
	<AppenderRef ref="File"/>
	<AppenderRef ref="FILEERR" level="ERROR"/>
</AsyncRoot>

  3. Remove the attribute additivity="false" from all other loggers that contain a reference to the File appender.

    Example:

    <AsyncLogger name="com.pingidentity" level="DEBUG" additivity="false"
          includeLocation="false">

    Becomes:

    <AsyncLogger name="com.pingidentity" level="DEBUG"
        includeLocation="false">

  4. Restart the PingAccess server.

  5. If you have a clustered environment, perform steps 1-4 on all nodes within the cluster.

    To expedite this step, create a base file with the appropriate changes and copy it to all the nodes.