Enabling sideband traffic logging
Enable sideband audit logging, including end-user transactions captured by the sideband client request.
Steps
-
Edit the
PA_HOME/conf/log4j2.xmlfile. -
In the Logger section, uncomment the
AppenderRefelement for the sideband audit log HAR file.Example:
<!-- Audit Log Configuration--> ... <Logger name="sidebandaudit" level="INFO" additivity="false"> <AppenderRef ref="SidebandAuditLog-File"/> <!--<AppenderRef ref="SidebandAuditLog-Database-Failover"/>--> <!--<AppenderRef ref="SidebandAuditLog-SQLServer-Database-Failover"/>--> <!--<AppenderRef ref="SidebandAuditLog-PostgreSQL"/>--> <!--<AppenderRef ref="SidebandAudit2Splunk"/>--> <AppenderRef ref="SidebandAuditLog-HarFile"/> </Logger> -
In the Appenders section, uncomment the
RollingFileelement for the engine audit log HAR file.Example:
<Appenders> ... <RollingFile name="SidebandAuditLog-HarFile" fileName="${sys:pa.home}/log/pingaccess_sideband_audit_har.log" filePattern="${sys:pa.home}/log/pingaccess_sideband_audit_har.%d{yyyy-MM-dd}.log" ignoreExceptions="false"> <StatusCodeRegExFilter regex="5.."/> <HarLogLayout clientBodySizeLimit="16384" appBodySizeLimit="16384"> <KeyValuePair key="AUDIT.metadata" value="true"/> <KeyValuePair key="AUDIT.http-client" value="true"/> <KeyValuePair key="AUDIT.http-app" value="true"/> </HarLogLayout> <Policies> <TimeBasedTriggeringPolicy /> </Policies> </RollingFile> ... </Appenders> -
Optional: To filter the entries to add to the log file, edit the value of the
StatusCodeRegExFilterelement. -
Optional: To specify what information to log, add or edit the values in the
HarLogLayoutsection of theRollingFileelement.You can add or edit metadata, client response, and app response values. For more information, see Traffic logging reference.
Result
Logging begins when the configuration reloads. The configuration reloads at regular intervals according to the monitorInterval value.