Logging iovation events

Update the PingAccess logging file to include iovation events. This procedure modifies the existing <PA_HOME>/conf/log4j2.xml file to log communications with iovation to a new file.

If you operate PingAccess in a cluster, you must perform this procedure on every node.

Steps

In the <PA_HOME>/conf/log4j2.xml file, go to the Appenders section. Add a new RollingFile appender to define and create a new log file for iovation events.

In the following example, the log file name becomes <PA_HOME>/log/pingaccess_iovation_audit.log.

Example:

<RollingFile name="Iovation-File"
                     fileName="${sys:pa.home}/log/pingaccess_iovation_audit.log"
                     filePattern="${sys:pa.home}/log/pingaccess_iovation_audit.%d{yyyy-MM-dd}.log"
                     ignoreExceptions="false">
            <PatternLayout>
                <pattern>%d{ISO8601}| %X{exchangeId}| %X{IOVATION_AUDIT.trackingNumber} | %X{IOVATION_AUDIT.deviceAlias} | %X{IOVATION_AUDIT.accountCode} | %X{IOVATION_AUDIT.result} | %X{IOVATION_AUDIT.reason} | %X{IOVATION_AUDIT.ruleName} | %X{IOVATION_AUDIT.iovationId} | %X{IOVATION_AUDIT.statedIp} %n</pattern>
            </PatternLayout>
            <Policies>
                <TimeBasedTriggeringPolicy/>
            </Policies>
</RollingFile>

This example uses the following variables:

Variables

Variable Definition

Variable	Definition
`%d`	The transaction time.
`exchangeId`	The ID for a specific request and response pair.
`IOVATION_AUDIT.trackingNumber`	A unique ID that iovation assigns to the transaction. This ID can be used to locate the transaction in searches and reports.
`IOVATION_AUDIT.deviceAlias`	The iovation identifier for the requesting device. If a blackbox isn’t present during the iovation authorization request, the value becomes `0`.
`IOVATION_AUDIT.accountCode`	The value of the `accountCode` attribute for the transaction.
`IOVATION_AUDIT.result`	The iovation risk check result. Possible values are: A Accept D Deny R Review
`IOVATION_AUDIT.reason`	The iovation admin-specified value corresponding to the iovation rule that contributed most to the result.
`IOVATION_AUDIT.ruleName`	The name of the PingAccess rule responsible for this iovation Fraud check.
`IOVATION_AUDIT.iovationId`	A unique ID that iovation provides for the request.
`IOVATION_AUDIT.statedIp`	The Internet Protocol (IP) address of the requesting client. This value is provided as the `statedIp` of the iovation Fraud API request.

%d

The transaction time.

exchangeId

The ID for a specific request and response pair.

IOVATION_AUDIT.trackingNumber

A unique ID that iovation assigns to the transaction. This ID can be used to locate the transaction in searches and reports.

IOVATION_AUDIT.deviceAlias

The iovation identifier for the requesting device. If a blackbox isn’t present during the iovation authorization request, the value becomes 0.

IOVATION_AUDIT.accountCode

The value of the accountCode attribute for the transaction.

IOVATION_AUDIT.result

The iovation risk check result. Possible values are:

A: Accept
D: Deny
R: Review

IOVATION_AUDIT.reason

The iovation admin-specified value corresponding to the iovation rule that contributed most to the result.

IOVATION_AUDIT.ruleName

The name of the PingAccess rule responsible for this iovation Fraud check.

IOVATION_AUDIT.iovationId

A unique ID that iovation provides for the request.

IOVATION_AUDIT.statedIp

The Internet Protocol (IP) address of the requesting client. This value is provided as the statedIp of the iovation Fraud API request.

Go to the Loggers section. Add a new Logger entry to enable logging and configure the level of detail you want to record.

Example:
```
<Logger name="iovationaudit" level="INFO" additivity="false">
      <AppenderRef ref="Iovation-File"/>
</Logger>
```
You can find more information about log levels in Configuring log levels.
Restart PingAccess to make your changes take effect.