Access Management 7.3.1

Legacy logging service (deprecated)

This service is deprecated and will be removed in a future AM release. You should use the audit logging service instead.

To configure the legacy logging service, go to Configure > Global Services > Logging.

For more information on the configuration, refer to the audit logging reference.

Log to flat files

By default, AM audit logs are written to files in the instance’s configuration directory, such as $HOME/openam/log/.

AM sends messages to different log files, each named after the service logging the message, with two different types log files per service: .access and.error. Thus, the current log files for the authentication service are named amAuthentication.access and amAuthentication.error.

For details, refer to Log files and messages.

Log to a syslog server

AM supports sending audit log messages to a syslog server for collation.

You can enable syslog audit logging by using the AM admin UI, or the ssoadm command.

Syslog logging (UI)

  1. In the AM admin UI, go to Configure > Global Services > Logging.

  2. On the Syslog tab, configure the following settings as appropriate for your syslog server, and save your changes:

    • Syslog server host

    • Syslog server port

    • Syslog server protocol

    • Syslog facility

    • Syslog connection timeout

    For information on these settings, see Logging.

  3. On the General tab, set the Logging Type drop-down list to Syslog, and save your changes.

Syslog logging (ssoadm)

  1. Create a text file, for example, MySyslogServerSettings.txt, containing the settings used when audit logging to a syslog server:

    iplanet-am-logging-syslog-port=514
iplanet-am-logging-syslog-protocol=UDP
iplanet-am-logging-type=Syslog
iplanet-am-logging-syslog-connection-timeout=30
iplanet-am-logging-syslog-host=localhost
iplanet-am-logging-syslog-facility=local5

  2. Use the following ssoadm command to configure audit logging to a syslog server:

    $ ssoadm \
  set-attr-defs \
  --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
  --password-file /tmp/pwd.txt \
  --servicename iPlanetAMLoggingService \
  --schematype Global \
  --datafile MySyslogServerSettings.txt
Schema attribute defaults were set.