--- title: Managing Admin Alert Access Logs description: Admin Alert Access Logs are a specialized form of filtered log that automatically generates an administrative alert when criteria configured for the log publisher matches those messages in the access log. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_manage_admin_alert_logs canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_manage_admin_alert_logs.html revdate: September 13, 2023 page_aliases: ["pd_ds_access_log_criteria.adoc", "pd_ds_config_admin_alert_access_log_pub.adoc"] section_ids: about-access-log-criteria: About access log criteria configuring-an-admin-alert-access-log-publisher: Configuring an Admin Alert Access Log publisher steps: Steps example: Example: example-2: Example: --- # Managing Admin Alert Access Logs Admin Alert Access Logs are a specialized form of filtered log that automatically generates an administrative alert when criteria configured for the log publisher matches those messages in the access log. ## About access log criteria Configuring an Admin Alert Access Log requires you to configure the criteria for the access log messages. Each criteria can be either a Simple or an Aggregate type. The Simple type uses the set of properties for the client connection, operation request, and the contents of any operation-specific requests or results. The Aggregate type provides criteria that contains Boolean combination of other operation-specific criteria objects. For more information, see the Ping Identity Directory Server [Configuration Reference](https://docs.ping.directory/PingDirectory/latest/cli/index.html). The criteria can be one or more of the following: * Connection Criteria Defines sets of criteria for grouping and describing client connections based on several properties, including: * Protocol * Client address * Connection security * Authentication state * Request Criteria Defines sets of criteria for grouping and describing operation requests based on several properties, including: * Properties for the associated client connection * The type of operation * Targeted entry * Request controls * Target attributes * Other operation-specific terms * Result Criteria Defines sets of criteria for grouping and describing operation results based on several properties, including: * The associated client connection and operation request * The result code * Response controls * Privileges missing or used * Other operation-specific terms * Search Entry Criteria Defines sets of criteria for grouping and describing search result entries based on several properties, including: * The associated client connection and operation request * The entry location and contents * Included controls * Search Reference Criteria Defines sets of criteria for grouping and describing search result references based on several properties, including: * The associated client connection and operation request * Reference contents * Included controls ## Configuring an Admin Alert Access Log publisher Before configuring an Admin Alert Access Log, you must establish an administrative alert handler in your system. ### Steps 1. To create a criteria object for the Admin Alert Access Log, use `dsconfig`. If you are using the `dsconfig` tool in interactive mode, the menu items for the criteria operations are located in the `Standard objects menu`. #### Example: For this example, we want to log only write operations that target user entries. The following command matches any of the specified operations whose target entry matches the filter `(objectClass=person)`. ```shell $ bin/dsconfig create-request-criteria --type simple \ --criteria-name "User Updates" \ --set operation-type:add \ --set operation-type:delete \ --set operation-type:modify \ --set operation-type:modify-dn \ --set "any-included-target-entry-filter:(objectClass=person)" ``` 2. To create a log publisher of type `admin-alert-access`, use `dsconfig`. #### Example: ```shell $ bin/dsconfig create-log-publisher \ --publisher-name "User Updates Admin Alert Access Log" \ --type admin-alert-access \ --set "request-criteria:User Updates" \ --set include-request-details-in-result-messages:true \ --set enabled:true ```