PingDirectory

Customizing log field behaviors

Use customized log field behaviors on a per-field basis to balance your organization’s needs for logs that are both useful and secure.

About this task

You can use the following properties to configure log field behaviors for either predefined fields in either the WriterBasedAccessLogFields or JSONAccessLogFields or for custom log fields in third party plugins.

Behavior Predefined field configuration property Custom field configuration property

Preserve

preserve-field

preserve-field-name

Omit

omit-field

omit-field-name

Redact entire value

redact-entire-value-field

redact-entire-value-field-name

Redact value components

redact-value-components-field

redact-value-components-field-name

Tokenize entire value

tokenize-entire-value-field

tokenize-entire-value-field-name

Tokenize value components

tokenize-value-components-field

tokenize-value-components-field-name

For more information on log field behaviors, see Log sanitization options.

Steps

  1. To create customized log field behaviors on a per-field basis, run dsconfig create-log-field-behavior.

    Example:

    The following example defines a log field behavior object so that the logger tokenizes the values of log fields that are expected to contain host names or IP addresses:

    dsconfig create-log-field-behavior \
        --behavior-name "Tokenize Hostnames" \
        --type text-access \
        --set tokenize-value-components-field:connect-from-address \
        --set tokenize-value-components-field:connect-to-address \
        --set tokenize-value-components-field:entry-rebalancing-source-server \
        --set tokenize-value-components-field:entry-rebalancing-target-server \
        --set tokenize-value-components-field:externally-processed-bind-end-client-ip-address \
        --set tokenize-value-components-field:requester-ip-address \
        --set tokenize-value-components-field:servers-accessed \
        --set tokenize-value-components-field:target-host

    Example:

    The following example defines a log field behavior object so that the logger tokenizes the entire field value of a third party access log field named myCustomField:

    dsconfig create-log-field-behavior \
        --behavior-name "My Log Field Behavior" \
        --type text-access \
        --set tokenize-entire-value-field-name:myCustomField

    Because the log field behavior does not define a default behavior, it only affects the manner in which specific fields are logged. The default behavior that is configured for the associated log field syntax is used for all other fields.

  2. To associate the log field behavior you created with the loggers in which it should be used, run dsconfig set-log-publisher-prop.

    Example:

    The following example sets the default log field behavior created in the first example, "Tokenize Hostnames" for the file-based access logger:

    dsconfig set-log-publisher-prop \
        --publisher-name "File-Based Access Logger" \
        --set log-field-behavior:"Tokenize Hostnames"
  3. To finalize your changes, restart the server:

    bin/stop-server --restart