Managing Admin Alert Access Logs
Admin Alert Access Logs are a specialized form of filtered log that automatically generates an administrative alert when criteria configured for the log publisher matches those messages in the access log.
About access log criteria
Configuring an Admin Alert Access Log requires you to configure the criteria for the access log messages.
Each criteria can be either a Simple or an Aggregate type. The Simple type uses the set of properties for the client connection, operation request, and the contents of any operation-specific requests or results. The Aggregate type provides criteria that contains Boolean combination of other operation-specific criteria objects.
For more information, see the Ping Identity Directory Server Configuration Reference.
The criteria can be one or more of the following:
- Connection Criteria
-
Defines sets of criteria for grouping and describing client connections based on several properties, including:
-
Protocol
-
Client address
-
Connection security
-
Authentication state
-
- Request Criteria
-
Defines sets of criteria for grouping and describing operation requests based on several properties, including:
-
Properties for the associated client connection
-
The type of operation
-
Targeted entry
-
Request controls
-
Target attributes
-
Other operation-specific terms
-
- Result Criteria
-
Defines sets of criteria for grouping and describing operation results based on several properties, including:
-
The associated client connection and operation request
-
The result code
-
Response controls
-
Privileges missing or used
-
Other operation-specific terms
-
- Search Entry Criteria
-
Defines sets of criteria for grouping and describing search result entries based on several properties, including:
-
The associated client connection and operation request
-
The entry location and contents
-
Included controls
-
- Search Reference Criteria
-
Defines sets of criteria for grouping and describing search result references based on several properties, including:
-
The associated client connection and operation request
-
Reference contents
-
Included controls
-
Configuring an Admin Alert Access Log publisher
Before configuring an Admin Alert Access Log, you must establish an administrative alert handler in your system.
Steps
-
To create a criteria object for the Admin Alert Access Log, use
dsconfig
.If you are using the
dsconfig
tool in interactive mode, the menu items for the criteria operations are located in theStandard objects menu
.Example:
For this example, we want to log only write operations that target user entries. The following command matches any of the specified operations whose target entry matches the filter
(objectClass=person)
.$ bin/dsconfig create-request-criteria --type simple \ --criteria-name “User Updates” \ --set operation-type:add \ --set operation-type:delete \ --set operation-type:modify \ --set operation-type:modify-dn \ --set “any-included-target-entry-filter:(objectClass=person)”
-
To create a log publisher of type
admin-alert-access
, usedsconfig
.Example:
$ bin/dsconfig create-log-publisher \ --publisher-name ”User Updates Admin Alert Access Log” \ --type admin-alert-access \ --set “request-criteria:User Updates” \ --set include-request-details-in-result-messages:true \ --set enabled:true