---
title: ASE management, access and audit logs
description: ASE generates two three of logs:
component: pingintelligence
version: 5.1
page_id: pingintelligence:api_security_enforcer:pingintelligence_ase_acess_management_audit_logs
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_ase_acess_management_audit_logs.html
revdate: April 3, 2024
section_ids:
  access-logs: Access logs
  management-logs: Management logs
  balancer-log-rotation: Balancer log rotation
  audit-logs: Audit logs
  related-links: Related links
---

# ASE management, access and audit logs

ASE generates two three of logs:

* **Access log** contains information about all API traffic

* **Management log** contains information about Controller and Balancer

* **Audit log** contains information about various commands executed in ASE

## Access logs

Access logs are generated for port 80 (default port) and 443 (default port) traffic. Each Balancer process has a corresponding Access log file (that is. two port 80 Balancer processes and two port 443 Balancer processes require four log files). The log file name format is `<protocol>_<port>_pid_<process-ID>_access_<date>.log`. Examples for port 80 and port 443 are:

* `httpws_80_pid_19017access__2018-01-22_13-10.log`

* `https_wss_443_pid_19018access2018-01-22_13-10.log`

Access logs are rotated every 10 minutes and archived. The archived log file format has`.gz` at the end of the log file name (for example `http_ws_80_pid_19017access2018-01-22_13-10.log.gz`).

ASE sends all archived log files to API Behavioral Security (ABS) to detect attacks using Machine Learning algorithms. The files are then moved to the `abs_uploaded` directory in the `logs` directory.

The following snippet shows an example log file:

```
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_0access2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_0access2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_19010access2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_19009access2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_19022access2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_19017access2018-01-22_13-10.log
-rw-r--r--. 1 root root 33223 Aug 10 13:11 balancer.log
-rw-r--r--. 1 root root 20445 Aug 10 13:11 controller.log
-rw-r--r--. 1 root root 33244 Aug 10 13:11 balancer_ssl.log
```

## Management logs

Management log detail levels (for example INFO, WARNING, DEBUG) are configured in `ase.conf`. Generated by controller and balancers, management logs are stored in the logs directory and include:

* Controller logs – `controller.log`

* Balancer log for port 80 (default port) – `balancer.log`

* Balancer log for port 443 – `balancer_ssl.log`

**Controller logs**

`controller.log`is a log file with data from the CLI, REST API, configurations, IPC, SSL, cluster, and ABS. Rotated every 24 hours, `controller.log` is the current file name, older files are appended with a timestamp.

**Balancer logs**

`balancer.log` for port 80 and `balancer_ssl.log` for port 443 are static files which are not rotated. These files contain information about IPC between controllers and balancer processes as well as IPC between balancer processes.

In a sideband ASE deployment, balancer checks for request-response parsing error at every 30-second. Parsing error statistics is logged in `balancer.log` file only if balancer encounters parsing errors. If there are no errors in a 30-second period, the `balancer.log` file does not show the JSON output. Following is a snippet of request-response parsing error statistics:

```json
{
  "sideband stats": {
    "request parsing errors": {
      "total requests failed": 1,
      "request body absent": 0,
      "request body malformed": 0,
      "request source ip absent": 1,
      "request source ip invalid": 0,
      "request method absent": 0,
      "request url absent": 0,
      "request host header absent": 0,
      "request authentication failure": 0,
      "request error unknown": 0
    },
    "response parsing errors": {
      "total responses failed": 1,
      "response body absent": 0,
      "response body malformed": 0,
      "response code absent": 0,
      "response authentication failure": 0,
      "response correlation id not found": 1,
      "response error unknown": 0
    }
  }
}
```

The snippet shows that in-total there was one parsing error for request and one for the response. The statistics also lists the type of request and response error.

## Balancer log rotation

You can rotate the balancer log file by running the `rotate-logs` script available in the `util` directory of ASE. By default, ASE does not rotate the balancer log like controller logs. However, you can add the balancer log rotation script to a cron job. Once the balancer log is rotated, it is saved in `logs/backup` directory. A separate `.gz` file is created for `balancer.log` and `balancer_ssl.log` file. The balancer log rotation script also moves the rotated `controller.log` files to the backup directory.

The `rotate-logs` script takes `[ASE_ROOT_DIR]` as the only argument. `[ASE_ROOT_DIR]`is the absolute path of ASE root directory.

```
./rotate-logs.sh --help
name
    rotate-logs.sh

synopsis
    rotate-logs.sh [<ASE_ROOT_DIR> | help | --help]

description
    Rotates balancer logs and moves rotated controller/balancer logs to the backup directory.

arguments
    <ASE_ROOT_DIR>
        absolute path of ASE root directory

    help, --help
        show this help message

exit status
    0   for ok,
    1   for errors.
```

You can run the balancer log rotation script as a cron jon. For example, the following command would run the cron job at mid-night. You can choose to run it at a different time.

```
0 0 * * * /opt/pingidentity/ase/util/rotate-logs.sh /opt/pingidentity/ase
```

## Audit logs

ASE logs administrator actions (for example CLI commands, configuration changes) and stores audit logs in the `opt/pingidentity/ase/logs` directory. Performed on a per ASE node basis, audit logging is enabled by default.

Use the CLI to enable or disable audit logging using the commands `enable_audit` and `disable_audit.` For example, to enable audit logs, enter the following at the command line:

```
/opt/pingidentity/ase/bin/cli.sh enable_audit -u admin -p password
```

The audit log captures information related to:

* System changes using CLI or REST API calls

* API JSON changes or `ase.conf` file updates

* SSL certificate updates

The logs are rotated every 24 hours with the current log file having no timestamp in its name. For more information, see [Audit log](pingintelligence_audit_log.html). The following is a snippet of audit log files:

```
-rw-r--r-- 1 root root 358 Aug 13 10:00 audit.log.2018-08-13_09-54
-rw-r--r-- 1 root root 301 Aug 13 10:12 audit.log.2018-08-13_10-00
-rw-r--r-- 1 root root 1677 Aug 13 11:16 audit.log.2018-08-13_10-12
-rw-r--r-- 1 root root 942 Aug 14 06:26 audit.log.2018-08-14_06-22
-rw-r--r-- 1 root root 541 Aug 15 08:19 audit.log
```

## Related links

* [Change management log levels](pingintelligence_changing_management_log_levels.html)

* [Purge log files](pingintelligence_purge_log_files.html)

* [Configure syslog](pingintelligence_configuring_syslog_server.html)