Audit logs
ASE logs administrator actions, such as CLI commands and configuration changes, and stores audit logs in the opt/pingidentity/ase/logs directory. Performed on a per ASE node basis, audit logging is enabled by default.
Use the CLI to enable or disable audit logging using the commands enable_audit and disable_audit.
For example, to enable audit logs, enter the following at the command line:
/opt/pingidentity/ase/bin/cli.sh enable_audit -u admin -p <password>
The audit log captures information related to:
-
System changes using CLI or REST API calls
-
API JSON changes or
ase.conffile updates -
SSL certificate updates
The logs are rotated every 24 hours with the current log file having no timestamp in its name. For more information, see Audit log.
The following is a snippet of audit log files:
-rw-r--r-- 1 root root 358 Aug 13 10:00 audit.log.2018-08-13_09-54 -rw-r--r-- 1 root root 301 Aug 13 10:12 audit.log.2018-08-13_10-00 -rw-r--r-- 1 root root 1677 Aug 13 11:16 audit.log.2018-08-13_10-12 -rw-r--r-- 1 root root 942 Aug 14 06:26 audit.log.2018-08-14_06-22 -rw-r--r-- 1 root root 541 Aug 15 08:19 audit.log