This procedure modifies the existing <PA_HOME>/conf/log4j2.xml file to log communications with iovation to a new log file. In a clustered environment, you must perform this procedure on every node.

  1. Edit the <PA_HOME>/conf/log4j2.xml file.
  2. Locate the Appenders section and add a section to create the new log file.
    <RollingFile name="Iovation-File"
                         fileName="${sys:pa.home}/log/pingaccess_iovation_audit.log"
                         filePattern="${sys:pa.home}/log/pingaccess_iovation_audit.%d{yyyy-MM-dd}.log"
                         ignoreExceptions="false">
                <PatternLayout>
                    <pattern>%d{ISO8601}| %X{exchangeId}| %X{IOVATION_AUDIT.trackingNumber} | %X{IOVATION_AUDIT.deviceAlias} | %X{IOVATION_AUDIT.accountCode} | %X{IOVATION_AUDIT.result} | %X{IOVATION_AUDIT.reason} | %X{IOVATION_AUDIT.ruleName} | %X{IOVATION_AUDIT.iovationId} | %X{IOVATION_AUDIT.statedIp} %n</pattern>
                </PatternLayout>
                <Policies>
                    <TimeBasedTriggeringPolicy/>
                </Policies>
    </RollingFile>

    This example uses a log file name of <PA_HOME>/log/pingaccess_iovation_audit.log.

    The following variables are used in this example.

    Variable Definition

    %d

    The transaction time.

    exchangeId

    The ID for a specific request/response pair.

    IOVATION_AUDIT.trackingNumber

    An iovation-assigned unique ID for the transaction that can be used to locate the transaction in searches and reports.

    IOVATION_AUDIT.deviceAlias

    The iovation identifier for the requesting device. If no blackbox is present at the time of the iovation authorization request, a value of 0 is used.

    IOVATION_AUDIT.accountCode

    The value of the accountCode attribute for the transaction.

    IOVATION_AUDIT.result

    The iovation risk check result. Valid values are:

    • A – Accept
    • D – Deny
    • R – Review

    IOVATION_AUDIT.reason

    The iovation admin-specified value corresponding to the iovation rule that contributed most to the result.

    IOVATION_AUDIT.ruleName

    The name of the PingAccess rule responsible for this iovation Fraud check.

    IOVATION_AUDIT.iovationId

    A unique ID provided by iovation for the request.

    IOVATION_AUDIT.statedIp

    The IP address of the requesting client. This value is provided as the statedIp of the iovation Fraud API request.

  3. Locate the Loggers section and add an entry to enable logging.
    <Logger name="iovationaudit" level="INFO" additivity="false">
          <AppenderRef ref="Iovation-File"/>
    </Logger>
  4. Restart PingAccess.