To log details about your PingAccess agents, you can add custom configuration to the agents and the PingAccess system.
Agent information other than the agent name is not included in agent responses by default. You can customize agents to include the agent header, providing additional information that can be included in logs.
See the corresponding Configuration page in the PingAccess Agents and Integrations documentation for the appropriate agent version for your product.
You must edit the /conf/log4j2.xml file to log the information
included in the agent header by setting the agent.send.inventory
parameter to true
, and then modify the log4j2.xml
file with | %agent{h} | %agent{t} | %agent{v}
.
<!-- | %agent{h}-->
<!-- | %agent{t}-->
<!-- | %agent{v}-->
<RollingFile name="AgentAuditLog-File"
fileName="${sys:pa.home}/log/pingaccess_agent_audit.log"
filePattern="${sys:pa.home}/log/pingaccess_agent_audit.%d{yyyy-MM-dd}.log"
ignoreExceptions="false">
<PatternLayout>
<!-- Uncomment this if you want to use UTF-8 encoding instead of system's default encoding. -->
<!--
<charset>UTF-8</charset>
-->
<pattern>%d{ISO8601}| %X{exchangeId}| %X{AUDIT.trackingId}| %agent{h}
| %X
{AUDIT.roundTripMS} ms| %X{AUDIT.resource}| %X{AUDIT.client}| %X{AUDIT.method}| %X{AUDIT.requestUri}| %X{AUDIT.responseCode}| %X{AUDIT.applicationName}| %X{AUDIT.resourceName}| %X{AUDIT.pathPrefix} %n</pattern>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
Modified log4j2.xml, where the
<pattern>
in the above example should
include the keys v
, t
, and
h
:<pattern>%d{ISO8601}| %X{exchangeId}| %X{AUDIT.trackingId}| %agent{h} | %X{AUDIT.roundTripMS}
ms| %X
{AUDIT.resource}
| %X
{AUDIT.client}
| %X
{AUDIT.method}
| %X
{AUDIT.requestUri}
| %X
{AUDIT.responseCode}
| %X
{AUDIT.applicationName}
| %X
{AUDIT.resourceName}
| %X
{AUDIT.pathPrefix}
| %agent
{h}
| %agent
{t}
| %agent
{v}
%n</pattern>
Agent Header
The optional vnd-pi-agent
header allows the agent to
communicate information about itself and its deployment environment to PingAccess.
The value of this header is a map of comma-separated key-value pairs.
- v
- The version of the agent making the request.
- t
- The type of agent and/or the type of platform where the agent resides.
- h
- The hostname of the server where the agent resides.
For more information on security audit logging, see Security audit logging.
The syntax for the vnd-pi-agent
value conforms to a dictionary in
this specification, https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html#dictionary, where
member-values are constrained to be an sh-string
item.
These header examples are considered semantically equivalent.
vnd-pi-agent: v="1.0.0", h="apache.example.com", t="Apache 2.4.41"
vnd-pi-agent: v="1.0.0", h="apache.example.com"
vnd-pi-agent: t="Apache 2.4.41"
vnd-pi-agent: v="1.0.0"
vnd-pi-agent: h="apache.example.com"
vnd-pi-agent: t="Apache 2.4.41"
For more information about agent headers, see PAAP agent request.