Logging and Auditing - PingAccess - 7.0

PingAccess

  • PingAccess
  • Release Notes
  • PingAccess Release Notes
  • Release Notes
  • PingAccess 7.0.6 - September 2022
  • PingAccess 7.0.5 - August 2022
  • PingAccess 7.0.4 - May 2022
  • PingAccess 7.0.3 - January 2022
  • PingAccess 7.0.2 - December 2021
  • PingAccess 7.0.1 - December 2021
  • PingAccess 7.0 - December 2021
  • Known issues and limitations
  • Previous Releases
  • Deprecated Features
  • PingAccess Use Cases
  • Protecting a web application with PingAccess in a gateway deployment
  • Configuring a virtual host
  • Configuring a site
  • Configuring a web session
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Protecting an API with PingAccess in a gateway deployment
  • Configuring a virtual host
  • Configuring a site
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Configuring a resource
  • Protecting a web application with PingAccess in an agent deployment
  • Configuring a virtual host
  • Configuring a web session
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Protecting an API with PingAccess in an agent deployment
  • Configuring a virtual host
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Configuring a resource
  • Protecting an API with PingAccess in a sideband deployment
  • Configuring a virtual host
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Configuring a resource
  • Introduction to PingAccess
  • PingAccess for Azure AD
  • What can I do with PingAccess?
  • How does PingAccess work?
  • WAM session initiation
  • Token mediation
  • What can I configure with PingAccess?
  • How do I choose a deployment model?
  • Gateway model
  • Agent model
  • Sideband model
  • Installing and Uninstalling PingAccess
  • Installation requirements
  • System requirements
  • Hardware requirements
  • Port requirements
  • Installing PingAccess on Linux
  • Installing PingAccess on Windows using the installer
  • Installing PingAccess on Windows from the command line
  • Starting PingAccess
  • Accessing the administrative console for the first time
  • Accessing the PingAccess administrative API
  • Accessing the interactive administrative API documentation
  • Changing configuration database passwords
  • Stopping PingAccess
  • Running PingAccess as a service
  • Configuring PingAccess to run as a Linux systemv service
  • Configuring PingAccess to run as a Linux systemd service
  • Configuring multiple instances of PingAccess as Linux services
  • Removing the PingAccess Linux service
  • Configuring PingAccess to run as a Windows service
  • Configuring PingAccess to run as a Windows service from the command line
  • Removing the PingAccess Windows service
  • Uninstalling PingAccess
  • Backing up and restoring PingAccess
  • Backing up and restoring PingAccess using a .zip archive
  • Backing up PingAccess using a .zip archive
  • Restoring PingAccess using a .zip archive
  • Backing up and restoring PingAccess using a JSON file
  • Backing up PingAccess using a JSON file
  • Restoring PingAccess using a JSON file
  • Upgrading PingAccess
  • Upgrade Guide
  • Upgrade considerations
  • Upgrading your environment
  • Upgrading a PingAccess standalone version using the upgrade utility
  • PingAccess standalone upgrade parameters
  • Upgrading a PingAccess cluster using the upgrade utility
  • PingAccess cluster upgrade parameters
  • Upgrading PingAccess using the Windows installer
  • Upgrading a PingAccess standalone version using the incremental update package
  • Upgrading a PingAccess cluster using the incremental update package
  • Performing post-upgrade tasks
  • Restoring a PingAccess configuration backup
  • Upgrade Troubleshooting
  • Upgrade utility configuration file reference
  • Zero Downtime Upgrade
  • PingAccess zero downtime upgrade
  • Disabling key rolling
  • Disabling key rolling in PingAccess 6.0 or later
  • Disabling key rolling in PingAccess 5.2 or 5.3
  • Disabling key rolling in PingAccess 5.0 or 5.1
  • Disabling key rolling in PingAccess 4.3 or earlier
  • Upgrading the administrative node
  • Upgrading the replica administrative node
  • Upgrading engines
  • Removing the engine from the load balancer configuration
  • Upgrading the engine
  • Resuming configuration replication
  • Adding the engine to the load balancer configuration
  • Enabling key rolling
  • Recovering from a failed upgrade
  • Configuring and Customizing PingAccess
  • Session management configuration
  • Server-side session management configuration
  • Configuring PingFederate for session management
  • Configuring PingFederate for user-initiated single logout
  • Configuring PingAccess for server-side session management
  • Logging configuration
  • Security audit logging
  • Logging
  • Configuring log levels
  • Configuring class or package log levels
  • Enabling cookie logging
  • Garbage collection logging
  • Agent inventory logging
  • Appending log messages to syslog and the console
  • Log traffic for troubleshooting
  • Enabling API audit traffic logging
  • Enabling engine traffic logging
  • Enabling agent traffic logging
  • Enabling sideband traffic logging
  • Enabling sideband client traffic logging
  • Traffic logging reference
  • Other logging formats
  • Writing logs to databases
  • Writing audit logs for Splunk
  • Customize and Localize PingAccess
  • User-facing page customization reference
  • User-facing page localization reference
  • Federal Information Processing Standards (FIPS) Mode
  • Viewing FIPS Mode Status in the User Interface
  • Viewing FIPS Mode Status in Audit Logs
  • Feature changes in FIPS Mode
  • Enabling FIPS Mode
  • Disabling FIPS Mode
  • Configuring PingAccess to use Amazon Key Management Services
  • Reference Guides
  • PingAccess API endpoints
  • Heartbeat endpoint
  • OpenID Connect endpoints
  • Authentication Token Management endpoint
  • OAuth endpoint
  • Administrative API endpoints
  • Clustering
  • Configuring a PingAccess cluster
  • Configuring administrative nodes
  • Configuring replica administrative nodes
  • Manually promoting the replica administrative node
  • Reinstating a replica administrative node after failing over
  • Configuring an engine node
  • Editing engine nodes
  • Revoking access from an engine node
  • Removing engine nodes
  • Configuration file reference
  • PingAccess deployment guide
  • Use cases and deployment architecture
  • Deploy for gateway web access management
  • Deploy for agent web access management
  • Deploy for gateway API access management
  • Deploy for sideband API access management
  • Deploy for auditing and proxying
  • Configuration by use case
  • Web Access Management Gateway deployment table
  • Web Access Management Agent deployment table
  • API Access Management Gateway deployment table
  • Auditing and proxying Gateway deployment table
  • Web Access Management
  • Choose between an agent or gateway deployment
  • Web Access Management Gateway proof of concept deployment architecture
  • Web Access Management Gateway production deployment architecture
  • Web Access Management Agent proof of concept deployment architecture
  • Web Access Management Agent production deployment architecture
  • API access management proof of concept deployment architecture
  • API access management production deployment architecture
  • Auditing and proxying proof of concept deployment architecture
  • Auditing and proxying production deployment architecture
  • Groovy in PingAccess
  • Groovy Scripts
  • Body object reference
  • Exchange object reference
  • Headers object reference
  • Identity object reference
  • JsonNode object reference
  • Logger object reference
  • MediaType object reference
  • Method object reference
  • OAuth Token object reference
  • PolicyContext object reference
  • Request object reference
  • Response object reference
  • SslData object reference
  • Groovy script examples
  • Matcher usage reference
  • Performance tuning
  • Java tuning
  • Configuring JVM crash log in Java startup
  • Configuring memory dumps in Java startup
  • Modifying the Java heap size
  • Operating system tuning
  • Linux tuning
  • Tuning network and TCP settings
  • Increasing file descriptor limits (systemv)
  • Increasing file descriptor limits (systemd)
  • Windows tuning
  • Increasing the number of available ephemeral ports
  • Reducing the socket TIME_WAIT delay
  • Garbage collector configuration reference
  • Configuring acceptor threads
  • Configuring worker threads
  • Backend server connections
  • Logging and Auditing
  • Logging
  • Auditing
  • Agent tuning reference
  • PingAccess User Interface Reference Guide
  • Applications header
  • Applications
  • Applications operations
  • Adding an application
  • Application field descriptions
  • Editing an application
  • Deleting an application
  • Authentication challenge responses
  • Application resources
  • Configuring resource ordering in PingAccess
  • Adding application resources
  • Path patterns reference
  • Applying rules to applications and resources
  • Global unprotected resources
  • Adding global unprotected resources
  • Editing global unprotected resources
  • Deleting global unprotected resources
  • Redirects
  • Adding a redirect
  • Editing a redirect
  • Deleting a redirect
  • Virtual hosts
  • Creating new virtual hosts
  • Configuring virtual host trusted certificate groups
  • Editing virtual hosts
  • Deleting virtual hosts
  • Sites
  • Sites operations
  • Adding sites
  • Editing sites
  • Deleting sites
  • Site field descriptions
  • Site authenticators
  • Adding site authenticators
  • Editing site authenticators
  • Deleting site authenticators
  • Basic authentication site authenticators
  • Mutual TLS site authenticators
  • Token mediator site authenticators
  • Third-party services
  • Adding third-party services
  • Editing third-party services
  • Deleting third-party services
  • Third-party service field descriptions
  • Agents
  • Assigning agent listener key pairs
  • Adding agents
  • Editing agents
  • Deleting agents
  • Agent field descriptions
  • Sideband Clients
  • Adding sideband clients
  • Editing sideband clients
  • Deleting sideband clients
  • Access header
  • Rules
  • Rule Management
  • Creating access control rules
  • Adding an authentication requirements rule
  • Adding Groovy script rules
  • Adding HTTP request header rules
  • Adding HTTP request parameter rules
  • Adding network range rules
  • Adding OAuth attribute rules
  • Adding OAuth client rules
  • Adding OAuth Groovy script rules
  • Adding OAuth scope rules
  • Adding one-time authorization rules
  • Adding PingAuthorize access control rules
  • Adding rate limiting rules
  • Adding redirect rules
  • Adding rejection rules
  • Adding time range rules
  • Adding web session attribute rules
  • Adding web session scope rules
  • Configuring access token attributes for superuser scope in PingFederate
  • Adding WebSocket handshake rules
  • Creating processing rules
  • Adding a cross-origin request rule
  • Adding OAuth token cache time to live rules
  • Adding PingAuthorize response filtering rules
  • Rewrite rules overview
  • Adding rewrite content rules
  • Rewrite content rule examples
  • Adding rewrite cookie domain rules
  • Adding rewrite cookie path rules
  • Adding rewrite response header rules
  • Adding rewrite URL rules
  • Rewrite URL rule configuration examples
  • Editing rules
  • Deleting rules
  • Rule sets
  • Adding rule sets
  • Editing rule sets
  • Deleting rule sets
  • Rule set groups
  • Adding rule set groups
  • Editing rule set groups
  • Deleting rule set groups
  • Rejection handlers
  • Creating rejection handlers
  • Editing rejection handlers
  • Deleting rejection handlers
  • Authentication
  • Configuring authentication challenge policies
  • Editing authentication challenge policies
  • Deleting authentication challenge policies
  • Configuring authentication requirements lists
  • Editing authentication requirements lists
  • Deleting authentication requirements lists
  • Identity mappings
  • Creating header identity mappings
  • Creating JWT identity mappings
  • Creating web session access token identity mappings
  • Editing identity mappings
  • Deleting identity mappings
  • Configuring auth token management
  • Web sessions
  • Configuring web session management settings
  • Creating web sessions
  • OpenID Connect login types
  • Editing web sessions
  • Deleting web sessions
  • Token validation
  • Adding access token validators
  • Editing access token validators
  • Deleting access token validators
  • Configuring OAuth key management settings
  • Unknown resources
  • Configuring unknown resource management
  • Configuring agent defaults
  • Security header
  • Certificates
  • Importing certificates
  • Deleting certificates
  • Creating trusted certificate groups
  • Adding certificates to trusted certificate groups
  • Editing trusted certificate groups
  • Removing certificates from trusted certificate groups
  • Deleting trusted certificate groups
  • Key pairs
  • Importing existing key pairs
  • PEM-encoded format
  • Generating new key pairs
  • Managing certificates for key pairs with ACME
  • Downloading certificates
  • Generating certificate signing requests
  • Importing certificate signing request responses
  • Assigning key pairs to virtual hosts
  • Assigning key pairs to HTTPS listeners
  • HTTPS listeners
  • Adding certificates to key pairs
  • Removing certificates from key pairs
  • Deleting key pairs
  • Hardware security module providers
  • Adding an AWS CloudHSM provider
  • Adding a Safenet Luna provider
  • Editing an HSM provider
  • Deleting an HSM provider
  • Settings header
  • Clustering
  • Engines
  • Configuring engine nodes
  • Editing engine nodes
  • Removing engine nodes
  • Administrative nodes
  • Configuring administrative nodes
  • Configuring replica administrative nodes
  • HTTP requests
  • Configuring alternative IP source headers
  • Configuring alternative host source headers
  • Configuring alternative protocol source headers
  • Networking
  • Availability profiles
  • Creating availability profiles
  • Editing availability profiles
  • Deleting availability profiles
  • Engine listeners
  • Defining engine listeners
  • Editing engine listeners
  • Deleting engine listeners
  • Load balancing strategies
  • Configuring load balancing strategies
  • Editing load balancing strategies
  • Deleting load balancing strategies
  • Proxies
  • Adding proxies
  • Editing proxies
  • Deleting proxies
  • Admin authentication
  • Configuring basic authentication
  • Changing the password for basic authentication
  • Configuring API authentication
  • Configuring admin UI SSO authentication
  • Preparing to configure admin UI SSO authentication
  • Configuring admin UI SSO authentication
  • Configuring session properties
  • Configuring an admin token provider
  • System
  • Configuration export/import
  • Exporting PingAccess configurations
  • Importing PingAccess configurations
  • License
  • Uploading PingAccess licenses
  • Token provider
  • PingFederate
  • PingFederate runtime
  • Configuring a standard PingFederate runtime
  • Configure a standard PingFederate runtime (original workflow)
  • Configuring a proxied PingFederate runtime
  • Configuring PingFederate administration
  • Configuring OAuth resource servers
  • PingFederate for PingAccess SSO configuration
  • PingOne
  • Configuring PingOne
  • Common token provider
  • Configuring OpenID Connect
  • Creating Azure AD Graph API applications
  • Configuring token provider-specific options
  • Configuring OAuth authorization servers
  • Environment
  • Changing the Environment Name
  • Agents and Integrations
  • PingAccess Agent for Apache (RHEL)
  • System requirements
  • Installing on RHEL 7
  • Manually Installing on RHEL 7
  • Installing on RHEL 8
  • Manually Installing on RHEL 8
  • Manually installing on an IBM HTTP Server
  • Uninstalling the RHEL agent
  • Configuration
  • Log configuration
  • Rotating a CA
  • Troubleshooting
  • Release Notes
  • PingAccess Agent for Apache (SLES)
  • System requirements
  • Installing on SLES
  • Uninstalling on SLES
  • Configuration
  • Log Configuration
  • Rotating a CA
  • Troubleshooting
  • Release Notes
  • PingAccess Agent for Apache (Windows)
  • System requirements
  • Installing on Windows
  • Uninstalling on Windows
  • Configuration
  • Log configuration
  • Rotating a CA
  • Release notes
  • PingAccess Agent for IIS
  • System Requirements
  • Installing on IIS
  • Manually Installing on IIS
  • Uninstalling on IIS
  • Configuration
  • Log Configuration
  • Rotating a CA
  • Troubleshooting
  • Validating the IIS Configuration
  • Manually removing agents on IIS
  • Release Notes
  • PingAccess Agent for NGINX
  • System Requirements
  • Installing on NGINX
  • Uninstalling on NGINX
  • Configuration
  • Rotating a CA
  • Release Notes
  • PingAccess Agent Protocol
  • PingAccess agent protocol flow
  • PAAP client request
  • PAAP agent request
  • PAAP agent response
  • PAAP modified client request
  • PAAP client response
  • PingAccess Agent SDK for C
  • Introduction
  • Getting Started with the PingAccess Agent SDK for C
  • Agent SDK for C directory structure
  • Agent SDK for C sample code
  • Release notes
  • PingAccess Agent SDK for Java
  • Introduction
  • Agent SDK directory structure
  • Agent SDK prerequisites
  • Installing the servlet filter sample
  • Release Notes
  • PingAccess Add-on SDK for Java
  • Get started with the SDK
  • SDK directory structure
  • SDK prerequisites
  • Installing the SDK samples
  • Create your own plugins
  • Integrate with third-party services
  • Implementation guidelines
  • PingAccess Add-On SDK for Java Migration Guide
  • com.pingidentity.pa.sdk.http
  • com.pingidentity.pa.sdk.identity
  • com.pingidentity.pa.sdk.identitymapping.header
  • com.pingidentity.pa.sdk.policy
  • com.pingidentity.pa.sdk.services
  • com.pingidentity.pa.sdk.siteauthenticator
  • com.pingidentity.pa.sdk.ui
  • com.pingidentity.pa.sdk.user
  • com.pingidentity.pa.sdk.util
  • iovation FraudForce Integration
  • Installing the iovation FraudForce integration
  • Creating iovation FraudForce device profiling rules
  • Creating Iovation FraudForce authorization rules
  • Logging iovation events
  • Improving iovation accessibility using a reverse proxy
  • Token Providers
  • Configure PingFederate as the token provider for PingAccess
  • Configure PingFederate for PingAccess connectivity
  • Enabling PingFederate roles and protocols
  • Creating a password credential validator
  • Configuring an IdP adapter
  • Defining the default scope
  • Creating an access token manager
  • Configuring an IdP adapter mapping
  • Configuring an access token mapping
  • Creating an OpenID Connect policy
  • Creating a resource server client
  • Creating a web session client
  • Creating and exporting a certificate
  • Connect PingAccess to PingFederate
  • Importing certificates and creating a trusted certificate group
  • Configuring the token provider
  • Use the PingAccess QuickStart utility
  • Installing and configuring QuickStart components
  • Connecting the QuickStart utility to PingAccess and PingFederate
  • Using sample applications
  • Sample app reference
  • Viewing apps without access control
  • Restoring PingFederate or PingAccess
  • Protect applications using PingAccess and PingOne for Customers
  • Configuring PingAccess to use PingOne for Customers as the token provider
  • Configuring a PingAccess application
  • PingAccess for Azure AD
  • Get started with PingAccess for Azure AD
  • Configuring PingAccess to use Azure AD as the token provider
  • Configuring PingAccess applications for Azure
  • Configuring applications for dual access with PingAccess for Azure AD
  • PingAccess Monitoring Guide
  • Liveliness and responsiveness
  • Resource metrics
  • Connecting with JMX
  • Connecting to a local process
  • Connecting to a remote process
  • Monitoring
  • Logging, reporting, and troubleshooting
  • Creating an error-only server log
  • Splunk audit log
  • Troubleshooting
  • Administrative SSO lockout
  • Editing run.properties to disable SSO
  • Using the admin API to disable SSO
  • Using the admin API and a new token to disable SSO
  • Collecting support data
  • Minimizing the PingAccess cookie size
Page created: 26 Jul 2021 |
Page updated: 14 Jan 2022
| 1 min read

7.0 PingAccess Product IT Administrator Administrator Audience Product documentation Content Type Performance Tuning User task

PingAccess uses a high performance, asynchronous logging framework to provide logging and auditing services with the lowest possible impact to overall application performance.

For more information, see the following topics:
  • Logging
  • Auditing
Back to home page