You can include these metadata, client, and app elements in PingAccess traffic logs.
Element hierarchy
Each section described here has child elements. If there is a disagreement in settings, the most specific setting is used.
For example, if the metadata element is set to false but the exchange ID is set to true, only the exchange ID is logged. If the metadata element is set to true but the exchange ID is set to false, all metadata elements except the exchange ID are logged.
Limitations
The traffic logs have the following limitations:
- If a request or response body is chunked, only the first chunk is logged by traffic logging.
- Request and response bodies are not decoded.
Metadata elements
You can include metadata elements in the API, engine, and audit traffic logs. These elements provide general information about the logged event.
Metadata element descriptionsThe following example shows the metadata section with all elements set to true.
<!-- AUDIT.metadata is the section setting for the following fields: -->
<!-- AUDIT.exchangeId to AUDIT.trackingId -->
<KeyValuePair key=”AUDIT.metadata” value=”true”/>
<KeyValuePair key=”AUDIT.exchangeId” value=”true”/>
<KeyValuePair key=”AUDIT.applicationId” value=”true”/>
<KeyValuePair key=”AUDIT.applicationName” value=“true”/>
<KeyValuePair key=”AUDIT.resourceId” value=”true”/>
<KeyValuePair key=”AUDIT.resourceName” value=”true”/>
<KeyValuePair key=”AUDIT.pathPrefix” value=”true”/>
<KeyValuePair key=”AUDIT.pathPrefixType” value=”true”/>
<KeyValuePair key=”AUDIT.authMech” value=”true”/>
<KeyValuePair key=”AUDIT.client” value=”true”/>
<KeyValuePair key=”AUDIT.failedRuleName” value=”true”/>
<KeyValuePair key=”AUDIT.failedRuleType” value=”true”/>
<KeyValuePair key=”AUDIT.failedRuleClass” value=”true”/>
<KeyValuePair key=”AUDIT.failedRuleSetName” value=”true”/>
<KeyValuePair key=”AUDIT.host” value=”true”/>
<KeyValuePair key=”AUDIT.targetHost” value=”true”/>
<KeyValuePair key=”AUDIT.resource” value=”true”/>
<KeyValuePair key=”AUDIT.subject” value=”true”/>
<KeyValuePair key=”AUDIT.trackingId” value=”true”/>
HTTP client elements
Client elements provide information about requests made to PingAccess by clients and the response sent back to the client. For example, a user making a call to the PingAccess administrative API is considered client traffic.
You can include client elements in the API, engine, and audit traffic logs.
The following example shows the client section with all elements set to true.
<!-- AUDIT.http-client is the section setting for the following fields: -->
<!-- AUDIT.http-client-started-date-time to AUDIT.http-client-response-body-size -->
<KeyValuePair key=”AUDIT.http-client” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-started-date-time” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-time” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-method” value=”true”/>
<!-- Note: “AUDIT.http-client-request-target” is the target part of the url -->
<KeyValuePair key=”AUDIT.http-client-request-target” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-http-version” value=”true”/>
<!-- Sets the default value for all client request cookies. -->
<!-- This overrides AUDIT.http-client and is overridden by individual cookie values. -->
<KeyValuePair key=”AUDIT.http-client-request-cookies” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-cookie-{cookie}” value=”true”/>
<!-- Sets the default value for all client request headers. -->
<!-- This overrides AUDIT.http-client and is overridden by individual header values. -->
<KeyValuePair key=”AUDIT.http-client-request-headers” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-header-{header}” value=”true”/>
<!-- Sets the default value for all client request query strings. -->
<!-- This overrides AUDIT.http-client and is overridden by individual query strings. -->
<KeyValuePair key=”AUDIT.http-client-request-query-strings” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-query-string-{query}” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-post-data-mime-type” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-post-data-text” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-headers-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-request-body-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-status-code” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-status-text” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-http-version” value=”true”/>
<!-- Sets the default value for all client response cookies. -->
<!-- This overrides AUDIT.http-client and is overridden by individual cookie values. -->
<KeyValuePair key=”AUDIT.http-client-response-cookies” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-cookie-{cookie}” value=”true”/>
<!-- Sets the default value for all client response headers. -->
<!-- This overrides AUDIT.http-client and is overridden by individual header values. -->
<KeyValuePair key=”AUDIT.http-client-response-headers” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-header-{header}” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-content-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-content-mime-type” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-content-text” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-redirect-url” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-headers-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-client-response-body-size” value=”true”/>
HTTP app elements
App elements provide information about requests made by PingAccess to other tools or services such as PingFederate, and the response sent back to PingAccess. For example, PingAccess making a call to a protected resource is considered app traffic.
You can include app elements in the engine and audit traffic logs.
The following example shows the app section with all elements set to true.
<!-- AUDIT.http-app is the section setting for the following fields: -->
<!-- AUDIT.http-app-started-date-time to AUDIT.http-app-response-body-size -->
<KeyValuePair key=”AUDIT.http-app” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-started-date-time” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-time” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-method” value=”true”/>
<!-- Note: “AUDIT.http-app-request-target” is the target part of the url -->
<KeyValuePair key=”AUDIT.http-app-request-target” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-http-version” value=”true”/>
<!-- Sets the default value for all app request cookies. -->
<!-- This overrides AUDIT.http-app and is overridden by individual cookie values. -->
<KeyValuePair key=”AUDIT.http-app-request-cookies” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-cookie-{cookie}” value=”true”/>
<!-- Sets the default value for all app request headers. -->
<!-- This overrides AUDIT.http-app and is overridden by individual header values. -->
<KeyValuePair key=”AUDIT.http-app-request-headers” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-header-{header}” value=”true”/>
<!-- Sets the default value for all app request query strings. -->
<!-- This overrides AUDIT.http-app and is overridden by individual query strings. -->
<KeyValuePair key=”AUDIT.http-app-request-query-strings” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-query-string-{query}” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-post-data-mime-type” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-post-data-text” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-headers-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-request-body-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-status-code” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-status-text” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-http-version” value=”true”/>
<!-- Sets the default value for all app response cookies. -->
<!-- This overrides AUDIT.http-app and is overridden by individual cookie values. -->
<KeyValuePair key=”AUDIT.http-app-response-cookies” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-cookie-{cookie}” value=”true”/>
<!-- Sets the default value for all app response headers. -->
<!-- This overrides AUDIT.http-app and is overridden by individual header values. -->
<KeyValuePair key=”AUDIT.http-app-response-headers” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-header-{header}” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-content-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-content-mime-type” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-content-text” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-redirect-uri” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-headers-size” value=”true”/>
<KeyValuePair key=”AUDIT.http-app-response-body-size” value=”true”/>