Types of Logging - PingAccess

Types of Logging - PingAccess - 7.2

PingAccess

bundle

pingaccess-72

ft:publication_title

PingAccess

Product_Version_ce

PingAccess 7.2

category

Product

pa-72

pingaccess

ContentType_ce

Understand the different types of logging that PingAccess offers.

PingAccess logging is handled by a high performance, asynchronous logging framework. For more information, see Logging. PingAccess provides the following additional types of logging:

Audit logging: Logs a select subset of transaction log information at runtime plus additional details meant to facilitate security auditing and regulatory compliance. If you don't require auditing for interactions with a resource or interactions between PingAccess and PingFederate, it's most efficient to disable audit logging.
Important:
If you use audit logging, you should take appropriate steps to secure your audit log files. For more information about security measures or audit logging, see Security audit logging.
HAR file audit logging: Logs detailed records of specific transactions and sub-transactions between PingAccess and other systems, such as the configured OAuth authorization server (AS) or a system acting on behalf of the end user.
Important:
HAR-formatted audit log files are significantly larger than other log files and can include credentials. You should either carefully configure regex filters to exclude credential information or enable these logs only for troubleshooting purposes. Delete the files when they are no longer necessary.

For more information about HAR file audit logging and regex filters, see Log traffic for troubleshooting.
Garbage collection logging: Logs details related to each occurrence of Java garbage collection.
PingAccess logs Java garbage collection data by default, but you can configure garbage collection properties or disable this type of logging. For more information, see Garbage collection logging.
Agent inventory logging: Logs details about your PingAccess agents. Adding the optional header vnd-pi-agent to an agent allows it to communicate information about itself and its deployment environment to PingAccess.
For more information, see Agent inventory logging.
Cookie logging: Logs information about the PingAccess cookie, which contains all request identity mappings and the access token from PingFederate, if PingFederate is the AS.
Cookie logging is an optional feature in the TRACE log level. It isn't enabled by default. For more information, see Enabling cookie logging.

Note:

You can also configure PingAccess to write log files to Splunk or a database. For more information, see Other logging formats.