Understand the different types of logging that PingAccess offers.
PingAccess logging is handled by a high performance, asynchronous logging framework. For more information, see Logging. PingAccess provides the following additional types of logging:
- Audit logging
- Logs a select subset of transaction log information at runtime plus additional
details meant to facilitate security auditing and regulatory compliance. If you
don't require auditing for interactions with a resource or interactions between
PingFederate, it's most
efficient to disable audit logging. Important:
If you use audit logging, you should take appropriate steps to secure your audit log files. For more information about security measures or audit logging, see Security audit logging.
- HAR file audit logging
- Logs detailed records of specific transactions and sub-transactions between
PingAccess and other
systems, such as the configured OAuth authorization server (AS) or a system
acting on behalf of the end user. Important:
HAR-formatted audit log files are significantly larger than other log files and can include credentials. You should either carefully configure regex filters to exclude credential information or enable these logs only for troubleshooting purposes. Delete the files when they are no longer necessary.
For more information about HAR file audit logging and regex filters, see Log traffic for troubleshooting.
- Garbage collection logging
- Logs details related to each occurrence of Java garbage collection.
PingAccess logs Java garbage collection data by default, but you can configure garbage collection properties or disable this type of logging. For more information, see Garbage collection logging.
- Agent inventory logging
- Logs details about your PingAccess
agents. Adding the optional header
vnd-pi-agentto an agent allows it to communicate information about itself and its deployment environment to PingAccess.
For more information, see Agent inventory logging.
- Cookie logging
- Logs information about the PingAccess cookie, which contains all request identity mappings
and the access token from PingFederate, if PingFederate is the AS.
Cookie logging is an optional feature in the
TRACElog level. It isn't enabled by default. For more information, see Enabling cookie logging.
You can also configure PingAccess to write log files to Splunk or a database. For more information, see Other logging formats.