The configuration audit log records the configuration commands that represent configuration changes, as well as the configuration commands that undo the changes.
All successful configuration changes are recorded to the file
logs/config-audit.log
.
$ tail -n 8 PingAuthorize/logs/config-audit.log
# [23/Feb/2019:23:16:24.667 -0600] conn=4 op=12 dn='cn=Directory Manager,cn=Root DNs,cn=config' authtype=[Simple] from=127.0.0.1 to=127.0.0.1
# Undo command: dsconfig delete-external-server --server-name "PingAuthorize PAP"
dsconfig create-external-server --server-name "PingAuthorize PAP" --type policy --set base-url:http://localhost:4200 --set "branch:Default Policies"
# [23/Feb/2019:23:16:24.946 -0600] conn=5 op=22 dn='cn=Directory Manager,cn=Root DNs,cn=config' authtype=[Simple] from=127.0.0.1 to=127.0.0.1
# This change was made to mirrored configuration data, which is automatically kept in sync across all servers.
# Undo command: dsconfig set-policy-decision-service-prop --set "policy-server:PingAuthorize (Gateway Policy Example)"
dsconfig set-policy-decision-service-prop --set "policy-server:PingAuthorize PAP"