PingFederate records actions performed by server administrators. This information is recorded in the <pf_install>/pingfederate/log/admin.log file. While the events themselves are not configurable, Log4j 2 configuration settings (in the <pf_install>/pingfederate/server/default/conf/log4j2.xml file) may be adjusted to deliver the desired level of detail surrounding each event.

Events logged by PingFederate includes (but not limited to):

  • Login attempt
  • Explicit user logout (no time-outs)
  • Account activation or deactivation
  • Password change or reset
  • Role change
  • System settings management
  • Certificate management
  • OAuth settings management
  • Metadata export
  • XML file signatures applied
  • Configuration archive export and import
  • IdP/SP adapter, IdP token processor, or SP token generator created, modified, or deleted
  • IdP/SP default URLs modified
  • IdP/SP connection created, modified, or deleted
  • Adapter-to-Adapter mapping or token exchange mapping created, modified, or deleted
  • Authentication policy contract created, modified, or deleted
  • IdP Discovery management
  • SP Affiliation created, modified, or deleted
  • PingOne® for Enterprise account connected, modified, or disconnected

Each entry in the admin.log file is on a separate line and represents a single administrator action. The general format of each entry is the same, though specific events are recorded with information relevant to each type. Events are recorded when the corresponding Save button in the administrative console is clicked. Each log entry contains information relating to the event, including:

  • The time the event occurred on the PingFederate server.
  • The username of the administrator performing the action.
  • The role(s) assigned to the administrator at the time the event occurred.
  • The type of event that occurred.
  • Basic information about the event.

Each of the above fields is separated by a vertical pipe (|) for easier parsing.

Detailed event logging

PingFederate can also be configured to log additional event information to a separate log file. When detailed event logging is enabled, besides writing basic information to <pf_install>/pingfederate/log/admin.log, PingFederate logs detailed information about each event to admin-event-detail.log (in the same log directory). Events between admin.log and admin-event-detail.log are linked by a unique event ID. Each entry in admin-event-detail.log file contains:

  • The ID of the event.
  • The name of the file involved.
  • The type of event that occurred.
  • The line number where the change occurred.
  • The changes made.
Note:

Not all events have detailed information; for example, login attempts are only logged to admin.log.

To enable detail event logging, set the pf.log.eventdetail property to true in the <pf_install>/pingfederate/bin/run.properties file.