ASE generates two three of logs:
- Access log contains information about all API traffic
- Management log contains information about Controller and Balancer
- Audit log contains information about various commands executed in ASE
Access logs
Access logs are generated for port 80 (default port) and 443 (default port) traffic. Each Balancer process has a corresponding Access log file (that is. two port 80 Balancer processes and two port 443 Balancer processes require four log files). The log file name format is <protocol>_<port>_pid_<process-ID>_access_<date>.log. Examples for port 80 and port 443 are:
-
http__ws_80_pid_19017__access__2018-01-22_13-10.log
-
https_wss_443_pid_19018__access__2018-01-22_13-10.log
Access logs are rotated every 10 minutes and archived. The archived log file format has.gz at the end of the log file name (for example http_ws_80_pid_19017__access__2018-01-22_13-10.log.gz).
ASE sends all archived log files to API Behavioral Security (ABS) to detect attacks using Machine Learning algorithms. The files are then moved to the abs_uploaded directory in the logs directory.
The following snippet shows an example log file:
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_0__access__2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_0__access__2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_19010__access__2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_19009__access__2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_19022__access__2018-01-22_13-10.log
-rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_19017__access__2018-01-22_13-10.log
-rw-r--r--. 1 root root 33223 Aug 10 13:11 balancer.log
-rw-r--r--. 1 root root 20445 Aug 10 13:11 controller.log
-rw-r--r--. 1 root root 33244 Aug 10 13:11 balancer_ssl.log
Management logs
Management log detail levels (for example INFO, WARNING, DEBUG) are configured in ase.conf. Generated by controller and balancers, management logs are stored in the logs directory and include:
- Controller logs – controller.log
- Balancer log for port 80 (default port) – balancer.log
- Balancer log for port 443 – balancer_ssl.log
Controller logs
controller.log is a log file with data from the CLI, REST API, configurations, IPC, SSL, cluster, and ABS. Rotated every 24 hours, controller.log is the current file name, older files are appended with a timestamp.
Balancer logs
balancer.log for port 80 and balancer_ssl.log for port 443 are static files which are not rotated. These files contain information about IPC between controllers and balancer processes as well as IPC between balancer processes.
balancer.log
file only if balancer encounters parsing errors. If there are no errors in a 30-second
period, the balancer.log
file does not show the JSON output. Following
is a snippet of request-response parsing error statistics:
{
"sideband stats": {
"request parsing errors": {
"total requests failed": 1,
"request body absent": 0,
"request body malformed": 0,
"request source ip absent": 1,
"request source ip invalid": 0,
"request method absent": 0,
"request url absent": 0,
"request host header absent": 0,
"request authentication failure": 0,
"request error unknown": 0
},
"response parsing errors": {
"total responses failed": 1,
"response body absent": 0,
"response body malformed": 0,
"response code absent": 0,
"response authentication failure": 0,
"response correlation id not found": 1,
"response error unknown": 0
}
}
}
The
snippet shows that in-total there was one parsing error for request and one for the
response. The statistics also lists the type of request and response error.Balancer log rotation
You can rotate the balancer log file by running the rotate-logs
script available in the util directory of ASE. By default, ASE does
not rotate the balancer log like controller logs. However, you can add the balancer log
rotation script to a cron job. Once the balancer log is rotated, it is saved in
logs/backup directory. A separate .gz
file is
created for balancer.log and balancer_ssl.log
file. The balancer log rotation script also moves the rotated
controller.log
files to the backup directory.
The rotate-logs script takes [ASE_ROOT_DIR] as the only argument. [ASE_ROOT_DIR]is the absolute path of ASE root directory.
./rotate-logs.sh --help
name
rotate-logs.sh
synopsis
rotate-logs.sh [<ASE_ROOT_DIR> | help | --help]
description
Rotates balancer logs and moves rotated controller/balancer logs to the backup directory.
arguments
<ASE_ROOT_DIR>
absolute path of ASE root directory
help, --help
show this help message
exit status
0 for ok,
1 for errors.
0 0 * * * /opt/pingidentity/ase/util/rotate-logs.sh /opt/pingidentity/ase
Audit logs
ASE logs administrator actions (for example CLI commands, configuration changes) and stores audit logs in the opt/pingidentity/ase/logs directory. Performed on a per ASE node basis, audit logging is enabled by default.
Use the CLI to enable or disable audit logging using the commands enable_audit and disable_audit. For example, to enable audit logs, enter the following at the command line:
/opt/pingidentity/ase/bin/cli.sh enable_audit -u admin -p password
The audit log captures information related to:
- System changes using CLI or REST API calls
- API JSON changes or ase.conf file updates
- SSL certificate updates
The logs are rotated every 24 hours with the current log file having no timestamp in its name. For more information, see Audit log. The following is a snippet of audit log files:
-rw-r--r-- 1 root root 358 Aug 13 10:00 audit.log.2018-08-13_09-54
-rw-r--r-- 1 root root 301 Aug 13 10:12 audit.log.2018-08-13_10-00
-rw-r--r-- 1 root root 1677 Aug 13 11:16 audit.log.2018-08-13_10-12
-rw-r--r-- 1 root root 942 Aug 14 06:26 audit.log.2018-08-14_06-22
-rw-r--r-- 1 root root 541 Aug 15 08:19 audit.log