1. 技术文章
  2. Logging from Ping Federate

Logging from Ping Federate

旧巷老猫 提交于 2019-12-24 19:11:34

问题


We should like to do audit logging from Ping Federate and have set up a rolling file logger like this:

		<RollingFile name="SecurityAudit2Splunk" fileName="${sys:pf.log.dir}/splunk-audit.log"
			filePattern="${sys:pf.log.dir}/splunk-audit.%d{yyyy-MM-dd}.log"
			ignoreExceptions="false">
			<PatternLayout>
				<pattern>%d trackingid=&quot;%X{trackingid}&quot; event=%X{event} subject=&quot;%X{subject}&quot; ip=%X{ip} app=%X{app} connectionid=%X{connectionid} protocol=%X{protocol} pfhost=%X{host} role=%X{role} status=%X{status} adapterid=%X{adapterid} description=&quot;%X{description}&quot; responsetime=%X{responsetime} %n</pattern>
			</PatternLayout>
			<Policies>
				<TimeBasedTriggeringPolicy />
			</Policies>
		</RollingFile>

The logs are not producing the expected -- below examples of what I get. The 'value references' are taken from examples in the log4j2.xml file but it seems that only some of them are populated with values. At the very least, one like 'host' should be known? Any ideas what I could try?

Thanks,Anders

2017-11-09 14:08:43,142 trackingid="" event=CREATE subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime= 
2017-11-09 14:21:00,651 trackingid="" event=LOGOUT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime= 
2017-11-09 14:21:09,116 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime= 
2017-11-09 14:23:03,551 trackingid="" event=LOGOUT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime= 
2017-11-09 14:23:09,725 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime= 
2017-11-09 14:26:46,071 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=

回答1:


I copied your pattern verbatim from your sample into my own installation and it works without issue... Did you restart your instance after implementation? What version of PingFed are you on?

2017-11-10 15:06:10,256 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app=https://server.name.com:9031/SpSample/MainPage/ connectionid=idp:id protocol=SAML20 pfhost=myServerName role=SP status=success adapterid=OTSPJava description="" responsetime=117
2017-11-10 15:06:32,676 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SLO subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid= description="" responsetime=19
2017-11-10 15:06:32,877 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SLO subject="" ip=XXX.XXX.XXX.XXX app= connectionid= protocol=SAML20 pfhost=myServerName role=SP status=success adapterid= description="" responsetime=21
2017-11-10 15:06:45,883 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_REQUEST subject="" ip=XXX.XXX.XXX.XXX app= connectionid= protocol= pfhost=myServerName role=SP status=inprogress adapterid= description="" responsetime=11
2017-11-10 15:06:46,073 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_ATTEMPT subject="" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=inprogress adapterid=ldapHtmlForm description="" responsetime=7
2017-11-10 15:06:53,218 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_ATTEMPT subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid=ldapHtmlForm description="" responsetime=10
2017-11-10 15:06:53,230 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid=ldapHtmlForm description="" responsetime=22
2017-11-10 15:06:53,448 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app=https://server.name.com:9031/SpSample/MainPage/ connectionid=idp:id protocol=SAML20 pfhost=myServerName role=SP status=success adapterid=OTSPJava description="" responsetime=27


来源:https://stackoverflow.com/questions/47203369/logging-from-ping-federate

标签
pingfederate
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!