Access Manager does not have a fixed format for file log entries. However, to facilitate the use of non-interactive stream-oriented editors such as sgrep, sed, awk, and grep and to improve log entry readability, the log entries in the catalina.out files use some standard elements. These entries use the beginning and ending log entry tags and the log entry correlation tags. The data portion of log entries is the most flexible part. A log entry has the following fields:
<amLogEntry> [\n] time-date-stamp [log preamble]: AM#event-code: AMDEVICE#device-id: AMAUTHID#auth-id: AMEVENTID#event-id: [..additional correlating information][\n] [supplementary log entry data and text ... \n] </amLogEntry> [\n]
Most log entries do not use the optional line breaks ([\n]). Notice that the time-date-stamp, the log preamble, the correlation tags, and optional additional correlating information are on the same line so that stream-oriented editors that use only one line (such as grep) can be used to locate log entries that are related. The following entry is an example entry that is logged when a user has initiated a login sequence.
<amLogEntry> 2009-06-08T21:06:25Z INFO NIDS Application: AM#500105014: AMDEVICEID#9921459858EAAC29: AMAUTHID#YfdEmqCT2ZutwybD1eYSpfph8g5a5aMl6MGryq1hIqc= AF: Attempting to authenticate user cn=jwilson,o=novell with provided credentials. </amLogEntry>
Table 23-1 Fields in a Log Entry
|
Field |
Description |
|---|---|
|
Beginning, ending tags |
The <amLogEntry> and </amLogEntry> tags mark the beginning and the end of a log entry. These tags allow stream-oriented editors to extract log entries for processing. |
|
Time-date-stamp tag |
The date and time is specified in the W3C profile format of ISO 8061. It has the following fields: year-month-day-T-hour-minutes-seconds-time zone. The Z value for the time zone indicates that the time is specified in UTC. |
|
Log preamble |
This information is optional, and usually consists of a string indicating the logging level (such as warning, informational, or debug) and a string identifying the type of module making the entry. In the example log entry, the preamble has a log level and a module identifier and contains the following strings: INFO NIDS Application: |
|
Correlation tags |
The correlation tags uniquely identify the event, the device that produced the event, and the user who requested the action. The example log entry contains the following correlation tags: AM#500105014: AMDEVICEID#9921459858EAAC29: AMAUTHID#YfdEmqCT2ZutwybD1eYSpfph8g5a5aMl6MGryq1hIqc=: For more information, see Understanding the Correlation Tags in the Log Files. |
|
Additional correlation information |
This information is optional and contains correlation tags and data unique to a specific type of trace. For example, a policy evaluation trace created by the Embedded Service Provider contains the following additional tags:
The example log entry does not contain any additional correlation information. For a log entry that does, see Identity Injection Traces. |
|
Supplementary information |
This information is optional and contains information that is specific to the log entry. It can be as simple as an informational string, such as the string in the example log entry: Attempting to authenticate user cn=jwilson,o=novell with provided credentials. The supplementary information can have a very specific format. For an example and explanation of the policy trace information, see Understanding Policy Evaluation Traces. |