从Ping Federate进行日志记录 [英] Logging from Ping Federate
本文介绍了从Ping Federate进行日志记录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我们想从Ping Federate进行审核日志记录,并建立了一个滚动文件记录器,如下所示:
We should like to do audit logging from Ping Federate and have set up a rolling file logger like this:
<RollingFile name="SecurityAudit2Splunk" fileName="${sys:pf.log.dir}/splunk-audit.log"
filePattern="${sys:pf.log.dir}/splunk-audit.%d{yyyy-MM-dd}.log"
ignoreExceptions="false">
<PatternLayout>
<pattern>%d trackingid="%X{trackingid}" event=%X{event} subject="%X{subject}" ip=%X{ip} app=%X{app} connectionid=%X{connectionid} protocol=%X{protocol} pfhost=%X{host} role=%X{role} status=%X{status} adapterid=%X{adapterid} description="%X{description}" responsetime=%X{responsetime} %n</pattern>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
日志未达到预期的效果-以下是我所得到的示例. 值引用"取自log4j2.xml文件中的示例,但似乎只有其中一些填充了值.至少,应该知道像主持人"这样的人吗?有什么想法可以尝试吗?
The logs are not producing the expected -- below examples of what I get. The 'value references' are taken from examples in the log4j2.xml file but it seems that only some of them are populated with values. At the very least, one like 'host' should be known? Any ideas what I could try?
谢谢安德斯
2017-11-09 14:08:43,142 trackingid="" event=CREATE subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:21:00,651 trackingid="" event=LOGOUT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:21:09,116 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:23:03,551 trackingid="" event=LOGOUT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:23:09,725 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:26:46,071 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
推荐答案
我从样例中逐字复制了您的模式到我自己的安装中,并且没有任何问题...实现后是否重新启动了实例?您正在使用哪个版本的PingFed?
I copied your pattern verbatim from your sample into my own installation and it works without issue... Did you restart your instance after implementation? What version of PingFed are you on?
2017-11-10 15:06:10,256 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app=https://server.name.com:9031/SpSample/MainPage/ connectionid=idp:id protocol=SAML20 pfhost=myServerName role=SP status=success adapterid=OTSPJava description="" responsetime=117
2017-11-10 15:06:32,676 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SLO subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid= description="" responsetime=19
2017-11-10 15:06:32,877 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SLO subject="" ip=XXX.XXX.XXX.XXX app= connectionid= protocol=SAML20 pfhost=myServerName role=SP status=success adapterid= description="" responsetime=21
2017-11-10 15:06:45,883 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_REQUEST subject="" ip=XXX.XXX.XXX.XXX app= connectionid= protocol= pfhost=myServerName role=SP status=inprogress adapterid= description="" responsetime=11
2017-11-10 15:06:46,073 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_ATTEMPT subject="" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=inprogress adapterid=ldapHtmlForm description="" responsetime=7
2017-11-10 15:06:53,218 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_ATTEMPT subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid=ldapHtmlForm description="" responsetime=10
2017-11-10 15:06:53,230 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid=ldapHtmlForm description="" responsetime=22
2017-11-10 15:06:53,448 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app=https://server.name.com:9031/SpSample/MainPage/ connectionid=idp:id protocol=SAML20 pfhost=myServerName role=SP status=success adapterid=OTSPJava description="" responsetime=27
这篇关于从Ping Federate进行日志记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
