我们希望从Ping Federate进行审核日志记录,并设置了这样的滚动文件记录器:
<RollingFile name="SecurityAudit2Splunk" fileName="${sys:pf.log.dir}/splunk-audit.log"
filePattern="${sys:pf.log.dir}/splunk-audit.%d{yyyy-MM-dd}.log"
ignoreExceptions="false">
<PatternLayout>
<pattern>%d trackingid="%X{trackingid}" event=%X{event} subject="%X{subject}" ip=%X{ip} app=%X{app} connectionid=%X{connectionid} protocol=%X{protocol} pfhost=%X{host} role=%X{role} status=%X{status} adapterid=%X{adapterid} description="%X{description}" responsetime=%X{responsetime} %n</pattern>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
日志没有产生预期 - 以下是我得到的例子。 'value references'取自log4j2.xml文件中的示例,但似乎只有部分值填充了值。至少应该知道像'主持人'这样的人吗?有什么想法我可以试试吗?
谢谢,安德斯
2017-11-09 14:08:43,142 trackingid="" event=CREATE subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:21:00,651 trackingid="" event=LOGOUT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:21:09,116 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:23:03,551 trackingid="" event=LOGOUT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:23:09,725 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
2017-11-09 14:26:46,071 trackingid="" event=LOGIN_ATTEMPT subject="" ip=127.0.0.1 app= connectionid= protocol= pfhost= role= status= adapterid= description="" responsetime=
答案 0 :(得分:1)
我将您的模式逐字复制到我自己的安装中,并且没有问题......您是否在实施后重新启动了实例?您使用的是什么版本的PingFed?
2017-11-10 15:06:10,256 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app=https://server.name.com:9031/SpSample/MainPage/ connectionid=idp:id protocol=SAML20 pfhost=myServerName role=SP status=success adapterid=OTSPJava description="" responsetime=117
2017-11-10 15:06:32,676 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SLO subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid= description="" responsetime=19
2017-11-10 15:06:32,877 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SLO subject="" ip=XXX.XXX.XXX.XXX app= connectionid= protocol=SAML20 pfhost=myServerName role=SP status=success adapterid= description="" responsetime=21
2017-11-10 15:06:45,883 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_REQUEST subject="" ip=XXX.XXX.XXX.XXX app= connectionid= protocol= pfhost=myServerName role=SP status=inprogress adapterid= description="" responsetime=11
2017-11-10 15:06:46,073 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_ATTEMPT subject="" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=inprogress adapterid=ldapHtmlForm description="" responsetime=7
2017-11-10 15:06:53,218 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=AUTHN_ATTEMPT subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid=ldapHtmlForm description="" responsetime=10
2017-11-10 15:06:53,230 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app= connectionid=sp:id protocol=SAML20 pfhost=myServerName role=IdP status=success adapterid=ldapHtmlForm description="" responsetime=22
2017-11-10 15:06:53,448 trackingid="tid:fbrUCJDI7pMwPjwDpg2aCMo9SSY" event=SSO subject="testUser" ip=XXX.XXX.XXX.XXX app=https://server.name.com:9031/SpSample/MainPage/ connectionid=idp:id protocol=SAML20 pfhost=myServerName role=SP status=success adapterid=OTSPJava description="" responsetime=27