Logging migration guide - SSO
- 1 Differences
- 1.1 Examples
- 2 Migration notes
- 2.1 If you have customised default levels for Diagnostic log entry types
- 2.2 If you have enabled Management audit log
- 2.3 If you have enabled Statistics log
- 2.4 If you have customised Logviewer configuration
- 2.5 If you have parsed Diagnostic log (uas)
- 2.6 If you have specified custom log levels for libraries user by SSO authentication server (uas)
- 2.7 If you have specified formatting, log file folders or names for SSO authentication server (uas)
- 2.8 If you have specified custom log levels for Password applications (password, password-reset)
- 2.9 If you have specified custom log levels or formatting for TOTP API, or parsed the events (totp)
- 2.10 If you have specified custom log levels or formatting for SSO Management API, or parsed the events (sso-api)
This document highlights the differences between the logging solution since version 9.1 and before it, and offers some advises how to adapt to the new solution.
If you have not customised any logging features or implemented any tools for parsing the diagnostic logs, then the logging update provided will function similarly to prior releases with only simplifications in the location of the diagnostics logs for all applications installed on the same Tomcat server. Please ensure you review at least the Password reset and Password application sections as logging location and formatting has been updated.
Differences
The main differences between the new and old logging system are described below :
All SSO diagnostic log events by different web applications are written to the same log file and rotated on a daily basis
the file has been renamed from
uas3_diag.<YYYY-MM-DD>.log
tosso_diag.<YYYY-MM-DD>.log
In addition these log files are written to the
ubilogin/logs
folder and rotated on a daily basisuas3_audit.<YYYY-MM-DD>.log
- SSO authentication server audit logevents are created by default
no changes in v. 9.1
uas3_statistics.<YYYY-MM-DD>.log
- Statistics logempty files are created even if you have not configured this feature, see Understanding SSO logger configuration
STATISTICS_FILE
appender
management_audit.<YYYY-MM-DD>.log
- Management audit logempty files are created even if you have not configured this feature, see Understanding SSO logger configuration
MANAGEMENT_AUDIT_FILE
appender
password_audit.<YYYY-MM-DD>.log
- Password applications audit logempty files are created even if you have not configured this feature, see Understanding SSO logger configuration
PASSWORD_AUDIT_FILE
appender
Diagnostic level format has been slightly changed:
new column after the timestamp has been inserted and there the web application name producing the log event is printed, the name is one of the following
uas
- SSO authentication serverubilogin
- SSO management UIlogviewer
- SSO management UI Logviewer applicationsearch
- SSO management UI LDAP Search applicationsso-api
- SSO management APItotp
- TOTP APIpassword
- Password applicationpassword-reset
- Password reset applicationcdc
- Common Domain Cookie (CDC) discovery serviceotpserver
- OTP list server
next column used to be only a specific entry type from the predefined list (
init
,tech
,environment
,method
etc.) but now it may print a fully qualified class name instead depending on the application or library producing the outputnew column has been inserted to print the log level of the event
in case of
sso-api
originated log events the following columns have been added nextremote IP address of the caller
name of the authenticated user calling the API (
sub
)
the error message which is printed instead of the full stack trace in case of an exception contains more parts of the stack trace and is thus more verbose
Examples
Expand the elements below, by clicking the caret symbol, to see examples comparing the historical logging format and the updated logging format.
Before 9.1 | Since 9.1 |
---|---|
Old format
| New format
|
Applications printed startup events to various log files or did not print them at all - SSO diagnostic log sample (
| All the applications are printing about their startup to the same SSO diagnostic log file (depends on the applications you have configured, and the order may vary)
|
The old output (v 9.0.0)
| |
Migration notes
If you have customised default levels for Diagnostic log entry types
Before 9.1 | Since 9.1 |
---|---|
In log4j.logger.ubilogin.tech = INFO, Diag, C
log4j.logger.ubilogin.diag = INFO, Diag
log4j.logger.ubilogin.diag.init = INFO, C | In <!-- (1) Default levels for Diagnostic logs entry types -->
<turboFilter class="com.ubisecure.common.logging.MarkerBasedLogFilter">
<DefaultLevels>audit=info;tech=info;diag.*=info</DefaultLevels>
</turboFilter> |
If you have enabled Management audit log
Before 9.1 | Since 9.1 |
---|---|
In log4j.logger.com.ubisecure.ubilogin.management = INFO, ManagementAudit | In |
If you have enabled Statistics log
Before 9.1 | Since 9.1 |
---|---|
In | In |
If you have customised Logviewer configuration
See Configuring Log Viewer - SSO, the original filesource.properties
file in the installation package has been changed.
Before 9.1 | Since 9.1 |
---|---|
In | In |
If you have parsed Diagnostic log (uas
)
Before 9.1 | Since 9.1 |
---|---|
Only SSO authentication server ( Event sample:
| If parsing notice the following:
Event sample:
|
If you have specified custom log levels for libraries user by SSO authentication server (uas
)
Before 9.1 | Since 9.1 |
---|---|
In | In |
If you have specified formatting, log file folders or names for SSO authentication server (uas
)
Before 9.1 | Since 9.1 |
---|---|
In | In |
If you have specified custom log levels for Password applications (password
, password-reset
)
These applications used to log to the Tomcat log (ubilogin-sso/tomcat/logs/catalina.<YYYY-MM-DD>.log
) but are now logging to the shared SSO diagnostics log (ubilogin-sso/ubilogin/logs/sso_diag.<YYYY-MM-DD>.log
).
Before 9.1 | Since 9.1 |
---|---|
In | In |
If you have specified custom log levels or formatting for TOTP API, or parsed the events (totp
)
This SpringBoot application used to log to a dedicated log (ubilogin-sso/ubilogin/logs/totp.log
) but is now logging to the shared SSO diagnostics log (ubilogin-sso/ubilogin/logs/sso_diag.<YYYY-MM-DD>.log
).
Being a SpringBoot application, the log levels can still be configured via application.yaml
or actuator
end-point as advised in TOTP API configuration.
Before 9.1 | Since 9.1 |
---|---|
In
Event sample:
| Log levels: Either
In Regarding formatting, see Understanding SSO logger configuration for the following sections. NOTE: We do not recommend you to modify these settings in order to facilitate regular troubleshooting. If parsing notice the following:
Event sample:
|
If you have specified custom log levels or formatting for SSO Management API, or parsed the events (sso-api
)
This web application used to log to a dedicated log (ubilogin-sso/ubilogin/logs/sso-api.log
) but is now logging to the shared SSO diagnostics log (ubilogin-sso/ubilogin/logs/sso_diag.<YYYY-MM-DD>.log
).
Being a SpringBoot application, the log levels can still be configured via application.yaml
or actuator
end-point as advised in TOTP API configuration.
Before 9.1 | Since 9.1 |
---|---|
In Event:
| In Log levels Regarding formatting, see Understanding SSO logger configuration for the following sections. NOTE: We do not recommend you to modify these settings in order to facilitate regular troubleshooting. If parsing notice the following:
Event:
|
This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.