206 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
logflush Defines frequency with which the server forces a flush of
the audit trail file buffers. Depends of the value; behavior
is similar to flush_interval parameter in the log file agent.
This approach is comparable to the logcfg entry with a file agent. For example, to
capture authentication events, the configuration file entries could be set as
follows:
[aznapi-configuration]
logaudit = yes
auditcfg = authn
auditlog = /var/pdweb/log/audit.log
logsize = 2000000
logflush = 20
If you are still using the logaudit approach, consider using either the logcfg
approach or the Common Auditing Service. The logcfg approach provides
additional configuration options, such as buffer size and event queues, and the
ability to use the console, pipe, and remote log agents.
6.1.3 WebSEAL HTTP logging
WebSEAL maintains the following HTTP log files that record HTTP activity:
request.log The request.log records HTTP request information, such
as the URL that was requested and client data (for
example, IP address).
agent.log The agent.log file records the contents of the User_Agent:
header in the HTTP request. This log reveals information
about the client browser, such as architecture or version
number, for each request.
referer.log The referer.log records the Referer: header of the HTTP
request. For each request, the log records the document
that contained the link to the requested document. The
log uses the following format:
referer
object
This information is useful for tracking external links to
documents in your Web space. The log reveals that the
source indicated by referer contains a link to a page
(object). This log allows you to track stale links and to find
out who is creating links to your documents.
By default, these log files are located in the following directory:
򐂰 Linux and UNIX operating systems /var/pdweb/www-default/log
򐂰 Windows operating systems C:\Program Files\Tivoli\PDWeb\www-default\log
Chapter 6. Auditing and troubleshooting 207
Stanza entries for configuring traditional HTTP logging are located in the
[logging] stanza of the WebSEAL configuration file. By default, HTTP logging is
enabled in the WebSEAL configuration file and configuration looks like:
[logging]
requests = yes
referers = yes
agents = yes
Along with these options, there are a couple more that can be defined in the
[logging] stanza:
gmt-time The value can be
yes or no. Yes specifies that timestamps
in each HTTP log file be recorded in Greenwich Mean
Time (GMT) instead of the local time zone. By default, the
local time zone is used (value is set to
no).
max-size Specifies the maximum size to which each of the HTTP
log files can grow. Default value in bytes is 2000000.
Depends on the value; behavior is similar to the
rollover_size parameter in the log file agent.
flush-time Specifies the frequency with which the server forces a
flush of the log file buffers. Depends on the value;
behavior is similar to the flush_interval parameter in the
log file agent.
When using virtual hosts, you can use the following configuration parameters in
the [logging] stanza to distinguish between requests that are to different virtual
hosts:
[logging]
host-header-in-request-log = {yes | no}
absolute-uri-in-request-log = {yes | no}
When you enable the host-header-in-request-log entry in the configuration file,
the log contains the header at the front of each line in the request log and in the
combined log.
When you enable the absolute-uri-in-request-log entry in the configuration file,
the log contains the absolute URI. This information is included in the request log,
the combined log, and HTTP audit records.
Note: When you configure WebSEAL (or any other Access Manager
component) you are being asked if you want to use
Tivoli common logging. If
you decide to opt for this common logging feature your WebSEAL log files will
be located at C:\Program Files\IBM\tivoli\common\DPW\logs\www-default\log.

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.