Event logging provides a standard, centralized way to record important software and hardware events such as logins, failed logins, access to resources, audit events, and slow transactions. The event logging service records events from various sources and stores them in a single collection which is written to the system log. System management tools can be configured to display and act on these events.
Events List
- Security events
- Invalid Security Principal: When using javax.security.auth.principal to establish a session and the user ID is not valid
- Invalid SSO Token: The supplied SSO token is not valid
- OAuth2 authentication failure: An OAuth2 authentication failed
- OAuth2 token invalid: Either an access token or an authentication code is invalid or expired
- User login failed: User ID or password is in valid
- User Login Succeeded: User login
- User Authentication Success: OAuth2 successfully processed the access token
- OAuth2 Client Secret generated
- OAuth2 Token created: Either an authorization code or access token was created
- Session Expired: A user session expired
- Invalid Action: The action_id parameter is not recognized
- Application life cycle events
- Web Application Startup begin
- Web Application Startup complete
- Web Application Startup failed
- ArcGIS events
- ArcGIS job succeeded
- ArcGIS job failed
- ArcGIS job status URL: Allows the monitor to obtain the status URL (which is on the ArcGIS server)
- ArcGIS job status: Uses the status URL to report the status
- Slow Database Query events
Configuration
The underlying code is Log4j, so the configuration is in log4j.properties:
Log4j Snippet
# Auditable event loggers log4j.logger.com.agileassetsinc.events=FATAL, mainLogFile
Event Monitoring
Most system monitoring tools will monitor the system log file for events and you should use the documentation for those products for configuration of the Log4j appender. The log4j.properties has an outline of the setup needed to enable this:
Log4j configuration
log4j.logger.com.agileassetsinc.events=WARN, SYSLOG # # Note the following may be needed # Add the following lines to rsyslog.conf file # # $ModLoad imudp # $UDPServerRun 514 # # configure Syslog facility appender log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG.threshold=WARN log4j.appender.SYSLOG.syslogHost=<localhost> log4j.appender.SYSLOG.facility=LOCAL4 log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout log4j.appender.SYSLOG.layout.conversionPattern=[%p] %c:%L - %m%n