Friday, November 2, 2012

OpenAM Policy Agent Audit Logging to Database

In my customer's OpenAM environment, database logging is configured instead of file-based logging.



To enable database logging, we need to navigate to Configuration -> System -> Logging. The default Logging Type is File. Switch to DB. My customer back-end database is Oracle 11g RAC.




When this is done, restart OpenAM server and logging will be redirected to the Oracle database. 

Next, my customer likes to track what his users are doing for every Policy Agent that have been deployed. So audit logging has to be turned on at the Policy Agent configuration. In addition, customer would like to centralize the logging. This means logging shall be consolidated at the OpenAM servers. 

Easy, the default Audit Access Types is LOG_NONE. Switch to LOG_ALLOW. Next, select REMOTE for Audit Log Location. Cool, it's done!




Well .... but no... the database shows nothing. There isn't a new table created for this agent. Restarted a few times, nothing. Strange!

So we dig into the CoreSystem debug log and found this:

WARNING: amAgent_esys-uat_abc_com_18081_log:DBHandler:Maximum DB memory buffer size < Buffer Size, setting to buffer size (25)
DBHandler:tableName = amAgent_esys-uat_abc_com_18081_log, LOG_STATUS = ACTIVE
amAgent_esys-uat_abc_com_18081_log:DBHandler: the query string for creating is create table amAgent_esys-uat_abc_com_18081_log (time date,  data CLOB, LoginID varchar2 (255), ContextID varchar2 (255), IPAddr varchar2 (255), LogLevel varchar2 (255), Domain varchar2 (255), LoggedBy varchar2 (255), MessageID varchar2 (255), ModuleName varchar2 (255), NameID varchar2 (255), HostName varchar2 (255)) 
ERROR: amAgent_jboss_truecorp_co_th_18443_log:DBHandler:createTable:Execute:SQLEx (972): ORA-00972: identifier is too long
ERROR: amAgent_jboss_truecorp_co_th_18443_log:DBHandler: sql operation unsuccessful (972): ORA-00972: identifier is too long

Ah! It's a Oracle table name restriction!

The default Remote Log Filename is being used as the Oracle table name, but the length is too long for Oracle to accept.

Changed to a shorter name. Restarted OpenAM server and Policy Agent. It works!


.

No comments:

Post a Comment