PingFederate Server

HTTP request logging

HTTP requests to the runtime engine are logged to the runtime-request.log file. HTTP requests to the admin console are logged to the admin-request.log file.

You can configure the output for these files using the appropriate appender for your desired output in the log4j2.xml file:

  • To write to the log files in standard format, update the RollingFile name="RuntimeRequestLog" and "RollingFile name="AdminRequestLog" sections.

  • To write to the log files in JSON format, update the RollingFile name="RuntimeRequestLog-JSON" and RollingFile name="AdminRequestLog-JSON" sections.

  • To write to the admin console in JSON format, uncomment the ref="CONSOLE-RuntimeRequestLog-JSON" and ref="CONSOLE-AdminRequestLog-JSON" appenders.

You can also configure the output format and ignorePath settings in the HTTP Server Request Log Settings section of the run.properties file. Learn more in Configuring PingFederate properties.

You can correlate request log events with the server log and audit log by using shared log attributes. Learn more in Correlating log events using attributes.

The HTTP request logs are written to the default PingFederate log directory.

Reverting to previous logging behavior

Prior to version 12.3, the PingFederate web container logged runtime engine HTTP requests to the <date>.request.log file, and admin console HTTP requests to the <date>.request2.log file.

The following procedure lets you revert to this legacy behavior to maintain logging continuity after you upgrade to PingFederate 12.3. However, you should consider this reversion a temporary measure while you update your log tracking. Future versions of PingFederate will log HTTP requests through the log4j.xml file.

Like other PingFederate-generated log files, the legacy HTTP request logs are written to the default PingFederate log directory. Properties controlling request legacy logging are contained in the web-container configuration files:

  • jetty-runtime.xml for the runtime engine (the <date>.request.log files)

  • jetty-admin.xml for the administrative console (the <date>.request2.log files)

You can find these files in the <pf_install>/pingfederate/etc directory, and you can independently manage them on a per-server basis.

Steps

  1. Open the <pf_install>/pingfederate/bin/run.properties file.

  2. Under the HTTP Server Runtime Request Log Settings section, make the following changes:

    1. Add jetty.runtime.requestlog.useLog4j2Logger="false".

    2. Add the timestamp attribute to the formatting property. It should read jetty.runtime.requestlog.format=%{client}a - %u %{dd/MMM/yyyy:HH:mm:ss ZZZ}t "%r" %s %O.

  3. Under the HTTP Server Admin Request Log Settings section, make the following changes:

    1. Add jetty.admin.requestlog.useLog4j2Logger="false".

    2. Add the timestamp attribute to the formatting property. It should read jetty.admin.requestlog.format=%{client}a - %u %{dd/MMM/yyyy:HH:mm:ss ZZZ}t "%r" %s %O.

  4. Save and close the file.

  5. If you’re running PingFederate in a clustered environment, repeat these steps for each node.

When you’re ready to update to log4j2 logging, you can revert the changes made to the run.properties file in steps 2 and 3, the restart PingFederate.