Landmark security log files: General information

Infor Security logs user access throughout the system.

You can view log files online using the Security Session Debug list through the Security Administration Console.

You can also access the tools to view log files and create custom versions of loggers through the Security Administration Console. This topic provides an overview of the type of information that can be logged.

Logger name What it logs Log file name Use example
SecurityAuthenticationLogger Authentication requests LALOGDIR/security_authen.log A user reports being unable to log into the Infor system. Use this logger to view the user's log-in failure to help determine the cause, for example, the user presented an incorrect password.
SecurityProvisioningLogger Updates made to a user's profile, for example, additional roles assigned. LALOGDIR/security_provisioning.log

Use this logger to investigate a report that:

  • A user is logged successfully into the Infor system but reports being unable to access an application, tool or dataset they believe they should have access to.

  • A user is accessing a program, tool, or dataset they should not have access to.

SecurityBODProvisioningLogger User BOD activities. LALOGDIR/security_BOD_provisioning.log If information about a user that should have been sent through a BOD from one system to another, for example, from Landmark to the Infor operating system, does not appear in the operating system, this logger contains information to help determine the cause of the problem.
SecurityLogger Authorization requests, that is, Infor components that users attempt to access. LALOGDIR/security_author.log If a user has unintended access to a securable object, this logger can help determine how this situation occurred.
SecurityServerLogger Activities of the Security Serer (lase) LALOGDIR/security_server.log This logger is specialized and typically used in consultation with Infor Technical Support.
SecurityEventLogger Logs events related to security, such as, login attempts and access denied occurrences. LALOGDIR/security_event.log This logger is specialized and typically used in consultation with Infor Technical Support.
SecuritySSOConfigServletLogger Requests to the SSO configuration servlet, including changes to SSO configuration. LALOGDIR/security_ssocfginfoservlet.log This logger is specialized and typically used in consultation with Infor Technical Support.

Logging levels

For each logger you can set values for the level of logging you want to configure. The levels of detail that can be logged are:

  • FATAL: Logs fatal errors only.

  • ERROR: Logs all errors, including fatal errors.

  • WARNING: Warnings of suspected issues that are not technically errors. The logger also captures all errors.

  • INFO: Default setting. Includes informational messages that have been programmed to be sent by the application. They are not necessarily warnings or errors. This logger also captures warnings and errors.

  • DEBUG and TRACE: Both settings provide details for troubleshooting an issue as well as informational, warning and error messages. The difference between DEBUG and TRACE is determined by the sending application.

It is the security administrator's decision as to which logging level to use. Some examples:

  • If your security setup is relatively new and you want to log a significant amount of data, you could retain the default setting of INFO.

  • If your system has been operational for some time and you are confident that users have appropriate access and you want to save space in log files, you might choose the FATAL or ERROR levels.

  • If you are troubleshooting, turning on DEBUG or TRACE level logging can help identify the issue. The log files generated by DEBUG and TRACE fill up quickly. Most customers will want to turn off DEBUG and TRACE modes when they have completed troubleshooting.

Note: 

Logging level defaults are delivered in securityloggerconfigure.xml

Authorization debug logger

For troubleshooting authorization access, you can create an ad hoc report that drills into deep details about a particular user. An example about how to create this log file is in a later section.

Logging actions

Logging action What it does When to use it
Sync Synchronizes database records with current logger object. Before you begin troubleshooting. Do this to verify that logging parameter values are what you expect.
ViewLog Opens the log file in the FTP server configured in Lanmark Configuration Parameters. Before you perform a ClearLog action and after you complete work.
ClearLog Removes all database SecuritySessionDebug records for the selected log file. Before you begin troubleshooting. We recommend that you always use ViewLog before ClearLog to archive previous log files.
Open: This option is available when you double-click a line on the on logger page Shows configuration of an existing logger. When you want to change such parameters for a log file, such as log level, or add a filter.
Reset Resets logger to its original values. Loads data from SecurityLoggerConfiguration.xml to the current logger and updates the SecurityLogger record in the database. When you have completed troubleshooting and want to return logging to the original setting.
Note: 

The option Create is on the menu and can be used to create a logger if one does not already exist. Typically, the loggers are delivered and are available for selection from the Security>SecurityLoggers menu.