Lawson Security Property, Log, and Audit Files

Logging

You can log security and Single Sign-On information. By default, severe and warning messages for security are logged in the lase.log and lase_serverN.log files. You can log additional information by selecting General, All, or Debug on the Auditing + Logging tab. Logging is performed for the users you select on the Auditing + Logging tab. Single Sign-On logging only occurs if you set up the sso_tracing.properties file.

You can further control logging through the ls_logging.properties file and the SecurityLoggerConfiguration.xml. The ls_logging.properties file enables you to set the logging level for different components of the security system, such as the authentication or authorization components. The SecurityLoggerConfiguration.xml file enables you to set logging and tracing levels for different security packages.

File Description
lase.log Contains a record of events (such as startups and shutdowns of the security server) and errors that are triggered by the security C API.

lase_server_ n .log

where n is a number

Contains logging event information, including which properties file was used to control the current logging configuration as well as the detail the ls_logging.properties file indicates should be logged.

For more information, see the section "Working with the Lawson Security Server Log File (lase_server_#.log)".

ls_logging.properties

Configuring logging properties through the Lawson Security Administrator Auditing+Logging tab is the most common way to do it. However, this properties file is also available. The names of the logging settings in the file are different from those on the Security Administrator. In the file, the available levels of logging are SEVERE, WARNING, INFO, FINER, and FINEST. If you make changes to ls_logging.properties, they will take effect the next time the security server is stopped and started.

For more information, see the section "Working with the Lawson Security Server Log File (lase_server_#.log)".

sso_tracing.properties Use to turn single sign-on logging on and off, and to set the types of services that will be traced. The options for services are FSSO, BSSO, API, and SSSO.
sso_ number .log Contains logging information related to single sign-on. This file has contents only if you turn on SSO logging through the sso_tracing.properties file.
SecurityLoggerConfiguration.xml Use to adjust the log and trace setting, set the name of the log file, and enable or disable logging functions for security logging.
security.log

Default name for the standard log file for the security server containing security access messages.

The contents of this log file are configured through the SecurityLoggerConfiguration.xml file.

lase_server.log

The lase_server_*_*.log (LSF only) tracks updates to the security server (lase).

The contents of this log file are configured through the SecurityLoggerConfiguration.xml file.

security_authen.log

Use to capture authenication information such as logging in, logging out, session timeouts, cookie information, and LDAP error codes. This log file also logs startup and shutdown activity of LASE.

The contents of this log file are configured through the SecurityLoggerConfiguration.xml file.

security_assertion.log Use to track security key information used by Direct IOS.
security_events.log Use to track information about the security monitoring service, including client-to-server and server-to-client events such as Authentication API calls.
security_monitoring.log Use to track information about the security monitoring service, including messages from the running jobs on the background that checks Usage Peaks of user session.
security_persistence.log Use to track all database-related messages, such as success and failure of executing SQL statements.
security_search.log Tracks information about the search function in Infor Security Services.
lawrm.log Tracks generic security information related to LDAP.
security_provisioning.log Contains all federation- and synchronization-related transactions, including normal security processing of adding new users and synchronizing on federated systems.

Auditing

You set up and turn on auditing through the Auditing + Logging tab. You can audit the following events:

  • Administrator Additions (New rules added to the administrative profile by a security administrator as well as added resources by a security or resource administrator)

  • Administrator Changes (Changes to the rules in the administrative profile by a security administrator as well as changes to resources by a security or resource administrator)

  • Administrator Deletions (Deleted rules in the administrative profile by a security administrator as well as deleted resources by a security or resource administrator)

  • Access Denials (Attempts by a user to access a securable object where the user has not been granted access)

  • Identity Management (Additions, changes, or deletions to identities)

You can view auditing information through the audit reports or by archiving the audit information and then viewing the *.audit files.

File Description
*.audit files

Archive files for auditing information. The actual file name is built from the criteria you select when creating the archive.

To create an archive, click on the Archive Audit button on the Auditing + Logging tab, then either click the Archive All button or enter criteria and click the Archive Selected button.

If you choose to archive all records, the file name will be audit_all.audit. If you choose to archive selected records, the file name will be similar to the following: audit_user1_prior20050405_RUNTIME.audit.

Additional Properties Files

File Description
RMApiInit.properties

Contains information about the LDAP server, JNDI, and processing pool initialization parameters.

The MaxQueryResults parameter's default setting is 5000. Its value must be greater than or equal to the setting for the Paging Size preference in the Resource Manage Administrator.

lsservice.properties Contains information on the security server, including a list of defined server instances, the server host for the security server, the ports used by the security server, and the name of the service representing the server that hosts the security server. This is created during installation and generally should not be edited.