Security Logging: Configuring Log and Trace Settings

Use this procedure to adjust the log and trace setting, set the name of the log file, and enable or disable logging functions for security logging.

Note: You can gather additional information on security through the sso_tracing.properties file and through the tracing and logging settings in the Lawson Security Administrator.
  1. Confirm that the <LAWDIR>/system/configuration.properties file contains a reference to SecurityLoggerConfiguration.xml.
  2. Configure dynamic enable/disable of logging.

    Doing so means that, in the future, you can change logging levels without having to stop and start the system.

    Add the following properties to the configuration.properties file:

    ReloadFiles = TRUE

    RefreshTimeOut = <number of minutes>

    Note: Typically, 30 minutes is used as a value for RefreshTimeOut.
  3. Open the <LAWDIR>/system/SecurityLoggerConfiguration.xml file in a text editor.
  4. Set the logging and tracing levels to the level you want.

    Logging and tracing levels are set in the SecurityGeneralFilter <filter> section:

    <log_filters>
       <filter name="SecurityGeneralFilter" classname="com.lawson.common.util.logging.SimpleMessageFilter" 
                   enabled="true"/>
          <parameters>   
            <Parameter value="loglevel=4"/>
            <Parameter value="tracelevel=4"/>
          </parameters>
       </filter>
    ...

    For logging and tracing of important events only, use levels 1 through 4.

    • Level 1: Logs fatal error message only

    • Level 2: Includes error messages

    • Level 3: Includes warning messages

    • Level 11: Includes a full system trace

    Note: Logging levels of 5-10 are not used in Lawson System Foundation.
  5. Set up filters based on users or packages. To do this, create a <log_producter_filters> section at the end of the <configuration> section similar to the one below:
    <log_producer_filters>
       <producer_filter name="SimpleMessageProducerFilter" classname="com.lawson.common.util.logging.
                   SimpleMessageProducerFilter" enabled="true">
          <parameters>
            <Parameter value="user=23456|admin"/>
            <Parameter value="package=com\.lawson\.security\.common\.(.)|com\.lawson\.security\.authen\.(.)"/>
          </parameters>
       </producer_filter>
    </log_producer_filters>
    Note: The delivered names of the files are security.log and security_authen.log. If you want to change the log file name, you can do so through the <log_publishers> section.
  6. Save and close the file.
  7. If this is the first time you have enabled logging, stop and start the Lawson system to enable the changes.