Logging in IdentifyMe
Introduction
IdentifyMe supports extensive logging for monitoring, reporting and debugging needs.
Types of logs
| Name | Abbreviation | Description |
|---|---|---|
| System log | SYS | Contains all information, warnings, errors and debug logs Collects information about how the system is used: - When Identify's REST API is called - Changes made via IdentifyMe's UI - Other activities that happen on the IdentifyMe server side |
| Security log | SEC | Security log contains data about: - Authentication (OpenID Connect) messages - Session fixation detector - Access token validation - Update users' profiles - T-OTP/WebAuthn authenticators registration |
Logging settings in IdentifyMe
IdentifyMe follows that same logging settings that you can find on the Logging page. Specifically, IdentifyMe shares the log level setting with Identify Runtime.
Text file location
The default folder for logging when Text file is used is C:\Program Files\Safewhere\Identify\Tenants\[your_tenant]\Logs\SelfService. You can change the log folder by editing the C:\Program Files\Safewhere\Identify\Tenants\[your_tenant]\selfservice\appsettings.json file.
Database tables
The default database table for logging when Serilog sinks is used:
- SQL database: [IdentifyAudit].[
your_tenant].[Logs]
- MongoDB & CosmosDB: [IdentifyAudit
your_tenant][logs]
Enable logging features
The Logging features section allows you to control what log types that IdentifyMe needs to log, currently, IdentifyMe supported two log types:
Security: control whether Identify should do security log. Recommended setting for production: checked.
Log examples
Log entries are in JSON format.
System log
{
"Type": "SYS",
"RequestId": "c42149ed-b1c2-45e1-ac08-941d0c74b873",
"BuildNumber": "1.0.0",
"System": "Selfservice",
"EventId": "10021",
"LogId": "85b2cca8-5d7d-439b-9c81-2a696c0f5a04",
"Timestamp": "8/12/2022 7:02:45 AM",
"IPAddress": "127.0.0.1",
"MachineName": "WIN-L9DNDIPCFU2",
"UserId": "00000000-0000-0000-0000-000000000000",
"LogLevel": "INFO",
"LogMessage": "Calling GET: admin/api/rest/v2/systemsetup, Logged in user: 00000000-0000-0000-0000-000000000000, Token ID: 00000000-0000-0000-0000-000000000000"
}
| Name | Description |
|---|---|
| Type | Log type, value must be SYS |
| RequestId | Unique ID dynamically generated for every event |
| BuildNumber | Build number of the running IdentifyMe instance |
| System | Value must be Selfservice |
| EventId | Every log event has a unique event id. |
| LogId | Unique ID dynamically generated for every event |
| Timestamp | Time event occurs |
| IPAddress | IP of the machine initiates the request |
| MachineName | Name of the machine initiates the request |
| UserId | Unique ID of the user that produced the request |
| LogLevel | Severity level, eligible values are DEBUG, INFO, WARNING, ERROR |
| LogMessage | More detail information about the event |
Notice that, for every incoming web request, Identify logs an event with ID 8010 that contains request's parameters.
{
"Type": "SYS",
"BuildNumber": "1.0.0",
"System": "Selfservice",
"EventId": "10024",
"LogId": "efe04b85-f99f-4d00-aeb3-90f397a54d3a",
"Timestamp": "8/12/2022 7:02:44 AM",
"IPAddress": "127.0.0.1",
"LogLevel": "INFO",
"LogMessage": "",
"HttpRequestParameters": {
"Path": {
"Value": "/signin-oidc",
"HasValue": true
},
"Method": "POST",
"RequestContent": {
"code": [
"CfDJ8EO06QsxC4xBk5p_[...]"
],
"scope": [
"identify*scim openid"
],
"session_state": [
"CPvlgFfWXS/1RdvnKkh44SEKXPV6Y2d8M0KBgYjUghs=.VOOD/rM="
],
"state": [
"CfDJ8CjCEiFJc_[...]]"
]
},
"RequestCookies": {
".AspNetCore.OpenIdConnect.Nonce.CfDJ8CjCEiFJc_[...]": "N",
".AspNetCore.Correlation.R3XEr257lbiAzPjxFBoy6Q9S7mYm7NfRXNv8d63kGh0": "N",
".AspNetCore.Cookies": "CfDJ8CjC",
"AspNetCore_Session": "CfDJ8C8JDWXbX[...]",
"Identify_SessionId": "ip03houz",
"__RequestVerificationToken_L3J1bnRpbWU1": "CfDJ8EO0",
"identify_auth": "09F0C9F0",
"OPBS_SafewhereAdmin_win-l9dndipcfu27a91b45b-6e7b-4c47-a5e8-25b5a1d51ae4": "identify",
"OPBS_client_id_xrvCsrlAeeCSBw2ep9SlEZagl2w": "=identif",
"participantsip03houz0jz1o5h0xaxncqct": "Q2ZESjhF"
}
}
}
| Name | Description |
|---|---|
| HttpRequestParameters | The HTTP request parameters, consist of Path, Method, RequestContent and RequestCookies parameters |
Security log
{
"Type": "SEC",
"RequestId": "d1cdb002-8c52-4506-b34f-9e5afe4958e7",
"BuildNumber": "1.0.0",
"System": "Selfservice",
"Component": "Selfservice",
"EventId": "10046",
"LogId": "2e0946cd-4d7a-44d2-a3bd-b23c69fba33e",
"Timestamp": "8/12/2022 7:02:45 AM",
"IPAddress": "127.0.0.1",
"MachineName": "WIN-L9DNDIPCFU2",
"UserId": "00000000-0000-0000-0000-000000000000",
"LogLevel": "INFO",
"Action": "OnRedirectToIdentityProvider",
"LogMessage": "Redirect to Identity Provider to log in. Identity Provider: https://selfservicenosql.safewhere.local/runtime/oauth2/authorize.idp. "
}
| Name | Description |
|---|---|
| Type | Log type, value must be SEC |
| Component | Must be Selfservice |
| Action | The detail description of an action. (In the example JSON above, it's OIDC event action) |
| Other attributes | Similar to those of the SYS log |
Appendix A: List of Event IDs for System log (SYS)
| ID | Description |
|---|---|
| 10020 | Common debug logs |
| 10021 | Common information logs |
| 10022 | Common warning logs |
| 10023 | Common errors logs |
| 10024 | HTTP request parameters |
| 10025 | OIDC debug logs |
| 10026 | All REST API requests (GET/POST/PUT/DELETE) to Identify |
| 10027 | License validation error |
| 10028 | An error happens while loading user session settings |
| 10029 | Caching event log |
Appendix B: List of event IDs for Security log (SEC)
| ID | Description |
|---|---|
| 10040 | OIDC authentication failure |
| 10041 | OIDC access denied |
| 10042 | OIDC token validated |
| 10043 | Invalid authorization actions |
| 10044 | Redirect to Identity Provider to log out |
| 10045 | Redirect from Identity Provider to callback endpoint |
| 10046 | Redirect to Identity Provider to log in |
| 10047 | Invoked after security token validation if an authorization code is present in the protocol message. |
| 10048 | Invoked after "authorization code" is redeemed for tokens at the token endpoint. |
| 10049 | User's login session management operations |
| 10050 | Get system token from Identify succeeded |
| 10051 | Get system token from Identify failure |
| 10052 | Sign-in redirect endpoint URL |
| 10053 | Invoked when there is a remote failure |
| 10054 | User's information updated |
| 10055 | Reset a T-OTP authenticator |
| 10056 | Reset a WebAuthn authenticator |
| 10057 | Onboard a T-OTP authenticator |
| 10058 | Onboard a WebAuthn authenticator |