When enabled, the access logging feature logs either all incoming requests to
the Transaction server or only the requests resulting in access violations. Examples of
access violations are authentication failure or insufficient authority to execute a command. When
enabled, access logging allows an HCL Commerce administrator to quickly identify security
threats to the HCL Commerce system.
When an authentication failure or
authorization failure event occurs, the following information is logged to the access log file
database tables, ACCLOGMAIN and ACCLOGSUB:
- Host name of the client
- ID of the thread running the command
- User ID of the client
- Time the event occurred
- Command that was run
- Store for which the command was run
- Resource on which the operation was performed
- Result of the access control check
Procedure
-
Open the HCL Commerce configuration file.
-
Search for
AccessLoggingEventListener
. Set the value of the
enable
attribute to true
.
<component
compClassName="com.ibm.commerce.event.accesslogging.AccessLoggingEventListener"
enable="true" name="AccessLoggingEventListener">
<property display="false">
<start enabled="false"/>
</property>
</component>
-
Find the
element.
<accessLogging cacheSize="aa" logAllRequests="bbbbb" />
Where:
- aa
- An integer value specifying the maximum number of entries that will be logged to memory before
entries are written to the database. Generally a higher number will result in improved performance
with respect to access logging. The default value is 32.
- bbbbb
- A value of
true
or false
. A value of true
means that all incoming requests are logged. A value of false
means that only
access violations are logged. To prevent excessive or unnecessary logging, a value of
false
is recommended. Use true
only when you suspect
authentication problems or security contravention at your site. The default value is
false
.
In the following example, the access logging keeps 3 entries in memory before logging
entries to the database tables. In addition, it logs all incoming requests to the
HCL Commerce Server:
<accessLogging cacheSize="3" logAllRequests="true" />
-
Save and close the file.