When enabled, the access logging feature logs
either all incoming requests to the WebSphere Commerce Server or only
the requests resulting in access violations. Examples of access violations
are authentication failure or insufficient authority to execute a
command. When enabled, access logging allows a WebSphere Commerce
administrator to quickly identify security threats to the WebSphere
Commerce system.
When an authentication failure or authorization
failure event occurs, the following information is logged to the access
log file database tables, ACCLOGMAIN and ACCLOGSUB:
- Host name of the client
- ID of the thread running the command
- User ID of the client
- Time the event occurred
- Command that was run
- Store for which the command was run
- Resource on which the operation was performed
- Result of the access control check
Procedure
- Open the Configuration Manager.
- Select .
- In the General panel, activate the Enable Component check-box.
- Select the Advanced panel and enable Start.
- Click Apply.
- Close the Configuration Manager.
- Restart your WebSphere Commerce
instance.
- To change the size of the log file, or to specify whether
all requests are logged or not, you need to manually edit the
instance.xml
file
for your WebSphere Commerce instance located in the WebSphere Commerce
instances subdirectory:
- Open the WebSphere Commerce
configuration file for your instance in an editor.
- Locate the following node, which is located in the
<LogSystem>/<activitylog>
node:
<accessLogging cacheSize="aa" logAllRequests="bbbbb" />
Where:
- aa
- is an integer value specifying the maximum number of entries that
will be logged to memory before entries are written to the database.
Generally a higher number will result in improved performance with
respect to access logging. The default value is 32.
- bbbbb
- is either
true
or false
. A value
of true
means that all incoming requests are logged.
A value of false
means that only access violations
are logged. To prevent excessive or unnecessary logging, a value of false
is
recommended. Use true
only when you suspect authentication
problems or security contravention at your site. The default value
is false
.
- When you have completed your updates, save the file.
- If you have edited the master instance.xml file in WC_installdir/instances/instance_name,
you must run UpdateEAR.
- Restart your WebSphere Commerce instance.
In the following example, the access logging
keeps 3 entries in memory before logging entries to the database tables.
In addition, it logs all incoming requests to the WebSphere Commerce
Server:
<accessLogging cacheSize="3" logAllRequests="true" />