Simple Logger Function for Verify Access
Contents
Overview
Logging in Verify Access isn't anything new, I even wrote about the performance implications, however I've always found it a little cumbersome writing out the traceString()
function and never found it easy to grep through logs, correlate trace statements together or provide any sort of consistency - especially on big projects with other administrators also working on the codebase.
The solution is a searchable, standard logging object that can be used repeatably throughout mapping rules in Verify Access (or formally known as IBM Security Access Manager (ISAM)).
This logger function also allows for simple integration into tools such as Logstash/Kibana.
Importing Logger Utils
You can download the mapping rule from GitHub here:
https://github.com/Verify-Access/Utils/tree/main/Logger
To import the mapping rule, simply use:
importMappingRule("loggerUtils_lightweight");
Configuring the Logger Function
The logger
object in loggerUtils_lightweight creates a simple, easily searchable standard logging object.
Importing the mapping rule initializes the logger object so you can call it straight away.
Attribute | Details |
---|---|
time | Current time of trace statement |
delta | Time since last trace statement |
total | Total time since logger was initiated |
inst | Application name |
msg | Event ID, e.g. SUCCESS, ERROR, VERBOSE, etc. |
correlation | Transaction ID to group logger statements together for a given transaction |
details | Extra text passed into the logger.log() function |
Logger Events
Some events are considered a "terminal action". Most mapping rules should have a single task to achieve. The terminal log is the overall result from the mapping rule.
Essentially there should only ever be one terminal event per mapping rule - although in some specific cases such as a link & login, there might be two.
Event | Level | Terminal | Runtime Level | Comments |
---|---|---|---|---|
SUCCESS | LOG_SEVERE | yes | DETAIL | Operation completed successfully |
ERROR | LOG_SEVERE | no | DETAIL | Something went wrong. An API failed/etc. Ideally, this should be something that went wrong in Verify Access or one of our back-end API's |
LOG | LOG_INFO | no | DETAIL | Log something |
CONTEXT | LOG_FINE | no | FINE | Add some context for another event - some user specific attributes you don't always want traced |
DEBUG | LOG_FINER | no | FINER | Put all the detailed logging here - response codes (and maybe bodies) from HTTP calls/etc. |
VERBOSE | LOG_FINEST | no | FINEST | Full details here. Log all request/response payloads. Log the STSUU. Before and after mapping rule dumps, etc. |
Timers
The timer function allows us to track how long certain operation took.
For any call to an external API - wrap it in a:
logger.startTimer("string")
// and
logger.stopTimer("string")
When the log is written - any completed timers will be written as timer_{ string }
.
Example
To log an event, print: logger.log(EVENT, "message");
// Start all rules with something like this:
logger.program = "application-name"; // Should written in kebab-case
logger.log(VERBOSE, "Begin Rule SampleRule.js. STSUU is: " + stsuu.toString());
// Trace an error:
logger.log(ERROR, "Something went wrong. Error: " + errorMessage);
// Print a success event:
logger.log(SUCCESS);
// End all rules with something like this:
logger.log(VERBOSE, "End Rule SampleRule.js. STSUU is: " + stsuu.toString());