The default output patterns for the Tomcat server and the PAS for OpenEdge application components are contained in instance-name/conf/logging-tomcat.properties and instance-name/conf/logging-pasoe.properties, respectively. You can edit the output patterns to capture any Logback information you need.

The output pattern describes:
  • What information is logged
  • The order in which the information is logged
  • What static content is logged

Mapped Diagnostic Context (MDC) tokens are also supported in log output patterns. MDC allows the PAS for OpenEdge instances to dynamically inject request context information into the logging subsystems, where the request contexts can be exposed through tokens in log entry formats.

This topic describes the defaults and supported values for the output pattern of each log file.

Tomcat and Tomcat web application pattern tokens

Logging output patterns, and designated log file names, where applicable, can be specified for the following Tomcat server components in the instance-name/conf/logging-tomcat.properties file:

# Core Tomcat console logging
psc.as.logging.console.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level 
[%thread] %logger{20} - %msg %n

# OpenEdge oehealth scanner logging
psc.as.logging.oehealth.fileName=oehealth-collector.%d{yyyy-MM-dd}.log
psc.as.logging.oehealth.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level 
[%thread] %logger{36} - %msg%n

# Core Tomcat client HTTP access loggging
psc.as.logging.access.fileName=localhost-access.%d{yyyy-MM-dd}.log
psc.as.logging.access.pattern=%h %l %reqAttribute{OEReq.userId} 
[%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"}] "%r" %s %b %reqAttribute{OEReq.requestId} 
%header{Accept} %n

# Common Tomcat & installed product properties
psc.as.logging.tomcat.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level 
[%thread] %C{36}.%M - %msg%n

The logging pattern supports Logback pattern tokens as described in the Logback Pattern Layout documentation. If you make changes to the pattern, end the pattern with %n to create a new line after the log entry is written.

The Tomcat access log (localhost-access.date.log) supports all standard Logback layout fields as described in the Logback documentation. The following MDC fields can provide useful diagnostic information about your HTTP requests:
Table 1. Tomcat access log supported MDC fields
MDC field Description

%h

Provides client host IP address.

%l

Provides the name of the remote log used for the current request.

%reqAttribute{OEReq.userId}

Replaces the Tomcat logging token %r with the OpenEdge Spring authentication user ID.

[%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"}]

Provides the timestamp of the request.

%r

Provides the requested URL and HTTP method.

%s

Provides the status code of the HTTP response.

%b

Provides the size of the payload or the content length of the response..

%reqAttribute{OEReq.requestId}

Tracks client HTTP requests through the Tomcat, ABL session manager, and multi-session agent.

%header{http-header}

Any standard Tomcat HTTP request headers can be included into your access log.

%n

Provides a new line. Ideally it is used at the end of the pattern.
%responseHeader{http-header} Any standard Tomcat HTTP response headers can be included into your access log.
%reqCookie{cookie} Requests the cookie name associated with the session.
%D Provides the elaspsed time in miliseconds of the request.
Note: Providing invalid filter patterns can result in no localhost access log creation.

The standard output format of an MDC log across components consists of three colon-separated values in the following order: webapp:transport:requestId. The requestId value is left-padded hex, so an example output could be the following: ROOT:w:0000000a.

For the transport, the following abbreviations are used to determine the source:
  • W = Web
  • R = REST
  • A = APSV
  • S = SOAP
  • F = File
  • J = When using noaccess.war as the ROOT web application.

For any request, the Tomcat Access log outputs this format exactly as stated if the pattern was modified.

PAS for OpenEdge application pattern tokens

Logging output patterns can be specified for the following PAS for OpenEdge application components in the instance-name/conf/logging-pasoe.properties:

# OpenEdge ABL webapp (oeabl.war) SessionManager & Spring Security logging
psc.as.logging.oeabl.fileName=${CONTEXT_NAME}.%d{yyyy-MM-dd}.log
psc.as.logging.oeabl.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level [%thread] 
%X{OEReq.requestId:--} %logger{36} - %msg %n

# OpenEdge ABL webapp login event logging
psc.as.logging.authn.fileName=${CONTEXT_NAME}_authn.%d{yyyy-MM-dd}.log
psc.as.logging.authn.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} ${contextName} 
%X{OEReq.requestId} %X{OESec.eventStatus} %X{OESec.loginPrincipal} - %X{OESec.failReason} - 
%X{OESec.failDetails}%n

# OpenEdge ABL webapp URL access event logging
psc.as.logging.authz.fileName=${CONTEXT_NAME}_authz.%d{yyyy-MM-dd}.log
psc.as.logging.authz.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} ${contextName} 
%X{OEReq.requestId} %X{OESec.eventStatus} %X{OESec.authzUserId} [%X{OESec.failObj}] 
%X{OESec.failAttrs} - %X{OESec.failReason}%n

# OpenEdge remote manager web application
psc.as.logging.oeman.fileName=${CONTEXT_NAME}.%d{yyyy-MM-dd}.log
psc.as.logging.oeman.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level [%thread] 
%logger{36} - %msg%n

# OpenEdge STS service ( for OpenEdge Authentication Gateway )
psc.as.logging.oests.fileName=${CONTEXT_NAME}.%d{yyyy-MM-dd}.log
psc.as.logging.oests.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level [%thread] 
%logger{36} - %msg%n

# OpenEdge PASOE health scanner service
psc.as.logging.oehealth.fileName=${CONTEXT_NAME}.%d{yyyy-MM-dd}.log
psc.as.logging.oehealth.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level [%thread] 
%logger{36} - %msg%n

# OpenEdge PASOE remote debugger service
psc.as.logging.oedbg.fileName=${CONTEXT_NAME}.%d{yyyy-MM-dd}.log
psc.as.logging.oedbg.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level [%thread] 
%logger{36} - %msg%n

# OpenEdge PASOE reverse-proxy service
psc.as.logging.oeproxy.fileName=${CONTEXT_NAME}.%d{yyyy-MM-dd}.log
psc.as.logging.oeproxy.pattern=%date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level [%thread] 
%logger{36} - %msg%n

The logging pattern supports Logback pattern tokens, as described in the Logback Pattern Layout documentation. If you make changes the pattern, then end the pattern with %n to create a new line after the log entry is written.

The OpenEdge ABL web application log file (abl-app-name.date.log), which includes the Session Manager and Spring Security logs, supports the following MDC fields which are designated by the %X token:

Table 2. Supported HTTP Request MDC Field Names for Spring Security and Session Manager logs
Logging field name Logging field description Tomcat access log syntax ABL application log syntax
OEReq.userId The Spring Security authenticated user ID, that is identified as the client from the server. %{OEReq.userId}r %X{OEReq.userId}
OEReq.sessionId The HTTP session ID assigned to the current PAS for OpenEdge client login session (if server login sessions are configured) %S %X{OEReq.SessionId}
OEReq.requestId The PAS for OpenEdge assigned request ID relative to the server instance (Note: This property is not unique across load-balanced server instances.) %{OEReq.requestId}r %X{OEReq.requestId}
OEReq.webapp The Java web application context name the PAS for OpenEdge client request executes in n/a %X{OEReq.webapp}
OEReq.transport The {apsv | soap | rest | web | file} PAS for OpenEdge service interface transport name the client's request executes in n/a %X{OEReq.transport}
OEReq.remoteHost This field contains the remoteHost DNS address obtained from the PAS for OpenEdge network connection %h %X{OEReq.remoteHost}
OEReq.remoteAddr This field contains the remoteHost IP address obtained from the PAS for OpenEdge network connection %a %X{OEReq.remoteAddr}
OEReq.serverName This field contains the name of the PAS for OpenEdge server %v %X{OEReq.serverName}
OEReq.URI This field contains the HTTP request's relative URI within OEReq.webapp n/a %X{OEReq.URI}
OEReq.protocol This field contains the HTTP request scheme (http or https) %H %X{OEReq.protocol}
OEReq.method This field contains the HTTP request's method name %m %X{OEReq.method}
OEReqHead.xxxxxx This field contains the value of the HTTP request Header named xxxxxx or n/a if the header does not exist. %{xxxxxx}i %X{OEReqHead.xxxxxx}

Formatting Options for MDC values in ABL Spring and Session Manager logs

MDC values can be written to print a certain value if the requested information is not available. This is useful for troubleshooting. If an error occurs before the request ID, or other MDC field, is created, then the log can print a specified value.

The formatting options are written in this format:
%X{logging-field-name[:-default]}

For example:

%X{OEReq.requestId}

The log shows the assigned request ID or blank if the logging occurs before a request ID can be created.

%X{OEReq.requestId:--}

 The log shows the assigned request ID or "-" if the logging occurs before a request ID can be created.

%X{OEReq.requestId:-na}

 The log shows the assigned request ID or "na" if the logging occurs before a request ID can be created

Supported MDC field names for Spring Security authentication and authorization logs

The Spring Security authentication and authorization audit logs monitor for different events. Spring Security Authentication monitors for login pass/fail events. Spring Security authorization monitors for URL access events.

Spring Security Authentication logging fields

The OpenEdge ABL web application login event log file (abl-app-name_authn.date.log supports the following MDC fields that are designated by the %X token:

MDC field name Logging field description ABL application log syntax
OESec.eventType The type of Spring Security process being reported: "Authentication" %X{OESec.evnetType}
OESec.eventStatus The results of the client authentication process: { "success" | "failure" } %X{OESec.eventStatus}
OESec.loginPrincipal The client asserted account name for authentication %X{OESec.loginPrincipal}
OESec.failReason A simple string holding the reason for the authentication failure %X{OESec.failReason}
OESec.failDetails A more verbose string hold additional failure information %X{OESec.failDetails}
OEReq.xxxxxx The value of the HTTP request. %X{OEReq.xxxxxx}
OEReqHead.xxxxxx The value of the HTTP request header. %X{OEReqHead.xxxxxx}
Note: For more information about OEReq and OEReqHead MDC field names, see the Supported HTTP Request MDC Field Names for Spring Security and Session Manager logs table.

Spring Authorization logging fields

The OpenEdge ABL web application URL access event log file (abl-app-name_authz.date.log supports the following MDC fields that are designated by the %X token:

MDC field name Logging field description ABL application log syntax
OESec.eventType The type of Spring Security process being reported: "Authorization" %X{OESec.eventType}
OESec.eventStatus The results of the client authentication process: { "granted" | "denied" } %X{OESec.eventStatus}
OESec.authzUserId The authenticated client's account name whose ROLEs are tested for URL access %X{OESec.authzUserId}
OESec.failObj The URL resource name being authorized %X{OESec.failObj}
OESec.failAttrs The authenticated client's account attributes used for authorizing URL access %X{OESec.failAttrs}
OEReq.xxxxxx The value of the HTTP request. %X{OEReq.xxxxxx}
OEReqHead.xxxxxx The value of the HTTP request header. %X{OEReqHead.xxxxxx}
Note: For more information about OEReq and OEReqHead MDC field names, see the Supported HTTP Request MDC Field Names for Spring Security and Session Manager logs table above.

HTTP Request header fields are also supported for each audit log. For more information, see Configure MDC access to HTTP request headers.