Logging and monitoring

The following sections describe how to secure and use the logging and user activity monitoring functions.

Audit logs

When the Control Center is used to change configuration information, an audit entry is stored in the database tables for audit logging. This audit information can be used to view changes in the configuration and to help debug problems.

You can view the audit log entries by using the audit info page. Use the authorization methods that are provided by the Control Center to ensure that only users with a valid business need can access that page. For more information about the auditing pages, see Audit information pages.

The auditing information is also available in database views that you can use to write your own monitoring application.

Enterprise, or system, logs

Informational, warning, or exception operational messages are stored in the database tables for enterprise logging. These messages are also written to the log files for the Payment Feature Services component. When trace messages are enabled, they are written only to the log file for the component.

You can view the operational messages by using the system logs page. Use the authorization methods that are provided by the Control Center to ensure that only users with a valid business need can access the log pages. For more information, see System logs pages.

Alerts can be configured so that you can be notified when certain log messages occur. For more information, see the following documentation:
  • Alert list pages
  • Alert Suppression page
  • Email notification task

Component logs

The log file for a component contains trace messages and the same messages that were written to the enterprise log. For the Java™ SE components, each instance has its own log file. Components that are deployed into WebSphere® Application Server use the system logs that are configured. The Java SE components are Business Rules, Gateway Server, and Transaction Server. Consider limiting access to the file directories that are used to store the logs for these components.

Log data with JavaScript

Logged messages are written exactly as they are received and any JavaScript characters are not escaped. The JavaScript characters in log message data might come from input files or in configuration data. These characters are not escaped because different utilities can be used to view the data and each utility might handle the log data in a different way. Ensure that any utility that you use to view the data does not potentially run any JavaScript that is embedded in the log data. For example, the Control Center correctly handles the JavaScript data in messages.

Monitoring

You can monitor for users that did not access their accounts for a specified amount of time. For those users, you can lock their accounts so they cannot use Control Center. Also, an account for a user that is not active can be automatically removed. For more information about using a Services Framework task to monitor users, see Inactive users task.