How do we ensure tenant based logging in WSO2?
We do not want logs from different customers getting mingled. Essentially, what we are looking for is completely different directories for each tenant's logs.
I have read a fair bit of documentation for the same and there does not seem to be an out of the box solution.
Any tips is appreciated.
The logs are separate in memory, so you may login to the carbon console as a tenant admin and check Monitor -> System Logs to see the logs dedicated to that specific tenant.
However, there is no OOTB solution to dividing the text based logs by tenant.
Related
I have installed WSO2 IS (5.10) and Analytics (5.8), on separate servers, following the WSO2 IS documentation. I am successfully getting authentication events received into Analytics and can view them (after many headaches with IS insisting on using ports and SSL that I never told it to use - another story).
Now I can log into the dashboard, (/portal, admin/admin), and I see the IS events. Where do I manage portal users, permissions, and authentication? I want to add additional viewers (via LDAP) but can't even find a place to change the admin password, never mind manage additional users.
Nor can I find any documentation on how to manager users in Analytics. Any help is appreciated.
I came across this admin-dashboard component and am just curious what it is or what it can do.
It is mentioned in WSO2 documentation related to workflow customization. I did not find any related pages dedicated to this component. What is it, and what is designed for, or what it can do?
Any help is appreciated.
Its created for the administrative tasks and few other tasks. You can do the following using the admin dashboard.
There are several activities related to api store which we can configure workflows. For example, if someone wants to sign up to your store, you can submit it for the store owner's approval. Other places where you can configure work flows are application creation and api subscription. Such pending approval appear in the admin dashboard where the admin can approve or reject them.
You can upload customized themese for api store
This also provides a UI for adding and editing throttling tiers.
In the next releases this will get more such functionalities added.
We have some security requirements from customer, so we need to configure/develop detailed audit logging which will log user actions done in Carbon Management console - i.e. datasource modification, service modification in WSO2 ESB.
Is there any way do this using included log4j?
We are using WSO2 Enterprise Service Bus 4.8.1 and WSO2 Application Server 5.2.1
WSO2 products has an audit log which can be found in the repository/logs folder. But the problem is, this audit log has very little audit information. Reason is as follows.
WSO2 products are built using a collection of reusable osgi componentns. For example, for data sources related operations we have one component and for proxy related operations we have another.
Now, the problem here is, these individual components has not put enough audit logs to cover the user operations. Therefore, your requirement seems to be difficult to achieve.
There are some extension points in WSO2 products where you can use to do your own tasks upon certain actions such as user login, user creation. For example, you can implement a certain interface and print whatever log you want upon a successful user login or a failed login attempt. But, those extension points are limited mostly to user management related operations.
All the HTTP communication done with the server is already logged in HTTP access logs in CARBON_HOME/repository/logs. You can use a log analyzer tool or even grep to capture any desired user action.
Ex: To get the log ins to datasources page use
cat http_access_2016-06-02.log | grep "GET /carbon/ndatasource/index.jsp"
I added in claim-config.xml but i dont see that claim being added in the IS management console.
<ClaimURI>http://wso2.org/claims/serialNumber</ClaimURI>
<DisplayName>serialNumber</DisplayName>
<AttributeID>url</AttributeID>
<Description>SerialNumber</Description>
<DisplayOrder>3</DisplayOrder>
<SupportedByDefault />
</Claim>
Also i dont want to add the claim mapping from management console. i want to automate this process so need a configuration change.
WSO2IS reads the claim-config.xml file and add those claims when you start the server first time. After you update the claim-config.xml, It does not read from it. When server is started first time, it reads the claim-config.xml file add add those in to the database (as there are no any claim configuration in the database). If claim mapping are dynamically changed and you do not like to configure them from UI, you can automate the web service API that is used to configure the claims. If claim mappings are not changed, them you can add all the configures in the claim-config.xml in the first start up.
You can use the ClaimManagementService admin service of WSO2 Identity Server to do CRUD operations on claims. You can get an idea of available methods by referring to the wsdl of ClaimManagementService. Please refer to this link for more information regarding calling admin services of WSO2 servers.
Is there a way to show entire Audit Log associated to one service in the Service Detail layout instead of having to go search activities & figuring out changes?
Thanks.
As i know, It is not supported yet. You need to search in log file using the service name and found out them. Actually for analysis logs and audit, WSO2 may recommend the BAM server where you want to publish server's audit and log data