MicroProfile Telemetry log events reference list
MicroProfile Telemetry can collect logging events from the server runtime and applications. You can use these events to gather and analyze data that can help to better understand the behavior of applications.
For more information, see Collect logs, metrics, and traces with OpenTelemetry.
MicroProfile Telemetry can collect the following types of events:
For information about trace log detail levels and how Open Liberty settings map to OpenTelemetry severity numbers, see OpenTelemetry severity number mapping with Liberty log levels.
Message events
The following table provides the fields for Liberty message events, a description for each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty message event fields | Description | Maps to OpenTelemetry logs data model | OpenTelemetry Java agent (JUL) mapping |
|---|---|---|---|
type | A string that identifies the type of event. | Attributes[ | N/A |
host | Host name of the server that is the source of the event. | Resource[ | Resource[ |
message | The message from the log record, starting with the message ID. | Body | body |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ | N/A |
ibm_datetime | Time at which the event occurred. | TimeStamp | TimeStamp |
ibm_messageId | Message ID in the log line. | Attributes[ | N/A |
module | Logger name from the log record. | Attributes[ | N/A |
loglevel | Severity indicator | SeverityText | SeverityText |
ibm_methodName | Method name from the log record. | Attributes[ | N/A |
ibm_className | Class name from the log record. | Attributes[ | N/A |
ibm_sequence | Sequence number of the event,. | Attributes[ | N/A |
ext_thread | Name of the thread that is the source of the event. | Attributes[ | N/A |
ext_appName | Name of the application that logged the message. | Attributes[ | N/A |
The following example shows the OpenTelemetry Collector output for a message event from an application:
timeUnixNano="1717512929163000000"
observeTimeUnixNano="1717512929602000000"
severityNumber="13"
severityText="W"
body=" BADAP0001W: Test Warning."
traceId="a4fa4f34167d2bcbcfb94588d37b332"
spanId="63522117c3492d42"
Attributes:
io.openliberty.type="liberty_message"
io.openliberty.message_id="BADAP0001W"
io.openliberty.sequence="1717512929163_0000000000012
io.openliberty.module="com.ibm.ws.lumberjack.badness.Angry"
thread.id="65"
thread.name="Default Executor-thread-2"
io.openliberty.ext.app_name="badapp"Trace events
The following table provides the fields for Liberty trace events, a description for each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty trace event fields | Description | Maps to OpenTelemetry Logs Data Model | OpenTelemetry Java Agent JUL Mapping |
|---|---|---|---|
type | A string that identifies the type of event. | Attributes[ | N/A |
host | Host name of the server that is the source of the event. | Resource[ | Resource[ |
message | The message from the log record, starting with the message ID. | Body | body |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ | N/A |
ibm_datetime | Time at which the event occurred. | TimeStamp | TimeStamp |
ibm_messageId | Message ID in the log line. | Attributes[ | N/A |
module | Logger name from the log record. | Attributes[ | N/A |
loglevel | Severity indicator | SeverityText | SeverityText |
ibm_methodName | Method name from the log record. | Attributes[ | N/A |
ibm_className | Class name from the log record. | Attributes[ | N/A |
ibm_sequence | Sequence number of the event,. | Attributes[ | N/A |
ext_thread | Name of the thread that is the source of the event. | Attributes[ | N/A |
ext_appName | Name of the application that logged the message. | Attributes[ | N/A |
The following example shows the OpenTelemetry Collector output for a trace event from an application:
timeUnixNano="11234512231363000000"
observeTimeUnixNano="17123512929602000000"
severityNumber="1"
severityText="3"
body="finest trace"
traceId="3fced7fbfbc062349c66a8c1a37c31b2"
spanId="4be39c323e375d9e"
Attributes:
io.openliberty.type="liberty_trace"
io.openliberty.sequence="12312363_0000000000021"
io.openliberty.module="com.test.app"
thread.id="79"
thread.name="Default Executor-thread-12"
io.openliberty.ext.app_name="testapp"FFDC events
The following table provides the fields for the first failure data capture (FFDC) events, a description for each fiel, and the mapping to the OpenTelemetry logs data model:
| Liberty FFDC event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_datetime | Time at which the event occurred. | TimeStamp |
message | The message from the exception that triggered the event. | body and Attributes[ |
ibm_className | The class that emitted the FFDC event. | Attributes[ |
ibm_exceptionName | The exception that is reported in the FFDC event. | Attributes[ |
ibm_probeID | The unique identifier of the FFDC point within the class. | Attributes[ |
ibm_threadId | The thread ID of the FFDC event. | Attributes[ |
ibm_stackTrace | The stack trace of the FFDC event. | Attributes[ |
ibm_objectDetails | The incident details for the FFDC event. | Attributes[ |
ibm_sequence | Sequence number of the event, which is useful for sorting records with the same timestamp. | Attributes[ |
The following example shows the OpenTelemetry Collector output for an FFDC event from an application:
timeUnixNano="1232335231363000000"
observeTimeUnixNano="123455512929602000000"
severityNumber="13"
body="Cannot invoke "java.lang.String.toString()" because "myString" is null"
traceId="3fced7fbfbc062349c66a8c1a37c31b2"
spanId="4be39c323e375d9e"
Attributes:
io.openliberty.type="liberty_ffdc"
exception.message="Cannot invoke "java.lang.String.toString()" because "myString" is null"
exception.stacktrace="java.lang.NullPointerException: Cannot invoke "java.lang.String.toString()" because "myString" is null\n\tat io.openliberty.microprofile.telemetry.logging.internal.container.fat.MpTelemetryLogApp.MpTelemetryServlet.doGet(MpTelemetryServlet.java:53) ..."
exception.type= "java.lang.NullPointerException"
io.openliberty.class_name="io.openliberty.microprofile.telemetry.logging.internal.container.fat.MpTelemetryLogApp"
io.openliberty.object_details="Object type = io.openliberty.microprofile.telemetry.logging.internal.container.fat.MpTelemetryLogApp\n tc = class com.ibm.websphere.ras.TraceComponent@7baa4ff8 ...
io.openliberty.probe_id="62"
io.openliberty.sequence="1723140654466_00000000000011"
thread.id="92"
thread.name="Default Executor-thread-12"Audit events
The Open Liberty Audit feature captures security-related events from the runtime environment and emits human-readable audit records. You can use the data that is generated from the audit events to analyze the configured environment. To collect and send audit logs to your configured OpenTelemetry exporter, add either the audit-1.0 or audit-2.0 feature, along with the mpTelemetry-2.0 or later feature, and specify the audit log source in your feature configuration. For more information, see the MicroProfile Telemetry feature.
The audit events are captured in the following types to help identify different areas where the configured environment can be improved:
The following tables provide the fields for Liberty audit events, a description for each field, and the mapping to the OpenTelemetry logs data model and Java agent:
SECURITY_AUDIT_MGMT
You can use the SECURITY_AUDIT_MGMT event to capture the the audit information from the management of the audit service. The following table provides the fields for the `SECURITY_AUDIT_MGM`T event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
SECURITY_MEMBER_MGMT
You can use the SECURITY_MEMBER_MGMT event to capture the audit information from SCIM operations or member management. The following table provides the fields for the SECURITY_MEMBER_MGMT event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.action | What action is being performed on the target. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.entityType | Generic name of the member that is acted upon. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.repositoryId | Repository identifier that is associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
ibm_audit_target.uniqueName | Unique name of the member that is acted upon. | Attributes[ |
SECURITY_API_AUTHN
You can use the SECURITY_API_AUTHN event for Servlet 3.0 and later APIs to capture audit information when a user logs in and authenticates. The following table provides the fields for the SECURITY_API_AUTHN event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.entityType | Generic name of the member that is acted upon. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.params | Names and values of any parameters that are sent to the target with the action. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_API_AUTHN_TERMINATE
You can use the SECURITY_API_AUTHN_TERMINATE event for servlet 3.0 and later APIs to capture the audit information when a user logs out. The following table provides the fields for the SECURITY_API_AUTHN_TERMINATE event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.params | Names and values of any parameters that are sent to the target with the action. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_AUTHN_TERMINATE
You can use the SECURITY_AUTHN_TERMINATE event to capture the the audit information from a form logout. The following table provides the fields for the SECURITY_AUTHN_TERMINATE event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.params | Names and values of any parameters that are sent to the target with the action. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_AUTHN
You can use the SECURITY_AUTHN event to capture the audit information from basic authentication, form login authentication, client certificate authentication, and JASPI authentication. The following table provides the fields for the SECURITY_AUTHN event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.params | Names and values of any parameters that are sent to the target with the action. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_AUTHN_DELEGATION
You can use the SECURITY_AUTHN_DELEGATION event to capture the audit information from Servlet runAs delegation and EJB delegation. The following table provides the fields for the SECURITY_AUTHN_DELEGATION event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.delegation.users | List of users in the delegation flow, starting with the initial user invoking the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.params | Names and values of any parameters that are sent to the target with the action. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.runas.role | RunAs role name that is used in the delegation. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_AUTHN_FAILOVER
You can use the SECURITY_AUTHN_FAILOVER event to capture the audit information from failover to basic authentication. The following table provides the fields for the SECURITY_AUTHN_FAILOVER event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.authtype.failover | Name of the failover authentication mechanism. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.params | Names and values of any parameters that are sent to the target with the action. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_AUTHZ
You can use the SECURITY_AUTHZ event to capture the audit information from Java Authorization Contract for Containers (JACC) web authorization, unprotected servlet authorization, JACC EJB authorization, and EJB authorization. The following table provides the fields for the SECURITY_AUTHZ event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_target.ejb.beanname | EJB bean name for EJB authorization. | Attributes[ |
ibm_audit_target.ejb.method.interface | EJB method interface for EJB authorization. | Attributes[ |
ibm_audit_target.ejb.method.signature | EJB method signature for EJB authorization. | Attributes[ |
ibm_audit_target.ejb.module.name | EJB module name for EJB authorization. | Attributes[ |
ibm_audit_target.role.names | Roles that are identified as being needed. If none are listed, all EJBs are permitted. | Attributes[ |
SECURITY_REST_HANDLER_AUTHZ
You can use the SECURITY_REST_HANDLER_AUTHZ event to capture the audit information from REST Handler Authorization. The following table provides the fields for the SECURITY_REST_HANDLER_AUTHZ event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.appname | Name of the application to be accessed or run on the target. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.method | Method that is being invoked on the target, such as GET or POST. | Attributes[ |
ibm_audit_target.name | Name of the target. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
ibm_audit_target.session | Session identifier that is associated with the target. | Attributes[ |
SECURITY_JMS_AUTHN
You can use the SECURITY_JMS_AUTHN event to capture the audit information from JMS authentication. The following table provides the fields for the SECURITY_JMS_AUTHN event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.messaging.busname | Name of the messaging bus. | Attributes[ |
ibm_audit_target.messaging.callType | Identifies if the call is remote or local. | Attributes[ |
ibm_audit_target.messaging.engine | Name of the messaging engine. | Attributes[ |
ibm_audit_target.messaging.loginType | Name of the login algorithm that is used, such as Userid+Password. | Attributes[ |
ibm_audit_target.messaging.remote.chainName | If the operation is remote, the name of the remote chain name. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
SECURITY_JMS_AUTHZ
You can use the SECURITY_JMS_AUTHZ event to capture the audit information from JMS authorization. The following table provides the fields for the SECURITY_JMS_AUTHZ event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP or HTTPS, that is associated with the request. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.credential.type | Token type of the user that is performing the action. | Attributes[ |
ibm_audit_target.host.address | Host and port of the target. | Attributes[ |
ibm_audit_target.messaging.busname | Name of the messaging bus. | Attributes[ |
ibm_audit_target.messaging.callType | Identifies if the call is remote or local. | Attributes[ |
ibm_audit_target.messaging.destination | Name of the messaging destination. | Attributes[ |
ibm_audit_target.messaging.engine | Name of the messaging engine. | Attributes[ |
ibm_audit_target.messaging.jmsActions | List of the actions that the credential is allowed. | Attributes[ |
ibm_audit_target.messaging.jmsResource | Name of the JMS resource, such as QUEUE, TOPIC, and TEMPORARY DESTINATION. | Attributes[ |
ibm_audit_target.messaging.operationType | Name of the operation that is being requested. | Attributes[ |
ibm_audit_target.messaging.remote.chainName | If the operation is remote, the name of the remote chain name. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
SECURITY_SAF_AUTHZ
You can use the SECURITY_SAF_AUTHZ event to capture the audit information from a request to the SAF Authorization Service API. The following table provides the fields for the SECURITY_SAF_AUTHZ event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_target.access.level | Level of access that is requested. | Attributes[ |
ibm_audit_target.applid | Identifier of the APPL class. | Attributes[ |
ibm_audit_target.authorization.decision | A true value if the user is authorized to access the SAF resource in the SAF Class, otherwise a false value. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.racf.reason.code | RACF reason code. | Attributes[ |
ibm_audit_target.racf.return.code | RACF return code. | Attributes[ |
ibm_audit_target.saf.class | Name of the SAF Class that contains the SAF resource. | Attributes[ |
ibm_audit_target.saf.profile | Name of the SAF resource that the user requests access to. | Attributes[ |
ibm_audit_target.saf.return.code | SAF return code | Attributes[ |
ibm_audit_target.user.security.name | Username whose access to a SAF resource is being checked. | Attributes[ |
SECURITY_SAF_AUTHZ_DETAILS
You can use the SECURITY_SAF_AUTHZ_DETAILS event to capture the audit information from a SAF Authorization event that is configured to throw a SAF Authorization Exception on failure. The following table provides the fields for the SECURITY_SAF_AUTHZ_DETAILS event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_target.access.level | Level of access that is requested. | Attributes[ |
ibm_audit_target.applid | Identifier of the APPL class. | Attributes[ |
ibm_audit_target.authorization.decision | A true value if the user is authorized to access the SAF resource in the SAF Class, otherwise a false value. | Attributes[ |
ibm_audit_target.credential.token | Token name of the user that is performing the action. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.racf.reason.code | RACF reason code. | Attributes[ |
ibm_audit_target.racf.return.code | RACF return code. | Attributes[ |
ibm_audit_target.saf.class | Name of the SAF Class that contains the SAF resource. | Attributes[ |
ibm_audit_target.saf.profile | Name of the SAF resource that the user requests access to. | Attributes[ |
ibm_audit_target.saf.return.code | SAF return code | Attributes[ |
ibm_audit_target.user.security.name | Username whose access to a SAF resource is being checked. | Attributes[ |
JMX_MBEAN_REGISTER
You can use the JMX_MBEAN_REGISTER event to capture the audit information from JMX MBean registration. The following table provides the fields for the JMX_MBEAN_REGISTER event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP, HTTPS, JMS, or EJB, that is associated with the request, or the state behind the outcome. | Attributes[ |
ibm_audit_target.jmx.mbean.action | MBean action that is being performed: register, unregister. | Attributes[ |
ibm_audit_target.jmx.mbean.name | Name of the MBean that is being acted upon. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
JMX_MBEAN
You can use the JMX_MBEAN event to capture the audit information from JMX_MBEAN operations. The following table provides the fields for the JMX_MBEAN event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP, HTTPS, JMS, or EJB, that is associated with the request, or the state behind the outcome. | Attributes[ |
ibm_audit_target.jmx.mbean.action | MBean action that is being performed: query, create, invoke. | Attributes[ |
ibm_audit_target.jmx.mbean.name | Name of the MBean that is being acted upon. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
JMX_MBEAN_ATTRIBUTES
You can use the JMX_MBEAN_ATTRIBUTES event to capture the audit information from JMX MBEAN attribute operations. The following table provides the fields for the JMX_MBEAN_ATTRIBUTES event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_initiator.host.address | Host address of the initiator of the event. | Attributes[ |
ibm_audit_initiator.host.agent | Name of the monitoring agent that is associated with the initiator. | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP, HTTPS, JMS, or EJB, that is associated with the request, or the state behind the outcome. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP, HTTPS, JMS, or EJB, that is associated with the request, or the state behind the outcome. | Attributes[ |
ibm_audit_target.jmx.mbean.action | MBean action that is being performed on the MBean attribute. getAttribute and setAttribute methods are supported. | Attributes[ |
`bm_audit_target.jmx.mbean.attribute.names | Name of the attributes that are being acted upon. | Attributes[ |
ibm_audit_target.jmx.mbean.name | Name of the MBean that is being acted upon. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
JMX_NOTIFICATION
You can use the JMX_NOTIFICATION event to capture the audit information from JMX notifications. The following table provides the fields for the JMX_NOTIFICATION event, a description of each field, and the mapping to the OpenTelemetry logs data model and Java agent:
| Liberty audit event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
ibm_sequence | Sequence number of the event,. | Attributes[ |
ibm_threadId | Thread ID in the log line, for example, 00000015. | Attributes[ |
loglevel | Severity indicator | SeverityText |
ibm_audit_eventName | Name of the audit event. | Body and Attributes[ |
ibm_audit_eventSequenceNumber | Sequence number of the audit event. | Attributes[ |
ibm_audit_eventTime | Time the event occurred. | TimeStamp |
ibm_audit_observer.id | Identifier of the observer of the event. | Attributes[ |
ibm_audit_observer.name | Name of the observer of the event | Attributes[ |
ibm_audit_observer.typeURI | Unique URI of the observer of the event. | Attributes[ |
ibm_audit_outcome | Outcome of the event. | Attributes[ |
ibm_audit_target.id | Identifier of the target of the action. | Attributes[ |
ibm_audit_target.typeURI | Unique URI of the target of the event | Attributes[ |
ibm_audit_reason.reasonCode | A value that indicates the underlying success or error code for the outcome. In general, a value of 200 means success. | Attributes[ |
ibm_audit_reason.reasonType | A value that indicates the underlying mechanism, such as HTTP, HTTPS, JMS, or EJB, that is associated with the request, or the state behind the outcome. | Attributes[ |
ibm_audit_target.jmx.mbean.action | MBean action that is being performed on one or more MBean attributes. | Attributes[ |
ibm_audit_target.jmx.notification.filter | Name of the notification filter. | Attributes[ |
ibm_audit_target.jmx.notification.listener | Name of the notification listener. | Attributes[ |
ibm_audit_target.jmx.notification.name | Name of the notification. | Attributes[ |
ibm_audit_target.realm | Realm name associated with the target. | Attributes[ |
OpenTelemetry severity number mapping with Open Liberty log levels
You can set the level of detail that your Open Liberty logs collect by configuring the traceSpecification attribute for the logging attribute in your server.xml file. For more information about Liberty log levels, see Trace log detail levels.
The following table describes how the different Liberty log levels map to severity numbers and short names from the OpenTelemetry specification.
| Liberty log levels | OpenTelemetry severity short Name | OpenTelemetry severity meaning |
|---|---|---|
OpenTelemetry severity number | fatal | FATAL |
A fatal error such as application or system crash. | 21 | severe |
ERROR | An error event. Something went wrong. | 17 |
warning | WARN | A warning event. Not an error but is likely more important than an informational event. |
13 | audit | INFO2 |
An informational event. Indicates that an event happened. | 10 | info |
INFO | - | 9 |
config | DEBUG4 | A debugging event. |
8 | detail | DEBUG3 |
- | 7 | fine |
DEBUG2 | - | 6 |
finer | DEBUG | - |
5 | finest | TRACE |
Access events
The following table provides the fields for Liberty message events, a description for each field, and the mapping to the OpenTelemetry logs data model:
| Liberty access event fields | Description | Maps to OpenTelemetry Logs Data Model |
|---|---|---|
type | A string that identifies the type of event. | Attributes[ |
host | Host name of the server that is the source of the event. | Resource[ |
message | The message from the log record, starting with the message ID. | Body |
ibm_remoteHost | Remote host IP address, for example, 127.0.0.1. | Attributes[ |
ibm_requestProtocol | Protocol type, for example, HTTP/1.1. | Attributes[ |
ibm_userAgent | The userAgent value in the request. | Attributes[ |
ibm_requestHeader_{headername} | Header value from the request. | Attributes[ |
ibm_requestMethod | HTTP verb, for example, GET. | Attributes[ |
ibm_responseHeader_{headername} | Header value from the response. | Attributes[ |
ibm_requestPort | Port number of the request. | Attributes[ |
ibm_requestFirstLine | First line of the request. | Attributes[ |
ibm_responseCode | HTTP response code, for example, 200. | Attributes[ |
ibm_requestStartTime | The start time of the request. | Attributes[ |
ibm_remoteUserID | Remote user according to the WebSphere ApplicationServer specific $WSRU header. | Attributes[ |
ibm_urlPath | Path information for the requested URL. This path information does not contain the query parameters, for example, /pushworksserver/push/apps/tags. | Attributes[ |
ibm_elapsedTime | Time that is taken to serve the request, in microseconds. | Attributes[ |
ibm_accessLogDatetime | The time when the message to the access log is queued to be logged. | Timestamp |
ibm_remoteIP | Remote IP address, for example, 127.0.0.1. | Attributes[ |
ibm_requestHost | Request host IP address, for example, 127.0.0.1. | Attributes[ |
ibm_cookie_{cookiename} | Cookie value from the request. | Attributes[ |
ibm_requestElapsedTime | The elapsed time of the request - millisecond accuracy,microsecond precision. | Attributes[ |
ibm_sequence | Sequence number of the event, which is useful for sorting records with the same timestamp. | Attributes[ |
ibm_bytesSent | Response size in bytes excluding headers. | Attributes[ |
ibm_bytesReceived | Bytes received in the URL, for example, 94. | Attributes[ |
