Version: 1.15

Audit log message format

The audit log messages are written in US ASCII, one message per line, and the values of the parameters in the list for the log events will use a variant of RFC3986 percent ('%') URL encoding to safeguard against dangerous characters.

Parameter values are UTF-8 encoded to octet streams that are subsequently percent encoded as needed.

Basically, the logger will do a URL encoding of the value of every parameter but will exclude the following characters from the encoding:

'|', '~', '!', '#', '$', '&', '\'', '(', ')', '*', '+', '/', ':', ';', '?', '@', '[', ']', '\'', '-', '.', '<', '>', '\', '^', '_', '`'

Evaluation event log example (concise)

The following XML is a sample log entry in the default concise format, with explanations provided in the table below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EvaluationEvent xmlns="http://www.axiomatics.com/v1/EvaluationEvent" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
 <GroupId>4f1c96e8-9749-4233-b170-9560c5905904</GroupId>
 <Timestamp>2020-07-02T07:55:28.379Z</Timestamp>
 <ClientIdentity>Username%3A+ads-user</ClientIdentity>
 <ClientSource>127.0.0.1:53633</ClientSource>
 <xacml-ctx:Request ReturnPolicyIdList="false" CombinedDecision="false">
  <xacml-ctx:RequestDefaults>
   <xacml-ctx:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml-ctx:XPathVersion>
  </xacml-ctx:RequestDefaults>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
   <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
    <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Alice</xacml-ctx:AttributeValue>
   </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
 </xacml-ctx:Request>
 <ResultEntries>
  <ResultEntry>
   <xacml-ctx:Result>
    <xacml-ctx:Decision>Permit</xacml-ctx:Decision>
    <xacml-ctx:Status>
    <xacml-ctx:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
    </xacml-ctx:Status>
   </xacml-ctx:Result>
   <Call attributeRef="A1">
    <Value>Stockholm</Value>
   </Call>
   <Call attributeRef="A2">
    <Value>QA</Value>
   </Call>
   <Call attributeRef="A3">
    <Value>Engineering</Value>
   </Call>
   <Call attributeRef="A4">
    <Value>%3C%3Fxml+version%3D%271.0%27%3F%3E%0A%3Cresources+xmlns%3D%27http%3A%2F%2Fietf.org%2Fns%2Fhome-documents%27+xmlns%3Aatom%3D%27http%3A%2F%2Fwww.w3.org%2F2005%2FAtom%27%3E%0A++%3Cresource+rel%3D%27http%3A%2F%2Fdocs.oasis-open.org%2Fxacml%2Fns%2Frelation%2Fpdp%27%3E%0A++++%3Catom%3Alink+href%3D%27%2Fauthorize%27%2F%3E%0A++%3C%2Fresource%3E%0A%3C%2Fresources%3E</Value>
   </Call>
   <Call attributeRef="A5">
    <Value>write</Value>
   </Call>
  </ResultEntry>
 </ResultEntries>
</EvaluationEvent>

Line number	Description
Line 3	The ID of the Authorization Domain.
Line 4	The time when the evaluation started.
Line 5	The identity of the caller. If ADS is started without authentication, this line will be excluded.
Line 6	IP address and port number of the calling PEP.
Lines 7-16	The XACML request evaluated by ADS.
Line 17	Element that contains individual ResultEntry elements.
Line 18	Element that contains information about an individual XACML evaluation. If this is a normal XACML evaluation, there will only be one ResultEntry element. If this is an MDP (Multiple Decision Profile) request, there will be mulitple ResultEntry elements.
Lines 19-24	The XACML result of the evaluation.
Line 20	The XACML Decision (Permit, Deny, Not applicable, Indeterminate)
Lines 21-23	The status of the evaluation (OK, processing error).
Lines 25-39	Information on attribute values that have been fetched from an Attribute Connector and used in the evaluation. The attribute attributeRef will refer to which attributes these are values for.

Line description, evaluation log example (concise)

Evaluation event log example (verbose)

The following XML is a sample log entry configured to use the verbose format, with explanations provided in the table below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EvaluationEvent xmlns="http://www.axiomatics.com/v1/EvaluationEvent" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
 <GroupId>4f1c96e8-9749-4233-b170-9560c5905904</GroupId>
 <GroupVersion>0</GroupVersion>
  <Timestamp>2020-07-02T07:55:28.379Z</Timestamp>
  <EvaluationTimeMillis>510</EvaluationTimeMillis>
   <ClientIdentity>Username%3A+ads-user</ClientIdentity>
   <ClientSource>127.0.0.1:53633</ClientSource>
   <InterfaceType>REST</InterfaceType>
   <PdpIdentity />
   <xacml-ctx:Request ReturnPolicyIdList="false" CombinedDecision="false">
     <xacml-ctx:RequestDefaults>
       <xacml-ctx:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml-ctx:XPathVersion>
     </xacml-ctx:RequestDefaults>
     <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
       <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
         <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Alice</xacml-ctx:AttributeValue>
       </xacml-ctx:Attribute>
     </xacml-ctx:Attributes>
   </xacml-ctx:Request>
   <Pip refId="P1">
     <Id>318ce3f1-c4dd-4540-be17-73766fe9afed</Id>
     <Type>com.axiomatics.attributeconnector.ldap.LDAPAttributeFinder</Type>
     <Version>0</Version>
   </Pip>
   <Pip refId="P2">
     <Id>13371bff-a2db-4e17-9dba-166747dfd047</Id>
     <Type>com.axiomatics.attributeconnector.jdbc.SQLAttributeFinder</Type>
     <Version>0</Version>
   </Pip>
   <Pip refId="P3">
     <Id>3c629267-2cda-4c91-bb14-ccc272c1d94e</Id>
     <Type>com.axiomatics.attributeconnector.table.TableAttributeFinder</Type>
     <Version>0</Version>
   </Pip>
   <Pip refId="P4">
     <Id>6c07041e-17a2-4982-92e1-ff137f09b947</Id>
     <Type>com.axiomatics.pip.http.HttpClient</Type>
     <Version>0</Version>
   </Pip>
   <Pip refId="P5">
     <Id>b5dda2a1-7cba-43e0-a658-36168a071d64</Id>
     <Type>com.axiomatics.pip.parser.XmlParser</Type>
     <Version>0</Version>
   </Pip>
   <Attribute refId="A3" id="department" category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" datatype="http://www.w3.org/2001/XMLSchema#string" />
   <Attribute refId="A5" id="urn:oasis:names:tc:xacml:1.0:action:action-id" category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" datatype="http://www.w3.org/2001/XMLSchema#string" />
   <Attribute refId="A1" id="location" category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" datatype="http://www.w3.org/2001/XMLSchema#string" />
   <Attribute refId="A2" id="role" category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" datatype="http://www.w3.org/2001/XMLSchema#string" />
   <Attribute refId="A4" id="entrypoint" category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" datatype="http://www.w3.org/2001/XMLSchema#string" />
   <ResultEntries>
     <ResultEntry>
       <xacml-ctx:Result>
         <xacml-ctx:Decision>Permit</xacml-ctx:Decision>
         <xacml-ctx:Status>
         <xacml-ctx:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
         </xacml-ctx:Status>
       </xacml-ctx:Result>
       <Call attributeRef="A1" pipRef="P1" cachedValue="false">
         <Value>Stockholm</Value>
       </Call>
       <Call attributeRef="A2" pipRef="P2" cachedValue="false">
         <Value>QA</Value>
       </Call>
       <Call attributeRef="A3" pipRef="P3" cachedValue="false">
         <Value>Engineering</Value>
       </Call>
       <Call attributeRef="A4" pipRef="P4" cachedValue="false">
         <Value>%3C%3Fxml+version%3D%271.0%27%3F%3E%0A%3Cresources+xmlns%3D%27http%3A%2F%2Fietf.org%2Fns%2Fhome-documents%27+xmlns%3Aatom%3D%27http%3A%2F%2Fwww.w3.org%2F2005%2FAtom%27%3E%0A++%3Cresource+rel%3D%27http%3A%2F%2Fdocs.oasis-open.org%2Fxacml%2Fns%2Frelation%2Fpdp%27%3E%0A++++%3Catom%3Alink+href%3D%27%2Fauthorize%27%2F%3E%0A++%3C%2Fresource%3E%0A%3C%2Fresources%3E</Value>
       </Call>
       <Call attributeRef="A5" pipRef="P5" cachedValue="false">
         <Value>write</Value>
       </Call>
       <EvaluationComplexity>36</EvaluationComplexity>
     </ResultEntry>
   </ResultEntries>
</EvaluationEvent>

Line number	Description
Line 3	The ID of the Authorization Domain.
Line 4	The object version of the Authorization Domain.
Line 5	The time when the evaluation started.
Line 6	Evaluation time in milliseconds for this request.
Line 7	The identity of the caller. If ADS is started without authentication, this line will be excluded.
Line 8	IP address and port number of the calling PEP.
Line 9	The interface by which the client contacts ADS for authorization services.
Line 10	Identity of the PDP as registered in ASM. For ADS this is always an empty string.
Lines 11-20	The XACML request evaluated by ADS.
Lines 21-45	The definition of an Attribute Connector that was called during evaluation, where refId - The evaluation unique identifier as referenced by the Call element in this evaluation to denote this Attribute Finder Id - The unique identifier of the Attribute Connector object Type - The Attribute Connector Type Version - The object version of the Attribute Connector
Lines 46-50	The definition of an external Attribute that was used during evaluation and for which values were fetched from an Attribute Finder (PIP), where refId - The evaluation unique identifier as referenced by the Call element in this evaluation to denote this attribute id - the id of the attribute category - the XACML category of the attribute datatype - the XACML datatype
Line 51	Element that contains individual ResultEntry elements.
Line 52	Element that contains information about an individual XACML evaluation. If this is a normal XACML evaluation, there will only be one ResultEntry element. If this is an MDP (Multiple Decision Profile) request, there will be mulitple ResultEntry elements.
Lines 53-58	The XACML result of the evaluation.
Line 54	The XACML Decision (Permit, Deny, Not applicable, Indeterminate)
Lines 55-57	The status of the evaluation (OK, processing error).
Lines 59-73	Information on attribute values that have been fetched from an Attribute Connector and used in the evaluation. The attribute attributeRef will refer to which attributes these are values for. The attribute pipRef will refer to which Attribute Connector these values were fetched from. The attribute cachedValue indicates whether these values were obtained from the cache.
Line 74	A metric that indicates how expensive the evaluation was in terms of evaluation process steps.

Line description, evaluation log example (verbose)

Administrative event log example

The following text is a sample log entry for an administrative event, with explanations provided in the table below:

"thread":"main","message":"Domain with id 08922b78-48f7-4147-b9eb-ae0034b6ccd0 was loaded","level":"INFO","timestamp":1629726715756,"logger":"com.axiomatics.audit.ads.admin"

Item	Description
thread	Which thread of the log stream this entry belongs to.
message	The event that was logged.
level	The severity level set for the logging configuration.
timestamp	The time of the event.
logger	The logger that produced the event.

Administrative event log description

Note: There is only one version of the output, the concise/verbose option is only relevant for evaluation events.

On this page

Audit log message format

Evaluation event log example (concise)

Evaluation event log example (verbose)

Administrative event log example

On this page

On this page

Audit log message format

Evaluation event log example (concise)​

Evaluation event log example (verbose)​

Administrative event log example​

On this page

Evaluation event log example (concise)

Evaluation event log example (verbose)

Administrative event log example