EventLogLogWriter
The EventLogLogWriter writes messages from the One Identity Manager Service to an event log. To view the event log, you can use the results display in the Microsoft Management Console, for example.
Table 112: EventLogLogWriter parameters
|
EventLog |
Name of the event log to which the messages are written. The messages are written to the application log with Application as the default value.
NOTE: If more than one One Identity Manager Service write event logs on a server, make sure that the first eight letters in the log name are unique on the server. |
|
LogSeverity |
Severity levels of the logged messages.
Permitted values are:
-
Info: All messages are written to the event log. The event log quickly becomes large and confusing.
-
Warning: Only warnings and exception errors are written to the event log (default).
-
Serious: Only exception messages are written to the event log. |
|
EventID |
The ID of the messages written to the event log. |
|
Category |
The category of the messages written to the event log. |
|
Source |
The name of the source of the messages written to the event log. |
By default, the One Identity Manager Service only logs messages in the event log Application.
To use an event log with a different name
-
On the Job server, manually add the file for theOne Identity Manager Service to write to. You can use Windows PowerShell, for example, to do this.
-
Run Windows PowerShell as administrator on the Job server.
-
Run the following CmdLet:
New-EventLog -Source "Foobar" -LogName "<file name>"
-
Enter this file name in the One Identity Manager Service configuration file, in the module EventLogWriter as the name for the event log.
-
Restart the computer.
-
Restart the One Identity Manager Service.
Related topics
FileLogWriter
The FileLogWriter writes messages from One Identity Manager Service to a log file. The log file can be displayed in a browser.
You call up the log file with the appropriate URL.
http://<server name>:<port number>
The default value is port 1880.
Table 113: FileLogWriter parameters
|
Log file (OutputFile) |
Name of the log file, including the directory name. Log information for the One Identity Manager Service is written to this file.
IMPORTANT: The directory specified for the file must exist. If the file cannot be created, no error output is possible. Error messages then appear under Windows operating systems in the event log or under Linux operating systems in /var/log/messages. |
|
Log rename interval (LogLifeTime) |
In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (for example, as JobService.log_20040819-083554) and a new log file is started.
Timeout format:
|
|
Process step log lifetime (JobLogLifeTime) |
Retention time for process step logs. After this expires, the logs are deleted.
Timeout format:
For test purposes, you can enable logging of individual process steps in the Job Queue Info. The processing messages of the process step is written to a separate log with the Debug NLog severity. The files are stored in the log directory.
Repository structure:
<Log directory>\JobLogs\<First 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log |
|
Number of history logs (HistorySize) |
Maximum number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded. |
|
Max. log file size (MB) (MaxLogSize) |
Maximum size in MB of the log file. Once the log file has reached the limit, it is renamed as a backup file and a new log file is created. |
|
Max. length of parameters (ParamMaxLength) |
Maximum number of characters allowed in a process step parameter so that they are written to the log file. |
|
LogSeverity |
Severity levels of the logged messages.
Permitted values are:
-
Info: All messages are written to the event log. The event log quickly becomes large and confusing.
-
Warning: Only warnings and exception errors are written to the event log (default).
-
Serious: Only exception messages are written to the event log. |
|
Add server name (AddServerName) |
Specifies whether the server name is to be added to the log entries. |
Dispatcher module
In a hierarchical server structure a server can be used as a proxy server for other servers. The proxy server makes requests at set time intervals for process steps to be processed on a server and sends them to the next server. If the request load needs to be minimized, a proxy server is recommended.
Table 114: Dispatcher module parameters
|
Acts as proxy for other servers (IsProxy) |
Specifies whether the server is to act as a proxy server. Set this option if the server should be a proxy server. |
|
ProxyInterval |
Time interval in seconds, after which the proxy server acting as deputy for another server, should renew a request to the database. |
The following guidelines can be used as orientation for the configuration of One Identity Manager Service polling intervals in a cascading environment:
Table 115: Polling interval guidelines for One Identity Manager Service
|
JobServiceDestination.StartInterval |
90 seconds |
600 seconds |
|
JobServiceDestination.Statisticinterval |
360 seconds |
600 seconds |
|
Dispatcher.ProxyInterval |
180 seconds |
|
|
Dispatcher.IsProxy |
True |
False |
The proxy mode of a root server ensures that, acting on behalf of the leaf server, process steps are queried in shorter proxy intervals. When the root server is restarted, it may take a while until all leaf servers have sent their first request (in this case a maximum of 600 seconds). However, the system then swings into action.
Figure 28: Dispatcher configuration example
Connection module
With this module you can set special configuration settings for the behavior of the One Identity Manager Service.
Table 116: Connection module parameters
|
Process generation log directory (JobGenLogDir) |
Directory of log files in which the instructions for process generation generated by One Identity Manager Service are recorded. |
|
Disable reload beep (NoReloadBeep) |
When this parameter is set the beep is switched off that is made when buffered dialog data is loaded. |
|
Log BLOB reads (LogBlobReads) |
Specifies whether read operations on text and binary LOB (BLOB) should be written to the SQL log. |
|
Cache type (CacheType) |
Specifies how the data is cached. The default value is MultipleFiles. |
|
Cache reload interval (CacheReloadInterval) |
Time in seconds after which the local cache should be updated. This parameter overwrites the setting in the Common | CacheReload | Interval configuration parameter. |
|
Regular expression for stack trace positions (ObjectDumpStackExpression) |
This expression specifies when an extra stack trace is written to the object log. If the current row in the object log matches the regular expression, the stack trace is written in the object log.
Sample expression: "Lastname"
If the current row contains the value "Lastname", the stack trace is also copied to the log.
NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds. |
|
TokenCertificateThumbprint |
Thumbprint of the certificate used to verify the security token. |
|
TokenCertificateFile |
Certificate file of the certificate to be used to verify the security token. The certificate must support RSA encryption with SHA1, SHA256, or SHA512 and contain the private key. |
|
Supports read-only replicas in Azure (SupportReadScaleOut) |
Specifies whether a second pool for read-only queries is supported in Azure. If the option is set, read-only queries are supported This feature is available in Azure's Premium and Business Critical tiers. For more information, see https://docs.microsoft.com/en-us/azure/azure-sql/database/read-scale-out. |
|
Connect directly without availability check (DirectConnection) |
Specifies whether to connect directly to the target database without testing availability or status first. This allows tools that do not allow database switching within the connection, to trace the connection.
NOTE: This option can affect migration because the connection is always open. |
