Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.3 - Process Monitoring and Troubleshooting Guide

About this guide Monitoring handling of processes Support for error localization in One Identity Manager Configuring logs in One Identity Manager

Configuring the One Identity Manager Service log file

To generate the log file, customize the FileLogWriter module in the One Identity Manager Service configuration file for each One Identity Manager Service.

Table 19: FileLogWriter parameters

Parameters

Description

Number of history logs (HistorySize)

Maximum number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.

Max. length of parameters (ParamMaxLength)

Maximum number of characters allowed in a process step parameter so that they are written to the log file.

Max. log file size (MB) (MaxLogSize)

Maximum size in MB of the log file. Once the log file has reached the limit, it is renamed as a backup file and a new log file is created.

Log file (OutputFile)

Name of the log file, including the directory name. Log information for the One Identity Manager Service is written to this file.

IMPORTANT: The directory specified for the file must exist. If the file cannot be created, no error output is possible. Error messages then appear under Windows operating systems in the event log or under Linux operating systems in /var/log/messages.

Process step log lifetime (JobLogLifeTime)

Retention time for process step logs. After this expires, the logs are deleted.

Timeout format:

day.hour:minutes:seconds

For test purposes, you can enable logging of individual process steps in the Job Queue Info. The processing messages of the process step is written to a separate log with the Debug NLog severity. The files are stored in the log directory.

Repository structure:

<Log directory>\JobLogs\<First 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log

LogSeverity

Severity levels of the logged messages.

Permitted values are:

  • Info: All messages are written to the event log. The event log quickly becomes large and confusing.

  • Warning: Only warnings and exception errors are written to the event log (default).

  • Serious: Only exception messages are written to the event log.

Add server name (AddServerName)

Specifies whether the server name is to be added to the log entries.

Log rename interval (LogLifeTime)

In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (for example, as JobService.log_20040819-083554) and a new log file is started.

Timeout format:

day.hour:minutes:seconds

For more information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

Authentication method for displaying the One Identity Manager Service log file

Use the HTTP authentication module to specify how authentication on the HTTP server works to access the services, for example, to display the log file or status display.

The following module types may be selected:

  • BasicHttpAuthentication

    Use this authentication type to specify a user account for accessing the HTTP server.

    Module parameters are:

    • User account (User): User account for logging in.

    • Password (Password): User account's password.

  • SessionHttpAuthentication

    Users can log in with the authentication modules that are assigned to the Job Server application and enabled.

    The users require the JobServer_Status program function.

    Table 20: Module parameters

    Parameter

    Description

    Job provider ID (ProviderID)

    ID of the Job provider with the connection configuration to use for logging in. This must be either a MSSQLJobProvider or an AppServerJobProvider. If this is empty the first Job provider is used.

    Application URL (AppURL)

    (Optional) This option is only required if the users can log in with OAuth2 or OpenID Connect. The URL must match the value in the QBMWebApplication.BaseURL column. A OAuth2/OpenID Connect configuration is assigned to the web application.

    The following URL must be given in the configuration and the connected external system as the redirect URL.

    https://<jobserver>:<port>/login

    Cleanup after inactivity (RemoveSessionAfterInactivity)

    Specifies the time period after which the session is removed from memory. The next time the session is accessed, it is reestablished transparently for the user. The default value is 00:10:00.

    Timeout format:

    hours:minutes:seconds

    Session timeout (SessionTimeout)

    Specifies how long a session stays connected. After timeout expired or when the Job server is restarted, the session is ended. The default value is 1.00:00:30.

    Timeout format:

    day.hour:minutes:seconds

    For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

  • WindowsHttpAuthentication

    Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server.

    Module parameters are:

    • Group (Role): Active Directory group. A security ID (SID) or the Active Directory group name in the domain of the Job server can be specified. If the Active Directory group is not located in the domain of the Job server, the SID must be used.

    • Debug login errors (DebugLoginErrors): (Optional) User account properties and groups are written to the log file to debug login problems. Do not set this value in production environments as group assignments can be written to the log.

NOTE: If a module is not specified, authentication is not required. In this case, all users can access the services.

For more information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

Advanced logging in the One Identity Manager Service

To use advanced logging for the One Identity Manager Service, configure the storage of log files in the One Identity Manager Service configuration file in the Connection module.

NOTE: The given directories must exist and the One Identity Manager Service user account must have write permissions to the directory.

Following parameters are available:

  • Process generation log directory (JobGenLogDir)

    Log files are created in the specified directory to log the process generation instructions generated by One Identity Manager Service.

For more information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

Extended debugging in One Identity Manager Service

The Configuration module of the One Identity Manager Service configuration file provides two parameters for advanced debugging:

  • DebugMode

  • ComponentDebugMode

If the Debug mode (DebugMode) parameter is enabled, the One Identity Manager Service writes more extensive information into the log file, such as all parameters transferred to a component and the results of the process handling and their Out parameters.

Individual One Identity Manager Service process components can output additional process data to the One Identity Manager Service log file. For this purpose, you can enable the Component debug mode (ComponentDebugMode) parameter in the configuration module. Use this debug mode only for localizing errors because the effect on performance means that it is not recommended for normal use.

For more information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación