Converse agora com nosso suporte
Chat com o suporte

Identity Manager 8.1.4 - Process Monitoring and Troubleshooting Guide

About this guide Monitoring handling of processes Support for error localization in One Identity Manager Configuring logs in One Identity Manager One Identity Manager configuration files

Recording logins and logoffs in the system journal

One Identity Manager logins and One Identity Manager logoffs can be recorded in the system journal.

NOTE: Logins and logoffs are recorded in the QBM_VDialogJournalLoginAudit view.

To record successful One Identity Manager logins

  • In the Designer, set the Common | Journal | LoginAudit configuration parameter.

To record One Identity Manager logoffs

  • In the Designer, set the Common | Journal | LogoffAudit configuration parameter.

Related topics

LOGDebugOAuth

One Identity Manager provides various options for extending its log. The log can be configured for each One Identity Manager component.

Detailed information about this topic

Global configuration of logging with NLog

Configuration setting for logging messages are made by NLog in Globallog.config. Globallog.config is referenced in the One Identity Manager component's configuration files.

IMPORTANT: The settings in globallog.config apply globally to all One Identity Manager components. Use the application specific *.exe.config configuration file to customize individual components.

NOTE: The default settings of the globallog.config file assume that %localappdata% has write access.

If an *.exe does not have the correct permissions, by changing the logBaseDir variable in globallog.config or by introducing a special log configuration in the application-specific *.exe.config or Web.config configuration file, you can write the log to a directory with write access.

Use variables to define names, output path and layout of the log files. The variable appName is defined in the One Identity Manager component's configuration files.

The targets section defines the output targets for the messages. NLog already has predefined targets that you can use in the configuration file.

The rules section is used to define rules for logging the messages. For an exact description and functionality of NLog, see the online help (http://nlog-project.org/).

Example of file structure

<nlog autoReload="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<variable name="companyName" value="One Identity"/>

<variable name="productTitle" value="One Identity Manager"/>

<variable name="logBaseDir" value="${specialfolder:LocalApplicationData}/${companyName}/${productTitle}/${appName}"/>

<variable name="layout" value="${longdate} ${level:upperCase=true} (${logger} ${event-context:item=SessionId}) : ${event-context:item=Indention}${message} ${exception:format=ToString,StackTrace}" />

<targets async="true">

<default-wrapper xsi:type="BufferingWrapper" bufferSize="256" flushTimeout="2000" />

<target name="logfile" xsi:type="File" fileName="${logBaseDir}/${appName}.log" layout="${layout}" encoding="utf-8"

archiveFileName="${logBaseDir}/${appName}.{#}.log" maxArchiveFiles="7" archiveEvery="Day" archiveNumbering="Rolling"/>

</targets>

<targets>

<target name="eventLog" xsi:type="EventLog" source="${companyName} ${productTitle} ${appName}" layout="${message}${newline}${exception:format=tostring}"/>

</targets>

<rules>

<logger name="*" minlevel="Info" writeTo="logfile"/>

<logger name="*" level="Fatal" writeTo="eventLog"/>

</rules>

</nlog>

You can enter the severity level through:

  • minlevel= Messages are logged from this severity level.
  • level= Message are logged which have exactly this severity level.
Table 17: Permitted severity levels
Severity Level Description
Trace Logs highly detailed information. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.
Debug Logs debug steps. This setting should only be used for testing.
Info Logs all information.
Warning Logs all warnings.
Error Logs all error messages.
Fatal Logs all critical error messages.

By providing logger name, you specify for which One Identity Manager components messages are logged. Messages are logged for all components with the default setting logger name="*". To limit logs to certain components, use the name contained in the log.

Table 18: Logger names of components
Logger name Description
FrontendLog Logs actions in front-ends.
JobGenLog Logs during process generation.
Jobservice Logs One Identity Manager Service messages.
ObjectLog Logs object actions through the object level.
ProjectorEngine Logs messages from the synchronization engine.
SqlLog Logs database queries
StopWatch

Logs timings.

SystemConnection Detailed logging of data communication with the system connection during synchronization, including system configuration and system connectors' data communication.
SystemConnector Logs system connector data communication during synchronization.
Update Logs update handling.
WebLog Logs Web service actions.

Logging the One Identity Manager components

In the One Identity Manager default installation, the log files are written to the %LocalAppData%\One Identity\One Identity Manager\<appName> under the name <appName>.log directory, where appName is the name of the One Identity Manager component.

All messages with a minimum information level of Info are recorded in the <appName>.log file. The files are kept for 7 days and backed up daily.

In addition, all messages with a severity level of Fatal are recorded in the event log for the One Identity Manager <appName> source.

Each One Identity Manager component supports message logging using the integrated NLog functionality. For an exact description and functionality, see the online help (http://nlog-project.org/).

The configuration files of the One Identity Manager component (*.exe.config) contain the nlog section, in which settings for logging by means of NLog are entered. Use the appName variable to pass One Identity Manager component names.

The configuration of the logs is defined in the globallog.config global configuration file. This file is referenced in the configuration files of the One Identity Manager components.

Example of a configuration file

<configuration>

<configSections>

...

<section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog"/>

</configSections>

...

<nlog autoReload="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<variable name="appName" value="Manager"/>

<include file="${basedir}/globallog.config" ignoreErrors="true"/>

</nlog>

...

</configuration>

Related topics
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação