Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

One Identity Manager Service Logging

One Identity Manager Service Logging

Success and error messages from process handling are written to the One Identity Manager Service log file. Messages can also be written to a server’s event log. A severity level can be configured for output to this log file.

Detailed information about this topic

Configuring the One Identity Manager Service Log File

Configuring the One Identity Manager Service Log File

To create a log file, modify the module "FileLogWriter" in the One Identity Manager Service configuration file for each One Identity Manager Service.

Following parameters are available:

  • Log file (OutPutFile)

    The parameter contains the name of the log file including its directory. Log information for the One Identity Manager Service is written to this file.

    IMPORTANT: Ensure that the given directory exists. If the file cannot be created, no error output is possible. In this case, the error messages appear in the Windows event log or, under Linux, in /var/log/messages.

  • Renaming interval for the log file (LogLifeTime)

    In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (i.e.as JobService.log_20040819-083554) and a new log file is started.

    Timeout format:

    day.hour:minutes:seconds

  • Process step log duration (JobLogLifeTime)

    Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.

    Timeout format:

    day.hour:minutes:seconds

    For test purposes, you can enable logging of individual process steps in the Job Queue Info. The process step's processing messages with the NLog warning level "Debug" are written to a separate log. The files are stored in the log directory.

    Repository structure:

    <Protokollverzeichnis>\JobLogs\<first 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log

  • Max.number of archived log files (HistorySize)

    This attribute limits the number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.

  • Max .log file size (MB) (MaxLogSize)

    Use this parameter to specify the maximum size for the log file. Once the log file has reaches the limit, it is renamed into a backup file and a new log file is created.

  • Max. length of the parameter (ParamMaxLength)

    This parameter defines how many character can be in a job so that it is still written to the log file.

  • Severity level (LogSeverity)

    Specifies the warning level for logging messages. Only warnings and fatal errors are logged by default.

    Table 359: Warning Levels for Logging
    Severity level Description
    Info All messages are written to the log file. The log file quickly becomes large and cumbersome.
    Warning Only warnings and exception errors are written to the log file (default).
    Serious Only exception errors are written to the log file.
Related Topics

Advanced Logging in the One Identity Manager Service

Advanced Logging in the One Identity Manager Service

To implement advanced logging for the One Identity Manager Service, configure the log file's repository in the One Identity Manager Service configuration file in the module "Connection".

NOTE: The given directory must exist and the One Identity Manager Service user account must have write permissions to the directory.

The following parameters are available.

  • Directory for generating logging (JobGenLogDir)

    Log files are created in this directory that record process generation instructions from One Identity Manager Service.

Related Topics

Displaying the One Identity Manager Service Log File

Displaying the One Identity Manager Service Log File

The One Identity Manager Service log file can be displayed in a browser.

Prerequisites for Displaying the Log File
  • The module "FileLogWriter" is configured in the One Identity Manager Service configuration file.
  • A user must have the appropriate permissions in order to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be executed with the following command line call:

    netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>

    If the One Identity Manager Service has to run under the Network Service (NT Authority\NetworkService) user account, explicit permissions for the internal web service must be granted under Windows Server 2008 (R2). This can be executed with the following command line call:

    netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

    The result can also be verified using the following command line call:

    netsh http show urlacl

  • The port for displaying services is configured in the "Configuration" module in the One Identity Manager Service configuration file. The default value is port 1880.

  • An authentication method for displaying the log file must be set up.

    Use the HTTP authentication module to specify authentication on HTTP servers to access services, for example, for displaying the log file or the status display.

    The following module types may be selected:

    • BasicHttpAuthentication

      To access the HTTP server with this authentication type, enter a specific user account (user) and the associated password (password).

    • WindowsHttpAuthentication

      Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server. Either an SID or the Active Directory group name can be entered into the Job server domain. If the Active Directory groups are not in the Job server domain, you must use the SID.

    NOTE: If no model is given, no authentication is required. All users can access the service.

To display the One Identity Manager Service log file in a browser

  • You call up the log file with the appropriate URL.

    http://<server name>:<port number>

    The default value is port 1880.

To open the One Identity Manager Service log file in Job Queue Info

  • Select the Job server in the Service status view and select Open in browser in the context menu.

    The One Identity Manager Service HTTP server for the Job server is queried and the varying One Identity Manager Service services are displayed.

Figure 64: One Identity Manager Service Log File

The messages to be displayed on the web page can be filter interactively. There is a menu on the website for this. Only text contained in the log file can be displayed in this case. If, for example, the message type is set to "Warning", no "Info" messages can be shown even if the appropriate filter is chosen.

The log output is color coded to make it easier to identify.

Table 360: Log File Color Code
Color Meaning
Green Processing successful.
Yellow Warnings occurred during processing.
Red Fatal errors occurred during processing.

NOTE: If you want to retain the color information to send by mail, you need to save the complete web page.

Related Topics
Related Documents