Success and error messages from process handling are written to the One Identity Manager Service log file. Messages can also be written to a server’s event log. A severity level can be configured for output to this log file.
To create a log file, modify the module "FileLogWriter" in the One Identity Manager Service configuration file for each One Identity Manager Service.
Following parameters are available:
The parameter contains the name of the log file including its directory. Log information for the One Identity Manager Service is written to this file.
IMPORTANT: Ensure that the given directory exists. If the file cannot be created, no error output is possible. In this case, the error messages appear in the Windows event log or, under Linux, in /var/log/messages.
In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (i.e.as JobService.log_20040819-083554) and a new log file is started.
Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.
For test purposes, you can enable logging of individual process steps in the Job Queue Info. The process step's processing messages with the NLog warning level "Debug" are written to a separate log. The files are stored in the log directory.
<Protokollverzeichnis>\JobLogs\<first 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log
This attribute limits the number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.
Use this parameter to specify the maximum size for the log file. Once the log file has reaches the limit, it is renamed into a backup file and a new log file is created.
This parameter defines how many character can be in a job so that it is still written to the log file.
Specifies the warning level for logging messages. Only warnings and fatal errors are logged by default.
|Info||All messages are written to the log file. The log file quickly becomes large and cumbersome.|
|Warning||Only warnings and exception errors are written to the log file (default).|
|Serious||Only exception errors are written to the log file.|
To implement advanced logging for the One Identity Manager Service, configure the log file's repository in the One Identity Manager Service configuration file in the module "Connection".
NOTE: The given directory must exist and the One Identity Manager Service user account must have write permissions to the directory.
The following parameters are available.
Log files are created in this directory that record process generation instructions from One Identity Manager Service.
The One Identity Manager Service log file can be displayed in a browser.
A user must have the appropriate permissions in order to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be executed with the following command line call:
netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>
If the One Identity Manager Service has to run under the Network Service (NT Authority\NetworkService) user account, explicit permissions for the internal web service must be granted under Windows Server 2008 (R2). This can be executed with the following command line call:
netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"
The result can also be verified using the following command line call:
netsh http show urlacl
The port for displaying services is configured in the "Configuration" module in the One Identity Manager Service configuration file. The default value is port 1880.
Use the HTTP authentication module to specify authentication on HTTP servers to access services, for example, for displaying the log file or the status display.
The following module types may be selected:
To access the HTTP server with this authentication type, enter a specific user account (user) and the associated password (password).
Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server. Either an SID or the Active Directory group name can be entered into the Job server domain. If the Active Directory groups are not in the Job server domain, you must use the SID.
NOTE: If no model is given, no authentication is required. All users can access the service.
To display the One Identity Manager Service log file in a browser
http://<server name>:<port number>
The default value is port 1880.
To open the One Identity Manager Service log file in Job Queue Info
The One Identity Manager Service HTTP server for the Job server is queried and the varying One Identity Manager Service services are displayed.
Figure 64: One Identity Manager Service Log File
The messages to be displayed on the web page can be filter interactively. There is a menu on the website for this. Only text contained in the log file can be displayed in this case. If, for example, the message type is set to "Warning", no "Info" messages can be shown even if the appropriate filter is chosen.
The log output is color coded to make it easier to identify.
|Yellow||Warnings occurred during processing.|
|Red||Fatal errors occurred during processing.|
NOTE: If you want to retain the color information to send by mail, you need to save the complete web page.