One Identity Manager Service Logging
One Identity Manager Service Logging
Success and error messages from process handling are written to the One Identity Manager Service log file. Messages can also be written to a server’s event log. A severity level can be configured for output to this log file.
Detailed information about this topic
- Configuring the One Identity Manager Service Log File
- Displaying the One Identity Manager Service Log File
- Extended Debugging in the One Identity Manager Service
- Output of Extended Return Values from Individual Process Components
- Outputting Custom Messages in the One Identity Manager Service Log File
- HTTPLogPlugins Log File
Configuring the One Identity Manager Service Log File
Configuring the One Identity Manager Service Log File
To create a log file, modify the module "FileLogWriter" in the One Identity Manager Service configuration file for each One Identity Manager Service.
Following parameters are available:
- Log file (OutPutFile)
The parameter contains the name of the log file including its directory. Log information for the One Identity Manager Service is written to this file.
IMPORTANT: Ensure that the given directory exists. If the file cannot be created, no error output is possible. In this case, the error messages appear in the Windows event log or, under Linux, in /var/log/messages.
- Renaming interval for the log file (LogLifeTime)
In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (i.e.as JobService.log_20040819-083554) and a new log file is started.
Timeout format:
day.hour:minutes:seconds
- Process step log duration (JobLogLifeTime)
Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.
Timeout format:
day.hour:minutes:seconds
For test purposes, you can enable logging of individual process steps in the Job Queue Info. The process step's processing messages with the NLog warning level "Debug" are written to a separate log. The files are stored in the log directory.
Repository structure:
<Protokollverzeichnis>\JobLogs\<first 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log
- Max.number of archived log files (HistorySize)
This attribute limits the number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.
- Max .log file size (MB) (MaxLogSize)
Use this parameter to specify the maximum size for the log file. Once the log file has reaches the limit, it is renamed into a backup file and a new log file is created.
- Max. length of the parameter (ParamMaxLength)
This parameter defines how many character can be in a job so that it is still written to the log file.
- Severity level (LogSeverity)
Specifies the warning level for logging messages. Only warnings and fatal errors are logged by default.
Table 359: Warning Levels for Logging Severity level Description Info All messages are written to the log file. The log file quickly becomes large and cumbersome. Warning Only warnings and exception errors are written to the log file (default). Serious Only exception errors are written to the log file.
Related Topics
- Logging Messages in the Event View
- One Identity Manager Service Configuration
- Enabling Extended Logging of Process Steps
Advanced Logging in the One Identity Manager Service
Advanced Logging in the One Identity Manager Service
To implement advanced logging for the One Identity Manager Service, configure the log file's repository in the One Identity Manager Service configuration file in the module "Connection".
|
|
NOTE: The given directory must exist and the One Identity Manager Service user account must have write permissions to the directory. |
The following parameters are available.
- Directory for generating logging (JobGenLogDir)
Log files are created in this directory that record process generation instructions from One Identity Manager Service.
Related Topics
Displaying the One Identity Manager Service Log File
Displaying the One Identity Manager Service Log File
The One Identity Manager Service log file can be displayed in a browser.
Prerequisites for Displaying the Log File
- The module "FileLogWriter" is configured in the One Identity Manager Service configuration file.
-
A user must have the appropriate permissions in order to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be executed with the following command line call:
netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>
If the One Identity Manager Service has to run under the Network Service (NT Authority\NetworkService) user account, explicit permissions for the internal web service must be granted under Windows Server 2008 (R2). This can be executed with the following command line call:
netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"
The result can also be verified using the following command line call:
netsh http show urlacl
-
The port for displaying services is configured in the "Configuration" module in the One Identity Manager Service configuration file. The default value is port 1880.
- An authentication method for displaying the log file must be set up.
Use the HTTP authentication module to specify authentication on HTTP servers to access services, for example, for displaying the log file or the status display.
The following module types may be selected:
- BasicHttpAuthentication
To access the HTTP server with this authentication type, enter a specific user account (user) and the associated password (password).
- WindowsHttpAuthentication
Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server. Either an SID or the Active Directory group name can be entered into the Job server domain. If the Active Directory groups are not in the Job server domain, you must use the SID.
NOTE: If no model is given, no authentication is required. All users can access the service.
- BasicHttpAuthentication
To display the One Identity Manager Service log file in a browser
- You call up the log file with the appropriate URL.
http://<server name>:<port number>
The default value is port 1880.
To open the One Identity Manager Service log file in Job Queue Info
- Select the Job server in the Service status view and select Open in browser in the context menu.
The One Identity Manager Service HTTP server for the Job server is queried and the varying One Identity Manager Service services are displayed.
Figure 64: One Identity Manager Service Log File
The messages to be displayed on the web page can be filter interactively. There is a menu on the website for this. Only text contained in the log file can be displayed in this case. If, for example, the message type is set to "Warning", no "Info" messages can be shown even if the appropriate filter is chosen.
The log output is color coded to make it easier to identify.
| Color | Meaning |
|---|---|
| Green | Processing successful. |
| Yellow | Warnings occurred during processing. |
| Red | Fatal errors occurred during processing. |
|
|
NOTE: If you want to retain the color information to send by mail, you need to save the complete web page. |