FileLogWriter
The FileLogWriter writes One Identity Manager Service messages into a log file. The log file can be displayed in a browser.
Following parameters are available:
- Log file (OutPutFile)
The parameter contains the name of the log file including its directory. Log information for the One Identity Manager Service is written to this file.
IMPORTANT: Ensure that the given directory exists. If the file cannot be created, no error output is possible. In this case, the error messages appear in the Windows event log or, under Linux, in /var/log/messages.
- Renaming interval for the log file (LogLifeTime)
In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (i.e.as JobService.log_20040819-083554) and a new log file is started.
Timeout format:
day.hour:minutes:seconds
- Process step log duration (JobLogLifeTime)
Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.
Timeout format:
day.hour:minutes:seconds
For test purposes, you can enable logging of individual process steps in the Job Queue Info. The process step's processing messages with the NLog warning level "Debug" are written to a separate log. The files are stored in the log directory.
Repository structure:
<Protokollverzeichnis>\JobLogs\<first 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log
- Max.number of archived log files (HistorySize)
This attribute limits the number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.
- Max .log file size (MB) (MaxLogSize)
Use this parameter to specify the maximum size for the log file. Once the log file has reaches the limit, it is renamed into a backup file and a new log file is created.
- Max. length of the parameter (ParamMaxLength)
This parameter defines how many character can be in a job so that it is still written to the log file.
- Severity level (LogSeverity)
Specifies the warning level for logging messages. Only warnings and fatal errors are logged by default.
Table 209: Warning Levels for Logging Severity level Description Info All messages are written to the log file. The log file quickly becomes large and cumbersome. Warning Only warnings and exception errors are written to the log file (default). Serious Only exception errors are written to the log file.
Related Topics
- One Identity Manager Service Logging
- Displaying the One Identity Manager Service Log File
- Enabling Extended Logging of Process Steps
The Dispatcher Module
In a hierarchical server structure a server can be used as a proxy server for other servers. The proxy server makes requests at set time intervals for process steps to be processed on a server and sends them to the next server. If the request load needs to be minimized, a proxy server is recommended.
Following parameters are available:
- Acts as proxy for other servers (IsProxy)
This parameter specifies if a server is acting as a proxy server. Set this option if the server should be a proxy server.
- Proxy request interval (ProxyInterval)
The ProxyInterval sets the time interval in seconds, after which the proxy server acting as deputy for another server, should renew a request to the database.
The following guidelines can be used as orientation for the configuration of One Identity Manager Service polling intervals in a cascading environment:
| Parameter | Root Server (direct connection to database) | Leaf Server (connected using HTTP/File or other.) |
|---|---|---|
| JobServiceDestination.Startinterval | 90 seconds | 600 seconds |
| JobServiceDestination.Statisticinterval | 360 seconds | 600 seconds |
| Dispatcher.ProxyInterval | 180 seconds | |
| Dispatcher.IsProxy | True | False |
The proxy mode of a root server ensures that, acting on behalf of the leaf server, process steps are queried in shorter proxy intervals. When a root server is restarted it can take a while until all the leaf servers have send their first requests (in this case max.6000 seconds), but then the system takes over.
Figure 44: Dispatcher Configuration Example
The Connection Module
With this module you can set special configuration settings for the behavior of the One Identity Manager Service.
The parameters in this module are:
- Directory for generating logging (JobGenLogDir)
Log files are created in this directory that record process generation instructions from One Identity Manager Service.
- Suppress reload beep (NoReloadBeep)
When this parameter is set the beep is switched off that is made when buffered dialog data is loaded.
- BLOB read operation logging (LogBlobReads)
Use this parameter to specify whether read operation on text and binary LOB field are written to the SQL log.
- Reload interval for cache (CacheReloadInterval)
Use this parameter to enter a time interval for updating the local cache. Click on this icon to discard the change. The parameter overwrites the setting in the configuration parameter "Common\CacheReload\Interval".
- Expression for tracing the stack position (ObjectDumpStackExpression)
This expression specifies when an extra stack trace is written to the object log. If the current row in the object log matches the regular expression, the stack trace is written in the object log.
Example expression: "Lastname"
If the current contain the value "Lastname" the stack trace is also copied to the log.
NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds.
Related Topics
The HTTP Authentication Module
Every One Identity Manager Service automatically works as an HTTP server. Which services the One Identity Manager Service provides depends on the plug-ins configurations. Use this module to specify how authentication works on an HTTP server so that other services can be accessed, for example, displaying the log file or the status display.
The following module types may be selected:
- BasicHttpAuthentication
To access the HTTP server with this authentication type, enter a specific user account (user) and the associated password (password).
- WindowsHttpAuthentication
Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server. Either an SID or the Active Directory group name can be entered into the Job server domain. If the Active Directory groups are not in the Job server domain, you must use the SID.
|
|
NOTE: If no model is given, no authentication is required. All users can access the service. |