In the One Identity Manager default installation, the log files are written to the %LocalAppData%\One Identity\One Identity Manager\<appName> under the name <appName>.log directory, where appName is the name of the One Identity Manager component.
All messages with a minimum information level of Info are recorded in the <appName>.log file. The files are kept for 7 days and backed up daily.
In addition, all messages with a severity level of Fatal are recorded in the event log for the One Identity Manager <appName> source.
Each One Identity Manager component supports message logging using the integrated NLog functionality. For an exact description and functionality, see the online help (http://nlog-project.org/).
The configuration files of the One Identity Manager component (*.exe.config) contain the nlog section, in which settings for logging by means of NLog are entered. Use the appName variable to pass One Identity Manager component names.
The configuration of the logs is defined in the globallog.config global configuration file. This file is referenced in the configuration files of the One Identity Manager components.
Example of a configuration file
<configuration>
<configSections>
...
<section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog"/>
</configSections>
...
<nlog autoReload="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<variable name="appName" value="Manager"/>
<include file="${basedir}/globallog.config" ignoreErrors="true"/>
</nlog>
...
</configuration>
Related topics
Success and error messages from process handling are written to the One Identity Manager Service log file. Messages can also be written to a server’s event log. A severity level can be configured for output to this log file.
You can create most of the settings in the One Identity Manager Service configuration file. Use the Job Service Configuration program to do this. For detailed information about working with Job Service Configuration and configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.
Detailed information about this topic
The One Identity Manager Service log files can be displayed using a HTTP server (http://<server name>:<port number>).
-
Users require permission to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be executed with the following command line call:
netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>
If the One Identity Manager Service has to run under the Network Service (NT Authority\NetworkService) user account, explicit permissions for the internal web service must be granted. This can be executed with the following command line call:
netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"
You can check the result with the following command line call:
netsh http show urlacl
To display the One Identity Manager Service log file, configure the following modules in the One Identity Manager Service configuration file:
-
FileLogWriter module
Create the log file settings in this module.
-
Configuration module
Configure the port for displaying the services. The default value is port 1880.
-
HTTP authentication module
Set up an authentication method to display the log file.
For more detailed information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.
Detailed information about this topic
To generate the log file, customize the FileLogWriter module in the One Identity Manager Service configuration file for each One Identity Manager Service.
Table 19: FileLogWriter parameters
|
Log file (OutputFile) |
Name of the log file, including the directory name. Log information for the One Identity Manager Service is written to this file.
IMPORTANT: The directory specified for the file must exist. If the file cannot be created, no error output is possible. Error messages then appear under Windows operating systems in the event log or under Linux operating systems in /var/log/messages. |
|
Log rename interval (LogLifeTime) |
In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (for example, as JobService.log_20040819-083554) and a new log file is started.
Timeout format:
|
|
Process step log lifetime (JobLogLifeTime) |
Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.
Timeout format:
For test purposes, you can enable logging of individual process steps in the Job Queue Info. The processing messages of the process step is written to a separate log with the Debug NLog severity. The files are stored in the log directory.
Repository structure:
<Log directory>\JobLogs\<First 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log |
|
Number of history logs (HistorySize) |
Maximum number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded. |
|
Max. log file size (MB) (MaxLogSize) |
Maximum size in MB of the log file. Once the log file has reached the limit, it is renamed as a backup file and a new log file is created. |
|
Max. length of parameters (ParamMaxLength) |
Specifies the maximum number of characters a process step parameter is permitted to have in order to be written to the log file. |
|
LogSeverity |
Severity levels of the logged messages.
Permitted values are:
-
Info: All messages are written to the event log. The event log quickly becomes large and confusing.
-
Warning: Only warnings and exception errors are written to the event log (default).
-
Serious: Only exception messages are written to the event log. |
|
Add server name (AddServerName) |
Specifies whether the server name is to be added to the log entries. |
For more detailed information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.
