Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 9.0 LTS - Process Monitoring and Troubleshooting Guide

About this guide Monitoring handling of processes Support for error localization in One Identity Manager Configuring logs in One Identity Manager One Identity Manager configuration files

Logging logins and logouts in the system journal

One Identity Manager logins and One Identity Manager logoffs can be recorded in the system journal.

NOTE: Logins and logoffs are recorded in the QBM_VDialogJournalLoginAudit view.

To record successful One Identity Manager logins

  • In the Designer, set the Common | Journal | LoginAudit configuration parameter.

To record One Identity Manager logoffs

  • In the Designer, set the Common | Journal | LogoffAudit configuration parameter.

Related topics

Logging information about OAuth 2.0/OpenID Connect authentication

To support troubleshooting in OAuth 2.0/OpenID Connect authentication you can log personal login data, such as information about tokens or issuers. The log is written to the object log file (<appName>_object.log) of the respective One Identity Manager component.

To log authentication data

  • In the Designer, set the QBM | DebugMode | OAuth2 | LogPersonalInfoOnException configuration parameter.

Global configuration of logging with NLog

Configuration setting for logging messages are made by NLog in Globallog.config. For an exact description and functionality of NLog, see the online help (http://nlog-project.org/).

Globallog.config is referenced in the One Identity Manager component's configuration files.

IMPORTANT: The settings in globallog.config apply globally to all One Identity Manager components. Use the application specific *.exe.config configuration file to customize individual components.

NOTE: The default settings of the globallog.config file assume that %localappdata% has write access.

If an *.exe does not have the correct permissions, by changing the logBaseDir variable in globallog.config or by introducing a special log configuration in the application-specific *.exe.config or Web.config configuration file, you can write the log to a directory with write access.

Use variables to define names, output path and layout of the log files. The variable appName is defined in the One Identity Manager component's configuration files.

The targets section defines the output targets for the messages. NLog already has predefined targets that you can use in the configuration file.

The rules section is used to define rules for logging the messages.

By providing logger name, you specify for which One Identity Manager components messages are logged. Messages are logged for all components with the default setting logger name="*". To limit logs to certain components, use the name contained in the log.

Table 15: Logger names of components
Logger name Description

FrontendLog

Logs actions in front-ends.

JobGenLog

Logs during process generation.

Jobservice

Logs One Identity Manager Service messages.

ObjectLog

Logs object actions through the object level.

ProjectorEngine

Logs messages from the synchronization engine.

SqlLog

Logs database queries

StopWatch

Logs timings.

SystemConnection

Detailed logging of data communication with the system connection during synchronization, including system configuration and system connectors' data communication.

SystemConnector

Logs system connector data communication during synchronization.

Update

Logs update handling.

WebLog

Logs Web service actions.

DebugLogObserver

Logs performance data from the synchronization engine.

You can enter the severity level through:

  • minlevel= Messages are logged from this severity level. The LogFileLevel variable can overwrite the severity level in a custom configuration file.

  • level= Message are logged which have exactly this severity level. The eventLogLevel variable can overwrite the severity level in a custom configuration file.

Table 16: Permitted severity levels
Severity Level Description

Trace

Logs highly detailed information. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.

Debug

Logs debug steps. This setting should only be used for testing.

Info

Logs all information.

Warning

Logs all warnings.

Error

Logs all error messages.

Fatal

Logs all critical error messages.

The following files are defined for custom extensions.

<include file="${basedir}/custom-log-variables.config" ignoreErrors="true"/>

<include file="${basedir}/custom-log-targets.config" ignoreErrors="true"/>

Example: Structure of globallog.config

<nlog autoReload="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<variable name="companyName" value="One Identity"/>

<variable name="productTitle" value="One Identity Manager"/>

<variable name="logBaseDir" value="${specialfolder:LocalApplicationData}/${companyName}/${productTitle}/${appName}"/>

<variable name="layout" value="${longdate} ${level:upperCase=true} (${logger} ${event-context:item=SessionId}) : ${event-context:item=Indention}${message} ${exception:format=ToString,StackTrace}" />

<targets async="true">

<default-wrapper xsi:type="BufferingWrapper" bufferSize="256" flushTimeout="2000" />

<target name="logfile" xsi:type="File" fileName="${logBaseDir}/${appName}.log" layout="${layout}" encoding="utf-8"

archiveFileName="${logBaseDir}/${appName}.{#}.log" maxArchiveFiles="7" archiveEvery="Day" archiveNumbering="Rolling"/>

</targets>

<targets>

<target name="eventLog" xsi:type="EventLog" source="${companyName} ${productTitle} ${appName}" layout="${message}${newline}${exception:format=tostring}"/>

</targets>

<rules>

<logger name="*" minlevel="${logFileLevel}" writeTo="logfile"/>

<logger name="*" level="${eventLogLevel}" writeTo="eventLog"/>

</rules>

</nlog>

Logging the One Identity Manager components

In the One Identity Manager default installation, the log files are written to the %LocalAppData%\One Identity\One Identity Manager\<appName> under the name <appName>.log directory, where appName is the name of the One Identity Manager component.

All messages with a minimum information level of Info are recorded in the <appName>.log file. The files are kept for 7 days and backed up daily.

In addition, all messages with a severity level of Fatal are recorded in the event log for the One Identity Manager <appName> source.

Each One Identity Manager component supports message logging using the integrated NLog functionality. For an exact description and functionality of NLog, see the online help (http://nlog-project.org/).

The configuration files of the One Identity Manager component (*.exe.config) contain the nlog section, in which settings for logging by means of NLog are entered. Use the appName variable to pass One Identity Manager component names.

The configuration of the logs is defined in the globallog.config global configuration file. This file is referenced in the configuration files of the One Identity Manager components.

Example: Referencing NLog logging in an application-specific configuration file

<configuration>

<configSections>

...

<section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog"/>

</configSections>

...

<nlog autoReload="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<variable name="appName" value="Manager"/>

<include file="${basedir}/globallog.config" ignoreErrors="true"/>

</nlog>

...

</configuration>

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating