Policy logging is expensive. It uses processing time and disk space. In a production environment, you must enable it only in the following conditions:
You have created a new policy and need to verify its functionality.
You are troubleshooting a policy that is not behaving as expected.
To gather troubleshooting information, you must enable File Logging and Echo To Console options in Identity Server configuration and set Component File Logger Levels for Application to at least info. See Configuring Logging for Identity Server. After you resolve the issue, disable these options.
For logging information, look for the log file of the component that executed the policy. For example, if you have an Access Gateway: Authorization error, look at the log of Access Gateway.
For additional policy troubleshooting procedures, see Troubleshooting Access Manager Policies.