File logging records the actions that have occurred. For example, you can configure Identity Server logging to list every request made to the server. With log file analysis tools, you can get a good idea of where visitors are coming from, how often they return, and how they navigate through a site. The content logged to file logging can be controlled by specifying logger levels and by enabling statistics logging.
Click Devices > Identity Servers > Edit > Auditing and Logging.
File Logging: The following options are available for component logging:
Enabled: Enables file logging for this server and its associated Embedded Service Providers.
Echo To Console: Copies Identity Server XML log file to /var/opt/novell/nam/logs/idp/tomcat/catalina.out. You can download the file from Auditing > General Logging.
For the Embedded Service Providers, this sends the messages to the catalina.out file of Access Gateway.
Log File Path: Specifies the path that the system uses to save Identity Server XML log file. The default path is /var/opt/novell/nam/logs/idp/nidplogs.
If you change this path, you must ensure that the user associated with configuring the identity or service provider has administrative rights to the Tomcat application directory in the new path.
Maximum Log Files: Specifies the maximum number of Identity Server XML log files to keep on the machine. After this value is reached, the system deletes log files, beginning with the oldest file. You can specify Unlimited, or values of 1 through 200. 10 is the default value.
File Wrap: Specifies the frequency (hour, day week, month) for the system to use when closing an XML log file and creating a new one. The system saves each file based on the time you specify and attaches the date and/or time to the filename.
GZip Wrapped Log Files: Uses the GZip compression utility to compress logged files. The log files that are associated with the GZip option and the Maximum Log Files value are stored in the directory you specify in the Log File Path field.
Component File Logger Levels: By default, Severe is selected. Change the logging sensitivity for the following protocols as needed:
Application: Logs system-wide events, except events that belong to a specific subsystem.
Liberty: Logs events specific to the Liberty IDFF protocol and profiles.
SAML 1: Logs events specific to the SAML1 protocol and profiles.
SAML 2: Logs events specific to the SAML2 protocol and profiles.
WS Trust: Logs events specific to the WS-Trust protocol.
WS Federation: Logs events specific to the WS Federation protocol.
OAuth and OpenID Connect: Logs events specific to the OAuth and OpenID Connect protocols.
Web Service Provider: (Liberty) Logs events specific to fulfilling web service requests from other web service consumers.
Web Service Consumer: (Liberty) Logs all events specific to requesting web services from a web service provider.
Categorize logging sensitivity. Higher logging levels also include the lower levels in the log.
Off: Turns off component file logging for the selected item.
Severe: Logs serious failures that can cause system processing to not proceed.
Warning: Logs potential failures, but the impact on execution is minimal. Warnings indicate that you should be aware that this event is happening and might want to make a configuration change to avoid it.
Info: Logs informational events. No execution or data impact occurred.
Verbose: Logs static configuration information. The system logs any configuration errors under one of the primary three levels: Severe, Warning, and Info.
Debug: Includes all of the preceding levels.
Statistics Logging: (Optional) Enable this option if you want the system to periodically send the system statistics, in string format, to the current file logger. Statistical data (such as counts, levels, and so on) are included in the file log.
In the Statistics Logging section, select Enabled.
In the Log Interval field, specify the time interval in seconds that statistics are logged.
Audit Logging: See Section 22.4, Enabling Identity Server Audit Events.
Click OK.
Update Identity Server.
Restart Embedded Service Providers on the devices.
When you disable component logging, you need to update Identity Servers and restart Embedded Service Providers.