Enabling Component Logging

File logging records the actions that have occurred. For example, you can configure Identity Server logging to list every request made to the server. With log file analysis tools, you can get a good idea of where visitors are coming from, how often they return, and how they navigate through a site. The content logged to file logging can be controlled by specifying logger levels and by enabling statistics logging.

  1. On the Home page, click Identity Servers > [cluster name] > Audit and Logging.

  2. Specify the following details:

    Field

    Description

    File Logging:

    Specify the following details:

    • File Logging: Enable File Logging to log file and Audit logging for this server and its associated Embedded Service Providers.

    • Echo To Console: Turn on Echo To Console to copy Identity Server XML log file to /var/opt/novell/nam/logs/idp/tomcat/catalina.out. You can download the file from Home > Auditing > General Logging.

      For the Embedded Service Providers, this sends the messages to the catalina.out file of Access Gateway.

    • Log File Path: Specifies the path that the system uses to save Identity Server XML log file. The default path is /var/opt/novell/nam/logs/idp/nidplogs.

      If you change this path, you must ensure that the user associated with configuring the identity or service provider has administrative rights to the Tomcat application directory in the new path.

    • Maximum Log Files: Specifies the maximum number of Identity Server XML log files to keep on the machine. After this value is reached, the system deletes log files, beginning with the oldest file. You can select Unlimited, or values of 1 through 200. 10 is the default value.

    • Log Rotation: Specifies the frequency (hour, day week, month) for the system to use when closing an XML log file and creating a new one. The system saves each file based on the time you select and attaches the date and/or time to the filename.

    • Compress Files: Uses the GZip compression utility to compress logged files. The log files that are associated with the this option and the Maximum Log Files value are stored in the directory you specify in the Log File Path field.

    Statistics Logging:

    (Optional) Enable Statistics Logging if you want the system to periodically send the system statistics, in string format, to the current file logger. Statistical data (such as counts, levels, and so on) are included in the file log.

    In the Log Interval field, specify the time interval in seconds that statistics are logged.

    File Logging Levels:

    By default, off is selected. Change the logging sensitivity for the following protocols as needed:

    • Application: Logs system-wide events, except events that belong to a specific subsystem.

    • Liberty: Logs events specific to the Liberty IDFF protocol and profiles.

    • OAuth & OpenID Connect: Logs events specific to the OAuth and OpenID Connect protocols.

    • SAML 2.0: Logs events specific to the SAML2.0 protocol and profiles.

    • Web Service Consumer: (Liberty) Logs all events specific to requesting web services from a web service provider.

    • WS Federation: Logs events specific to the WS Federation protocol.

    • Web Service Provider: (Liberty) Logs events specific to fulfilling web service requests from other web service consumers.

    • WS-Trust: Logs events specific to the WS-Trust protocol.

    Categorize logging sensitivity. Higher logging levels also include the lower levels in the log.

    • Off: Turns off component file logging for the selected item.

    • Severe: Logs serious failures that can cause system processing to not proceed.

    • Warning: Logs potential failures, but the impact on execution is minimal. Warnings indicate that you should be aware that this event is happening and might want to make a configuration change to avoid it.

    • Info: Logs informational events. No execution or data impact occurred.

    • Verbose: Logs static configuration information. The system logs any configuration errors under one of the primary three levels: Severe, Warning, and Info.

    • Debug: Includes all of the preceding levels.

    Audit Logging:

    See Section 23.4, Enabling Identity Server Audit Events.

  3. Click Save.

  4. Update Identity Server.

  5. Restart Embedded Service Providers on the devices.

    When you disable component logging, you need to update Identity Servers and restart Embedded Service Providers.