Logging is the main tool you use for debugging the Access Manager configuration. You can enable and configure how the system performs logging. All administrative and end-user actions and events are logged to a central event log. This allows easy access to this information for security and operational purposes. Additionally, the log system provides the ability to monitor ongoing activities such as identity provider authentication activity, up-time of the system, and so on. File logging is not enabled by default.
Each Access Manager Appliance device has configuration options for logging:
Identity Server: Logging is turned off and must be enabled. When you enable Identity Server logging, you also enable logging for the Embedded Service Providers that are configured to use Identity Server for authentication. For configuration information, see Section 22.3.1, Configuring Logging for Identity Server.
Embedded Service Providers: Each Access Manager Appliance device has an Embedded Service Provider that communicates with Identity Server. Its log level is controlled by configuring Identity Server logging.
Access Gateway Service: The Gateway Service logs contain the messages sent between the Gateway Service and the Embedded Service Provider and between the Gateway Service and the web server. This type of logging is turned off and must be enabled. For information, see Section 22.4.1, Managing Access Gateway Logs.
This sections discusses the following topics: