23.0 Logging

Logging is the main tool you use for debugging the Access Manager configuration. You can enable and configure how the system performs logging. All administrative and end-user actions and events are logged to a central event log. This allows easy access to this information for security and operational purposes. Additionally, the log system provides the ability to monitor ongoing activities such as identity provider authentication activity, up-time of the system, and so on. File logging is not enabled by default.

Each Access Manager device has configuration options for logging:

Identity Server: Logging is turned off and must be enabled. When you enable Identity Server logging, you also enable logging for the Embedded Service Providers that are configured to use Identity Server for authentication. For configuration information, see Section 23.3.1, Configuring Logging for Identity Server.

Embedded Service Providers: Each Access Manager device has an Embedded Service Provider that communicates with Identity Server. Its log level is controlled by configuring Identity Server logging.

Access Gateway Appliance: A log notice level of logging is enabled by default. You can change the level from the command line interface. For information, see Section 23.4.1, Managing Access Gateway Logs.

Access Gateway Service: The Gateway Service logs contain the messages sent between the Gateway Service and the Embedded Service Provider and between the Gateway Service and the web server. This type of logging is turned off and must be enabled. For information, see Section 23.4.1, Managing Access Gateway Logs.

This sections discusses the following topics: