8.1 Selecting Events to Log

The Identity Manager Instrumentation allows you to select events to be logged for the User Application, driver set, or a specific driver.

NOTE:Drivers can inherit logging configuration from the driver set.

8.1.1 Selecting Events for the User Application

The User Application enables you to change the log level settings of individual loggers and enable logging in Platform Agent and CEF format:

  1. Log in to Identity Applications.

  2. Select the Application tab.

  3. Select the Navigation and Access link.

  4. Click Application Configuration and then click Logging.

    Alternatively, you can log in to the User Application (IDMProv portal), select the Administration tab, and then click Logging.

    User Application logging page

  5. Select one of the following log levels for the listed logs.

    Log Level

    Description

    Fatal

    Writes Fatal level messages to the log.

    Error

    Writes Fatal and Error level messages to the log.

    Warn

    Writes Fatal, Error, and Warn level messages to the log.

    Info

    Writes Fatal, Error, Warn, and Info level messages to the log.

    Debug

    Writes Fatal, Error, Warn, Info, and debugging information to the log.

    Trace

    Writes Fatal, Error, Warn Info, debugging, and tracing information to the log.

  6. Select the Enable audit service check box to send the events to Platform Agent.

  7. Select Enable CEF format check box if you want to log the events in CEF format.

    For this option to work, you must add the Syslog appender in the idmuserapplogging.xml file during the installation of the User Application. For more information, see Section 6.0, Configuring Identity Manager Components to Log Audit Events in CEF Format.

  8. To save the changes for any subsequent application server restarts, select Persist the logging changes.

  9. Click Submit.

The User Application logging configuration is saved in /opt/netiq/idm/apps/tomcat/conf/idmuserapp_logging.xml.

8.1.2 Selecting Events for the Driver Set

  1. In iManager, select Identity Manager > Identity Manager Overview.

  2. Browse to and select the driver set object.

  3. Click the driver set object in the list of driver sets, then click Driver Set > Edit Driver Set properties.

  4. Click the Log Level tab, then select a log level for the driver set.

    For an explanation of each log level, see Table 8-1, Identity Manager Log Levels.

  5. Enable the Turn off logging to Driver Set, Subscriber and Publisher logs option to prevent logging audit events to eDirectory.

    Enabling this option improves the performance of the Identity Manager system.

  6. Click Apply or OK to save your changes.

NOTE:Changes to configuration settings are logged by default.

8.1.3 Selecting Events for a Specific Driver

  1. In iManager, select Identity Manager > Identity Manager Overview.

  2. Browse to and select the driver set object that contains the driver

  3. Select the driver set from the list of driver sets.

  4. Click the upper right corner of the driver icon, then select Edit properties.

  5. Select the Log Level tab.

  6. (Optional) By default, the Driver object is configured to inherit log settings from the Driver Set object. To select logged events for this driver only, deselect Use log settings from the Driver Set.

    Option to select if the list of logged events should be inherited

  7. Enable the Turn off logging to Driver Set, Subscriber and Publisher logs option.

    Enabling this option improves the performance of the Identity Manager system.

  8. Select a log level for the current driver.

    For an explanation of each log level, see Table 8-1, Identity Manager Log Levels.

  9. Click Apply or OK to save your changes.

NOTE:Changes to configuration settings are logged by default.

8.1.4 Identity Manager Log Levels

The following table provides an explanation of the Identity Manager Instrumentation log levels:

Table 8-1 Identity Manager Log Levels

Option

Description

Log errors

This is the default log level. The Identity Manager Instrumentation logs user-defined events and all events with an error status.

You receive only events with a decimal ID of 196646 and an error message stored in the Text1 field.

Log errors and warnings

The Identity Manager Instrumentation logs user-defined events and all events with an error or warning status.

You receive only events with a decimal ID of 196646 or 196647 and an error or warning message stored in the first text field.

Log specific events

This option allows you to select the Identity Manager events you want to log.

Click to select the specific events you want to log. After you select the events you want to log, click OK.

To log events through Platform Agent, select the Novell Audit radio button. To log the events in CEF format, select the CEF radio button.

NOTE:User-defined events are always logged.

For a list of all available events, see Section A.0, Identity Manager Events.

Only update the last log time

The Identity Manager Instrumentation logs only user-defined events.

When an event occurs, the last log time is updated so you can view the time and date of the last error in the status log.

Logging off

The Identity Manager Instrumentation logs only user-defined events.

Turn off logging to DriverSet, Subscriber and Publisher logs

Turns off logging to the Driver Set object, Subscriber, and Publisher logs.

Maximum Number of Entries in the Log

This setting allows you to specify the maximum number of entries to log in the status logs.