8.3 How Logging Works

The following sections describe the identity applications logging environment and provide an overview of the logging process.

8.3.1 Terminology

Log4j has three main components: loggers, appenders, and layouts. These components work together to accomplish the following tasks:

  • Record messages based on message type and level.

  • Control how log messages are formatted and where they are reported at runtime.

Logger: In Log4j terminology, a logger is a named entity. Log4j defines a Logger class. A Logger object records messages for a specific subsystem or application component. An application can create multiple loggers, each with a unique name. In a typical usage of Log4j, an application creates a Logger instance for each application class that will emit log messages. Logger names are case-sensitive and they follow the Java package dot notation naming convention.

All loggers specific to the identity applications are defined in the idmuserapp_logging.xml file. You can set the severity level for each logger at any level in the hierarchy from the Logging Administration page or by editing the log4j file. For more information, see Specifying the Severity Level for Commons Logging API Loggers.

Appender: In Log4j terminology, an output destination is called an appender. Log4j defines appenders to represent destinations for logging output. You can define multiple appenders. For example, an application might define an appender that sends log messages to standard out, and another appender that writes log messages to a file. Additionally, you can configure individual loggers to write to zero or more appenders. For example, you can configure the loggers to send all logging messages (all levels) to a log file, but only Error level messages to standard out. To change the destination of the log files, stop the identity applications and then change the settings in the Logging Location and Appender section of the log4j.properties file. Identity Applications provide a full suite of appenders offered by Log4j. For more information about appenders, see Log4j documentation.

The Console and File appenders are defined in the tomcat-log4j.xml file. The NAudit appender that is specific to the identity applications is defined in the idmuserapp_logging.xml file.

Layout: Log4j defines layouts to control the format of log messages. Each layout specifies a particular message format. A specific layout is associated with each appender. This lets you specify a different log message format for standard out than for file output if required.

8.3.2 Components for Logging

A logging system includes the following basic components:

  • A component that produces log messages

  • A component that distributes (publish) log messages

The Tomcat subsystems use log4j to produce messages. By default, Tomcat supports Java based logging to distribute messages. The LoggingHelper class provides access to the java.util.logging.Logger object used for server logging. The Java Logging APIs can be used to add custom handlers, filters, and formatters. Alternatively, you can configure Tomcat to use Log4j APIs to distribute log messages.

8.3.3 How Logging Works

The identity applications support logging by using a custom-developed logging framework that integrates with log4j, an open-source logging package distributed by The Apache Software Foundation. In identity applications environment, Tomcat subsystems and identity applications components send log requests to the Logger objects. The Logger objects then assign LogRecord objects, which are passed to Appender objects for publication. By default, the logger objects log messages to the system console and to the Tomcat server’s log file at Info logging level and above. Events are logged to all activated loggers.

  • The Tomcat server’s log messages are directed to catalina.out and idapps.out.

  • User Application’s log messages are directed to idapps.out.

  • Identity Reporting’s log messages are directed to catalina.out.

  • OSP’s log messages are directed to osp.out.

  • SSPR’s log messages are directed to catalina.out.

Custom appenders like NAuditAppender are created to handle log messages in order to convert the messages to a specific format and send them to the configured auditing service. To configure event message output to an auditing service, see Configuring Identity Applications Default Settings.

To configure logging, see Configuring Logging.