19.4 Configuring Logging Settings

Logging allows you to debug the identity applications configuration. The logging service provides facilities for writing, viewing, filtering, and listening for log messages.

By default, Identity Manager saves the logging configuration in idmuserapp_logging.xml file that is located in the following location:

/opt/netiq/idm/apps/tomcat/conf/

For more information, see Section 8.0, Setting Up Logging in the Identity Applications.

19.4.1 Configuring Auditing Service Settings

Auditing Configuration allows you to enable or disable naudit service and CEF format. To use CEF format, you should specify the following auditing server details after enabling CEF format:

Fields

Description

Destination host

Specifies the destination hostname or IP address of the auditing server.

Destination Port

Specifies the destination port number of the auditing server.

Network Protocol

Specifies the protocol that should be used to establish communication with the auditing server.

To establish a secure communication with the auditing server, select TCP protocol and enable Use TLS option.

Intermediate event store directory

Specifies the temporary directory where the events can be are stored. This directory serves as a backup for an auditing server.

NOTE:Ensure that the novlua permissions are set for the intermediate event store directory. Otherwise, you cannot access the Identity Applications page.

To change the permission and ownership of the directory, run the chown novlua:novlua /<directorypath> and chmod 755 /<directorypath> commands, where <directorypath> is the intermediate cache file directory path. Restart Tomcat for the changes to take effect.

19.4.2 Configuring the Identity Manager Packages and their Log Levels

Each feature in identity applications uses one or more packages. Each package handles a specific area of a feature and has its own independent log level that obtains event messages from different parts of the application.

The package names are based on log4j conventions. The event messages include these package names indicating the context of the message output. The logs include tags and values that allow the administrator to identify and correlate which package log entries pertaining to a given transaction and user.

The logs contain information about processing and interactions among identity applications components that occur while fulfilling users and administrative requests and during general system processing. By enabling the correct log levels for various packages, an administrator can monitor how identity applications process users and administrative requests. For more information, see Configuring Logging Settings in Identity Manager Dashboard.