8.5 Understanding the Log Format

The identity applications have a specific format for file log entries. To improve log entry readability, the log entries in the catalina.out files use standard elements. This facilitates the use of non-interactive stream-oriented editors such as sgrep, sed, awk, and grep. The first part of each message begins with locale-formatted timestamp followed by a data portion that contains information specific to the log entry. The data portion is the most flexible part of a log entry.

A log entry has the following fields:

time-date-stamp [Severity] [Subsystem] [Message Text]

The following entry is an example entry that is logged when a user has requested for a role:

2017-03-08 08:43:10,660 INFO com.novell.idm.nrf.service.RoleManagerService- [RBPM] [Role_Request] Requested by cn=David.Scully,ou=Active,ou=People,o=acme, Target DN: CN=Kaitlin.Demore,OU=active,OU=People,O=acme, Source DN:cn=PennDOT_Vehicle_Certification,cn=Application Access,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=idm46,ou=services,o=acme, Request DN:cn=20160308084310-15da49b28ddf4ee1b7d71b4ce220c080-0,cn=Requests,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=idm46,ou=services,o=acme, Request Category: 10, Request Status: 0, Original Request Status: 0, Correlation ID: UserApp#UserStartWorkflow#082080ec-5b10-498f-b87d-28825ab63278

Most log entries do not use the optional line breaks ([\n]). Notice that the time-date-stamp, the severity, subsystem, and message text are on the same line so that stream-oriented editors that use only one line (such as grep) can be used to locate related log entries.

If a message is logged within the context of a transaction, the message text contains the Correlation ID assigned to the transaction.

The Tomcat server uses the host computer's default character encoding for the messages it writes.

8.5.1 Message Fields

A Tomcat server message contains a consistent set of fields as described in the following table. In addition, if your applications use Tomcat logging services to generate messages, those messages will contain these fields.

Table 8-2 Fields in a Log Entry

Field

Description

Time-date-stamp

Time and date when the message originated in a format that is specific to the locale. The JVM that runs a Tomcat server instance refers to the host computer operating system for information about the local time zone and format.

The date and time is specified in the W3C profile format of ISO 8061. It has the following fields: year-month-day-T-hour-minutes-seconds-time zone. The Z value for the time zone indicates that the time is specified in UTC.

Severity

Indicates the degree of impact of the event reported by the message such as warning, informational, or debug.

In the example log entry, the level of severity is Info.

Subsystem

Indicates Tomcat’s subsystem or the type of the module that was the source of the message. For example, RBPM or Java Messaging Service (JMS).

In the example log entry, this field contains the following string:

com.novell.idm.nrf.service.RoleManagerService- [RBPM] [Role_Request]

Message text

A description of the event or condition specific to the log entry. It can be as simple as an informational string, such as the string in the example log entry:

Requested by cn=David.Scully,ou=Active,ou=People,o=acme, Target DN: CN=Kaitlin.Demore,OU=active,OU=People,O=acme, Source DN:cn=PennDOT_Vehicle_Certification,cn=Application Access,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=idm46,ou=services,o=acme, Request DN:cn=20160308084310-15da49b28ddf4ee1b7d71b4ce220c080-0,cn=Requests,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=idm46,ou=services,o=acme, Request Category: 10, Request Status: 0, Original Request Status: 0,

If a message is logged within the context of a transaction, the message text contains an identifier assigned to the identity applications transaction. Identity applications transactions are actions such as authenticating a user, processing a request for a role, and request for access to a resource.

An identifier is assigned to each identity applications transaction.

If a user requests access to multiple resources, multiple request objects are created and each request is given a separate Correlation ID. Each request is processed separately and status of each can be seen in the user request history.

The example log entry contains the following Correlation ID:

UserApp#UserStartWorkflow#082080ec-5b10-498f-b87d-28825ab63278

8.5.2 Message Severity

The severity attribute of a log message indicates the potential impact of the event or condition that the message reports. The following table lists the severity levels of log messages from the identity applications subsystems, starting from the lowest to the highest level of impact.

Level

Description

Fatal

The least detail. Writes fatal errors to the log.

Error

Writes errors (plus all of the above) to the log.

Warn

A suspicious operation or configuration has occurred but it might not affect normal operation. Writes warnings (plus all of the above) to the log.

Info

Used for reporting normal operations; a low-level informational message. Writes informational messages (plus all of the above) to the log.

Debug

Writes debugging information (plus all of the above) to the log.

Trace

Used for most detailed messages. You can configure this level to report the request path of a method. Writes tracing information (plus all of the above) to the log.

You can set a log severity level on loggers and appenders. When set on a logger, none of the appenders receives any events that are rejected by that logger. For example, if you set the log level to Info on a logger, none of the appenders will receive Warn level events. When you set a log level on the appender, the restriction only applies to that appender and not to other appenders. For example, if you turn Error off for the File appender, no Error messages are written to the log file. However, Error messages are written to the standard.out file.

<logger name="com.sssw" level="INFO" additivity="true">
             <appender-ref ref="CEF"/>
        </logger>
<logger name="com.netiq" level="DEBUG" additivity="true">
            <appender-ref ref="CEF"/>
        </logger>

You set log levels for loggers using the Logging Administration page or the log4j file. For more information, see Configuring Logging Settings in Identity Manager Dashboard. Loggers can also be configured through APIs. You can only enable or disable an appender.

The identity applications modules generate many messages of lower severity and fewer messages of higher severity. For example, under normal circumstances, they generate many Info or Trace messages. If your application uses Tomcat logging services, it can use an additional severity level of Debug.