1.8 Enabling Policy Logging

Policy logging is expensive; it uses processing time and disk space. In a production environment, you should enable it only under the following types of conditions:

To gather troubleshooting information, you should enable the File Logging and Echo To Console options in the Identity Server configuration and set the Component File Logger Levels for Application to at least info. Then you must update the Identity Server configuration and restart any Access Gateway Embedded Service Providers, so that the Embedded Service Providers read the logging options. See Configuring Component Logging in the NetIQ Access Manager 3.1 SP5 Identity Server Guide. When you have solved the problem, you should disable these options.

The log file on the component that executed the policy is where you should look for logging information. For example, if you have an Access Gateway: Authorization error, look at the log on the Access Gateway that executed the policy.

For additional policy troubleshooting procedures, see Section 6.0, Troubleshooting Access Manager Policies.