Forwarding IBM Verify Identity Governance logging and tracing to WebSphere Application Server

You can optionally forward Identity Manager logging and tracing to WebSphere® Application Server.

About this task

You can forward the logging and tracing information to the WebSphere Application Server by changing the enRoleLogging.properties file. The JLog levels are mapped to WebSphere Application Server logging levels or Java™ logging levels. The following table shows this mapping.
Table 1. JLog levels
JLog levels Maps to... Java logging levels
ERROR => SEVERE
WARN => WARNING
INFO => INFO
DEBUG_MIN => FINE
DEBUG_MID => FINER
DEBUG_MAX => FINEST

Procedure

  1. Add the logger.forwardToWAS=true property in enRoleLogging.properties.
    Note: This property is for UI-tier logging. UI-tier uses Java logging API directly. When this property does not exist or is set to false, UI-tier attaches a custom handler to route the UI-tier logging to JLog. Otherwise, the logging is routed to the WebSphere Application Server automatically because it has a handler attached to the Java root logger.
  2. Modify the handler.file.className=com.ibm.log.FileHandler property in enRoleLogging.properties as follows:
    handler.file.className=com.ibm.itim.logging.JSR47Handler
    Note: After the handler is set to use the JSR47Handler, any format settings in enRoleLogging.properties are ignored. The formatting uses the WebSphere Application Server logging and tracing settings.
  3. Turn on the fine-level tracing for Identity Manager components.
    1. Access the WebSphere Application Server administrative console.
    2. Navigate to Troubleshooting > Logging and Tracing > server name > Diagnostic Trace > Change Log Detail Levels.
    3. Click the Runtime tab so that you do not need to restart the WebSphere Application Server or clusters.
    4. Add com.ibm.itim.*=fine to the Components field:

      *=info: com.ibm.itim.*=fine

    5. Restart the Identity Manager application. Use the WebSphere Application Server administrative console.

Results

Identity Manager now forwards logging and tracing information to the WebSphere Application Server.
  • $WAS_HOME/profiles/profilename/logs/activity.log contains all the run time messages in CBE binary format.
  • $WAS_HOME/profiles/profilename/logs/server name/trace.log contains trace information.

What to do next

View the run time messages stored in the activity.log on the WebSphere Application Server administrative console. Select Troubleshooting > Runtime Messages.

Viewing the trace file on the WebSphere Application Server administrative console

You can view the trace file on the WebSphere Application Server administrative console.

Procedure

  1. Select Troubleshooting > Logging and Tracing > server name > Diagnostic Trace Service.
  2. Select the Runtime tab.
  3. Select View.

What to do next

After the initial setup, you can change trace levels for any component. Change the enRoleLogging.properties file and WebSphere Application Server. For example, the following changes enable FINER tracing on the workflow component:
  • For the Identity Manager enRoleLogging.properties file:

    logger.trace.com.ibm.itim.workflow.level=DEBUG_MID

  • For the WebSphere Application Server administrative console:

    *=info:com.ibm.itim.*=fine:com.ibm.itim.workflow.*=finer