Forwarding IBM Verify Identity Governance logging and tracing to WebSphere Application Server
You can optionally forward Identity Manager logging and tracing to WebSphere® Application Server.
About this task
You can forward the logging and
tracing information to the WebSphere Application Server by changing
the enRoleLogging.properties file. The
JLog
levels are mapped to WebSphere Application Server logging levels
or Java™ logging levels. The
following table shows this mapping.
JLog levels | Maps to... | Java logging levels |
---|---|---|
ERROR |
=> | SEVERE |
WARN |
=> | WARNING |
INFO |
=> | INFO |
DEBUG_MIN |
=> | FINE |
DEBUG_MID |
=> | FINER |
DEBUG_MAX |
=> | FINEST |
Procedure
- Add
the logger.forwardToWAS=true property in enRoleLogging.properties.Note: This property is for UI-tier logging. UI-tier uses Java logging API directly. When this property does not exist or is set to
false
, UI-tier attaches a custom handler to route the UI-tier logging toJLog
. Otherwise, the logging is routed to the WebSphere Application Server automatically because it has a handler attached to the Java root logger. - Modify the handler.file.className=com.ibm.log.FileHandler property in enRoleLogging.properties as follows:
handler.file.className=com.ibm.itim.logging.JSR47Handler
Note: After the handler is set to use theJSR47Handler
, any format settings in enRoleLogging.properties are ignored. The formatting uses the WebSphere Application Server logging and tracing settings. - Turn on the fine-level tracing
for Identity Manager components.
- Access the WebSphere Application Server administrative console.
- Navigate to .
- Click the Runtime tab so that you do not need to restart the WebSphere Application Server or clusters.
- Add
com.ibm.itim.*=fine
to the Components field:*=info: com.ibm.itim.*=fine
- Restart the Identity Manager application. Use the WebSphere Application Server administrative console.
Results
Identity Manager now
forwards logging and tracing information to the WebSphere Application Server.
- $WAS_HOME/profiles/profilename/logs/activity.log contains all the run time messages in CBE binary format.
- $WAS_HOME/profiles/profilename/logs/server name/trace.log contains trace information.
What to do next
View the run time messages stored in theactivity.log
on the WebSphere Application Server administrative console. Select .Viewing the trace file on the WebSphere Application Server administrative console
You can view the trace file on the WebSphere Application Server administrative console.
Procedure
- Select .
- Select the Runtime tab.
- Select View.
What to do next
After the initial setup,
you can change trace levels for any component. Change the enRoleLogging.properties file and WebSphere Application Server. For example,
the following changes enable
FINER
tracing on the
workflow component:- For the Identity Manager enRoleLogging.properties file:
logger.trace.com.ibm.itim.workflow.level=DEBUG_MID
- For the WebSphere Application Server administrative console:
*=info:com.ibm.itim.*=fine:com.ibm.itim.workflow.*=finer