enRoleLogging.properties

The enRoleLogging.properties file specifies attributes that govern the operation of the jlog logging and tracing API that is bundled with Identity Manager.

jlog is a logging package for Java™. With this package, you can log messages by message type and priority. At run time, you also can control how these messages are formatted and where they are reported.

The enRoleLogging.properties properties page defines the properties that are used to configure IBM Verify Identity Governance logging properties and which are available for modification.

enRoleLogging.properties properties

General settings
logger.refreshInterval

Specifies the refresh interval [in milliseconds] of the logging properties.

Example:

logger.refreshInterval=300000
logger.msg.com.ibm.itim.security.logChoice

Specifies the type of authentication attempts to log.

Valid values are:
  • failure —- Log authentication failures.
  • success —- Log authentication successes.
  • both —- Log both authentication failures and successes.

Example:

logger.msg.com.ibm.itim.security.logChoice=failure
logger.msg.com.ibm.itim.security.logging

Specifies whether authentication attempts are logged or not.

Valid values are:
  • true —- Log authentication attempts.
  • false —- Do not log authentication attempts.

Example:

logger.msg.com.ibm.itim.security.logging=true
handler.file.security.maxFiles

Specifies the maximum number of security log files.

Example:

handler.file.security.maxFiles=10
logger.msg.level

Specifies the logging level for messages.

Valid values are:
  • INFO
  • WARN
  • ERROR

Example:

logger.msg.level=INFO
handler.file.msg.maxFiles

Specifies the maximum number of message log files.

Example:

handler.file.msg.maxFiles=5
logger.trace.level

Specifies the tracing level.

The supported trace levels are:
  • DEBUG_MIN
  • DEBUG_MID
  • DEBUG_MAX

DEBUG_MAX is the most verbose trace level and can effect system performance. When you debug a problem, avoid setting DEBUG_MAX at logger.trace. Set the DEBUG_MAX at the effected components or packages.

Example:

logger.trace.level=DEBUG_MIN
handler.file.trace.maxFiles

Specifies the maximum number of trace log files.

Example:

handler.file.trace.maxFiles=10
handler.file.maxFileSize

Specifies the maximum log file size in kilobytes

Example:

handler.file.maxFileSize=1024

Enabling tracing for the Identity Manager user interface

You must set the level to FINEST in WebSphere® Application Server to get the user interface trace working.

Enabling tracing for the Identity Manager user interface is a two-step process:
  • Set the appropriate component loggers in the enRoleLogging.properties file.
  • Enable WebSphere tracing by logging in to the WebSphere Application Server administrative console.
To enable the tracing level for the WebSphere Application Server administrative console, complete these steps:
  1. Log in to the WebSphere Application Server administrative console.
  2. Select Troubleshooting -> Logs and Trace.
  3. Click the appropriate server (for example, Server1).
  4. Select Change log detail levels under General Properties.
    • To make a static change to the configuration, click the Configuration tab.

      A list of well-known components, packages, and groups is displayed.

    • To change the configuration dynamically, click the Runtime tab.

      The list of components, packages, and groups displays all the components that are currently registered on the running server.

  5. Expand the node for com.ibm.itim.* under *[All Components].
  6. Click the node labeled com.ibm.itim.ui.*and select All Messages and Traces.
  7. Click Apply.
  8. Click OK.
  9. Stop and then restart the WebSphere Application Server to set the static configuration changes.
You must enable the debug level for the user interface package in the following section of the enRoleLogging.properties file:
# UI-tier tracing
# logger.trace.com.ibm.itim.ui.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.common.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.controller.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.customizer.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.help.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.impl.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.listener.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.tasklauncher.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.validator.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.view.level=DEBUG_MIN
# logger.trace.com.ibm.itim.ui.viewmodel.level=DEBUG_MIN

For more information about setting the trace level, see http://www.ibm.com/support/knowledgecenter/SSBJCK_7.0.0/com.ibm.btools.modeler.basic.inst.doc/configuring/settingloggingpreferences.html.