Logging for CA IAM Connector Server

CA Identity Manager Connector Guides › Connectors Guide › Managing CA IAM Connector Server › Logging for CA IAM Connector Server

Logging for CA IAM Connector Server

You can see log files for the following components:

Logging for CA IAM Connector Server
Logging for each endpoint type

View a Log

You can view a log by reading a text file, or through a web browser.

To see the 500 most recent log messages, log in to CA IAM Connector Server, and click the Logs tab.

To see an entire log, open one of the following files from cs_home\jcs\logs:

Log File Name	Description
jcs_daily.log	Today's logging from CA IAM Connector Server. These messages are also displayed in the Logs tab.
jcs_daily.log.YYYYMMDD	jcs_daily.log for a particular date
servicemix.log	All the content from the jcs_daily.log, plus some additional messages from ServiceMix. ServiceMix is the toolkit with which CA IAM Connector Server was created.
servicemix.log.YYYYMMDD	servicemix.log for a particular date
endpoint-type/jcs_conn_connector-name.log	Logging for a connector
endpoint-type/jcs_conn_connector-name.log.YYYYMMDD	Logging for a connector for a particular date

When you are trying to identify a fault, we recommend that you start with jcs_daily* files and work downwards to the connector-specific log files.

Configure Logging for CA IAM Connector Server

The jcs_daily.log and servicemix.log files that are listed in View a Log are configured in a text file. You can modify the file to change the following aspects of logging:

The logging levels for each of the components in CA IAM Connector Server.
Whether log files are appended daily
The formatting of the lines that are written to the log

By default, the logging configuration is minimal, so that performance is not reduced.

If you find a problem with a connector or CA IAM Connector Server, contact CA Support. Before you send your logs to the support team, we recommend that you configure the logging to capture detailed information.

Follow these steps:

Identify how to trigger the problem with your deployment.
Replace the default logging configuration file with the verbose configuration:
1. Find the following file:
```
cs_home/etc/org.ops4j.pax.logging.cfg
```
2. Rename this file to org.ops4j.pax.logging.cfg.original.
3. Find org.ops4j.pax.logging.cfg.verbose and rename it to remove .verbose. This file will now provide the logging configuration.
4. Restart CA IAM Connector Server.
Trigger the problem that you have identified.
Zip the entire cs_home/logs directory, and include the zipped file with your support request.
To reduce the logging level, reverse step 2:
1. Rename org.ops4j.pax.logging.cfg to org.ops4j.pax.logging.cfg.verbose.
2. Rename org.ops4j.pax.logging.cfg.original to org.ops4j.pax.logging.cfg.
3. Restart CA IAM Connector Server.

Note: You can also edit org.ops4j.pax.logging.cfg in a text editor.

Configure Logging for a Connector

Each endpoint type has a configuration file that defines its logging. You can configure the logging for a particular connector by sending LDAP commands to CA IAM Connector Server.

The endpoint log files contain most of the logging data for the relevant connector. However, also look for relevant logging in the jcs_daily.log* systemwide log file. Messages can be logged to the systemwide file for the following reasons:

A connector uses third-party libraries.
A connector was developed (using Connector Xpress or the SDK) without sufficient attention to logging.
Problems occur while creating or activating a connector.

Follow these steps:

With an LDAP client, bind to CA IAM Connector Server using the following details:
- Port: 20410 (LDAP) or 20411 (LDAPS)
- User: cn=root,dc=etasa
- Password: Use the password that was specified during installation
Find the entry with the following DN:
```
eTDYNDirectoryName=${CONN},eTNamespaceName=${CONN_TYPE},dc=${DOMAIN},dc=etasa
```
You can enable and configure logging by changing the attributes of this entry.
To enable logging for a connector, modify the following attribute:
- eTLog=1 (active)
To configure the logging level for a connector, include the following attributes:
- eTLogDestination='F' (file)
- eTLogFileSeverity=severity-code
  Use the following severity codes:

Logging Level	Severity in Provisioning Server	Severity Code in Provisioning Server
DEBUG	Information	I
INFO	Non-Admin Success	S
WARN	Warning	W
ERROR	Error	E
FATAL	Fatal	F

Increase the Number of Log Messages Seen

When you log in to CA IAM Connector Server to view log messages, you can see only the 500 most recent messages. These messages are kept in memory, which is why so few can be seen.

You can filter which messages are shown on the Logs tab, using the options under the Logs heading. These filters apply to the 500 most recent messages. They do not change the way that CA IAM Connector Server records log messages.

You can configure the page to display more or fewer messages.

Follow these steps:

Open the following file in a text editor:
```
cs_home/etc/org.apache.karaf.log.cfg
```
Find and edit the following setting:
```
size = 500
```
Note: If you set the size too high, CA IAM Connector Server becomes slower.
Save the file.
Restart CA IAM Connector Server.

Interpreting Log Messages

All log messages include the following information:

Date and time

The timestamp on the local host when the message was logged. The date and time use ISO8601 format.

Elapsed time

The number of milliseconds elapsed since the server started.

Thread name

The thread that logged the message, for example [Timer-1].

Bundle name, class name, and line number

The bundle that contains the executed code, the class from which the message came, and the line number (if this number is available). This section uses the following format:

(bundle-name:class-name:line)

For example:

(com.ca.jcs.core:com.ca.jcs.osgi.listener.ImplBundleServiceListener:123)

Severity level

The severity of the message:

Error
Warning
Info
Debug

Message

The actual log message.