Skip to main content

Logging Service (idmlogsvc)

The Logging Service (idmlogsvc) manages logging sessions for a particular instance. It captures event messages from Bravura Security Fabric program execution, and writes them to the configured log file (idmsuite.log by default).

The Logging Service also has the ability to write to the Windows event logs.

If the Bravura Security Fabric server runs out of disk space, the Logging Service stops logging until there is at least 10 MB of disk space available, then it begins logging again.

Dependencies / requirements

The Logging Service must start before all other application binaries or services, before IIS, at the same time the OS starts up, and stop after all product services including IIS (so it doesn't miss logging entries). This is because there are other binaries, triggered by IIS or manually whose log events must be captured. The services configuration is in the Windows registry and it writes directly to disk, so it does not need the Database Service (iddb) to be running.

Configuration

The service is automatically installed and started on the Bravura Security Fabric server during setup. You can modify the following parameters related to this service on the Service information page (Manage the system > Maintenance > Services > Logging Service (idmlogsvc)).

You can update the idmlogsvc parameters without having to restart the Logging Service; however, the service’s event tracing needs to be restarted for the configuration changes to take effect.

See psdebug to see how the service options can be overridden.

Table 1. idmlogsvc service options

Option

Description

Name of the log file

The name of the Bravura Security Fabric log file. The default is idmsuite.log .

The file is created in the directory defined by the PSTempDir system variable (Maintenance > Options). This is normally <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance>. When the service starts, Bravura Security Fabric creates the directory if it does not already exist.

Default level for log messages

The default logging level. It can be set to:

  • No debugging

  • Default debugging

  • Full debugging

Enabled extended log levels

The default extended level. It can be set to none, one or more of:

  • Runtime performance messages – All binary and script performance are recorded.

  • Ajax runtime performance messages – All Ajax requests, including the function name, transid, duration, and user are recorded.

  • Stored procedure runtime performance messages – The performance of stored procedures, called by binaries, is recorded.

  • Local workstation service runtime performance messages

  • Replication runtime performance messages



Command-line options for idmlogsvc are listed below:

Table 2. idmlogsvc service command-line options

Argument

Description

-h

Displays usage information.

-server

Run the service in server mode.

-start

Starts the service.

-stop

Stops the server/service

The following can be set only if the service is running:

-trace-start

Starts tracing the logging information.

-trace-stop

Stops tracing the logging information.

-trace-restart

Restarts tracing the logging information.

-rotatelog <N>

Rotate the log folder for at most <N> rounds. See Log directory rotation .

-config -logfile <filename>

Set the log file name.

-config -level <level>

Set the default logging level.

It can be set to:

  • 0 No debugging

  • 4 Default debugging

  • 6 Full debugging

-config -extlevel <[level name]>

Set extended log levels.

It can be set to none, one or more of:

  • perf Runtime performance messages – All binary and script performance are recorded

  • perf_sproc Stored procedure runtime performance messages – The performance of stored procedures, called by binaries, is recorded.

  • perf_lws Local workstation service runtime performance messages

  • perf_replication Replication runtime performance messages

  • perf_ajax Ajax runtime performance messages – All Ajax requests, including the function name, transid, duration, and user are recorded.

-config -bufsize <N>

Set the size of the session buffers.

-config -bufmax<N>

Set the maximum number of buffers.



Log directory rotation

You can use the following command from the service directory to rotate the Logs directory defined by the PSTempDir system variable:

idmlogsvc -rotatelog [<N>]

This command performs a backup and rotation of the Logs directory. That is, it appends .<yyyy>-<mm>-<dd>-<hhmmss>. <SerialNo> to the old directory name and creates a new directory with the original name, up to a maximum of <N> copies (default is 7).

If the directory path set in the PsTempDir system variable (Maintenance > Options) ends with the instance name, the entire log folder will be rotated, creating new folders named after the instance. Otherwise, all files and folders contained inside PsTempDir will be non-recursively rotated, using their original names.

To perform a one time manual rotation of the log file directory, type:

idmlogsvc.exe -rotatelog

By default, the rotation method is set to using the last modified date of the folder/file. You can modify the rotation method by adding the following registry entry in:

HKLM\SOFTWARE\Bravura Security\Bravura Security Fabric\<instance>\idmlogsvc

Entryname

RotateType

Value

0—1 Set to 1 to rotate using the date and time contained in the folder/file name.

Datatype

DWORD

Default

0

Logs directory rotation is scheduled to occur nightly on the Bravura Security Fabric server. Logs on proxy servers are rotated if auto discovery is executed between +/-0.5 hours of the scheduled job. See About the Bravura Security Fabric Log for more information about log files.

Event tracing

To stop and start event tracing from the command line, so that configuration parameters can be changed, type the following:

idmlogsvc.exe -trace-stop

Once you have finished modifying configuration parameters, type:

idmlogsvc.exe -trace-start

Alternatively, you can make the configuration changes and then restart event tracing by typing:

idmlogsvc.exe -trace-restart

Logging to a syslog service

You can enable the Logging Service to log to a syslog service on a remote system in addition to the existing local text files.

The service uses a configuration file, idmlogsvc.cfg, located in the \<instance>\service\ directory. This file is automatically generated when you install Bravura Security Fabric . To set syslog logging, you must edit idmlogsvc.cfg to contain the address of the syslog service.

To do this, on the Bravura Security Fabric server:

  1. Stop the Logging Service.

  2. Create a backup copy of idmlogsvc.cfg.

  3. Open idmlogsvc.cfg using a text editor.

    1. To enable the syslog delivery feature change the following:

      !SyslogCollectors = {

      to

      SyslogCollectors = {

    2. Set the syslog collector host, file location or debug output prefix:

      "UDP=10.0.59.189" "514" = {

      or

      "TCP=10.0.59.189" "514" = {

      or

      "FILE=C:\\Windows\\Temp\\idmlogsvc_syslog.txt" "" = {

      or

      "DEBUG=::IDMLOG::" "" = {

    3. Set the preferred format of the logs. By default the log is set to syslog format.

    4. Set the preferred end-of-line style. By default the log end-of-line style is set to none.

    5. Define the delivery conditions by changing the Matches KVGroup to include or exclude certain log messages. Examples are provided in the configuration file, idmlogsvc.cfg.

  4. Save the file.

  5. Restart the Logging Service.

When upgrading Bravura Security Fabric , the idmlogsvc.cfg configuration file will be retained from the previous version. A new configuration file named idmlogsvc.bak will be created and will contain the configuration settings of idmlogsvc.cfg for Bravura Security Fabric 12.9.0.

This configuration file should be reviewed for any changes between idmlogsvc.cfg (configuration settings from the previous version) and idmlogsvc.bak (configuration settings for Bravura Security Fabric 12.9.0) after the upgrade is complete.

Excluding types of data

You can exclude certain types of data from idmsuite.log by editing idmlogsvc.cfg to include an ExcludeFromMainLog KVGroup.

To do this, on the Bravura Security Fabric server:

  1. Stop the Logging Service.

  2. Create a backup copy of idmlogsvc.cfg.

  3. Open idmlogsvc.cfg using a text editor.

  4. Add an ExcludedFromMainLog KVGroup with the following syntax:

    ExcludedFromMainLog = {
<module name>[compare operator] = <log level name>;
...
};

    Compare operators are:

    : equal the level (omitted)

    > equal or higher than the level

    < equal or lower than the level

    ! not the level

You can use * as a wild card for both the module name and log level. For example:

ExcludedFromMainLog = {
*: = per_lsw;
updinst.exe>=info;
psupdate.exe< = info;
iddb.exe! = verbose;
mobworker.exe = ⋆;
};

Combining repeated log messages

The Logging Service reduces the amount of times a particular log message is displayed when logged consecutively. For example, if multiple instances of a particular log message occurs in a given interval, the message will be only be displayed once, and will be followed by a log message stating the number of times the last message was repeated.

For example:

2014-04-03 12:26:23.286.5320 - [] test_plugin [60,64] Info: Waiting for
response
2014-04-03 12:26:33.288.6614 - [] test_plugin [60,64] last message repeated 4 times

The default interval that the log messages will be combined is 60 seconds. After this interval, the next instance of the log message will be displayed again, and any other instances of the message that follow will be combined accordingly.

You can modify the repeated timeout value by adding the following registry entry in:

HKLM\SOFTWARE\Bravura Security\Bravura Security Fabric\<instance>\idmlogsvc

Entry name

force-flush-repeated-timeout

Value

the time in seconds to combine repeated log messages.

Data type

DWORD

Default

60

In this section: