Skip to main content

Configuring logging levels on an application server

There are times where it is necessary to obtain more information for troubleshooting than the default level of logging generated by the product, but that generates large logs. To avoid logs that are overwhelmingly large, it is recommended to only activate additional logging for the binaries under investigation.

There are two methods to adjust the logging level covered below; from the command line interface (CLI) using psdebug or configuring the Logging service (idmlogsvc) using the WebUI (web-based user interface). These methods both assume the issue is occurring on the Bravura Security Fabric server, rather than other systems .

The general workflow for generating the additional logging is as follows:

  1. Precisely define the required steps to reproduce the issue.

  2. Make note of the time and rotate the logs to generate clean logs if necessary:

    <instance>\instance.bat

    <instance>\samples\idmlib\script\rotate_logs.py

    OR

    <instance>\idmlogsvc.exe -rotatelog

  3. Set the desired log level, from the command line or from the web interface .

  4. Reproduce the issue by following the previously defined steps.

  5. Reset to the default log level.

  6. Verify log output.

  7. Provide context for the debug logging data:

    • The date/time of the workflow/process

    • Step-by-step details of the workflow/process that can be followed to reproduce the issue

    • Any relevant values to look for (userids, attributes or PDR involved)

    • A zip archive of idmsuite.log and any input/output KVG files

  8. Make use of the information.

Configuration of both psdebug and idmlogsvc is server-specific. Their settings are saved in the Windows registry in keys which are excluded from file replication .

Using either of these methods results in increasing the log level for the duration of the time required to reproduce a problem in order to help troubleshoot an issue or monitor for specific log entries not available at Default (Info) level.

Set the logging level from the command line

Use the psdebug program on an application server to configure logging output from various Bravura Security Fabric software components. It is helpful when troubleshooting installation or functionality problems.

The psdebug utility allows for adding specific exceptions (one binary or script at a time) to global application-wide logging settings configured in the Logging Service, for more refined logging. Using psdebug allows for smaller, more relevant and more readable logs; there is less interference from other subsystems when troubleshooting a specific issue.

  1. Open an Administrative instance prompt

  2. Execute the psdebug command by running:

    util\psdebug -level 6 -prog <executable>

    where <executable> is the name, without file extension , of the core product binary, script (default or custom), connector pack agent or interface for which we want to increase logging specifically. The debug level for most binaries is 5, but here we use 6 as the increased debug level for some agents and interfaces.

    For example, to enable the most detailed logging (Verbose = 99) for the Active Directory DN agent, the command to execute would be:

    util\psdebug -level 99 -prog agtaddn

  3. If more than one binary, custom script, or connector pack agent is relevant to the issue, repeat the last step as necessary.

  4. To create an idmsuite.log file which contains only the time period in which the issue is reproduced, execute the command:

    service\idmsuite.exe -rotatelog

  5. If the affected binary is a service, ensure the log level change takes effect by executing:

    service\idmlogsvc.exe -trace-restart

  6. Execute the steps required to reproduce the issue.

  7. To remove the additional logging settings added at step 2 (change "agtaddn" to match the required binary) execute:

    util\psdebug -remove -prog agtaddn

  8. If the affected binary is a service, apply the default settings by execurting:

    service\idmlogsvc.exe -trace-restart

See psdebug usage for more command-line usage information and examples.

Set logging levels from the web interface

This method results in modifying the logging level for all executables in the product. This could result in very large log files. It is generally better to use the CLI method to pinpoint the specific facility to increase the logging level if possible.

Ensure sufficient disk space is available to accommodate the extra data before enabling a higher level of logging.

To enable enhanced logging from the Manage the system module:

  1. Sign in as superuser or another administrative user.

  2. Select Manage the system > Maintenance > Services > Logging Service (idmlogsvc).

  3. Note the current level for Default level for log messages in order to revert back.

  4. Change the level to "Full debugging".

    This is Debug level (5), not Verbose. The Logging service page does not have an option for Verbose levels. Use the CLI method instead for such extended logging.

  5. If additional debugging options are required, select one or more options from the drop down menu directly to the right of Enabled extended log levels, which can be blank by default.

  6. Click Update.

  7. Notify the logging service to read its configuration:

    ..\service\idmlogsvc -trace-restart

  8. Execute the steps required to reproduce the issue.

  9. To ensure the correct information was captured, check the idmsuite.log file.

  10. Revert the Default level for log messages to its original level using steps 2-6 after you are satisfied with the information gathered.

See Logging service for more information on global instance logging configuration.

In this section: