Logging is the main tool you use for debugging the Access Manager configuration. You can enable and configure how the system performs logging. All administrative and end-user actions and events are logged to a central event log. This allows easy access to this information for security and operational purposes. Additionally, the log system provides the ability to monitor ongoing activities such as identity provider authentication activity, up-time of the system, and so on. File logging is not enabled by default.
Each Access Manager device has configuration options for logging:
Identity Server: Logging is turned off and must be enabled. When you enable Identity Server logging, you also enable logging for the Embedded Service Providers that are configured to use Identity Server for authentication. See Configuring Logging for Identity Server.
Embedded Service Providers: Each Access Manager device has an Embedded Service Provider that communicates with Identity Server. Its log level is controlled by configuring Identity Server logging.
Access Gateway Appliance: A log notice level of logging is enabled by default. You can change the level from the command line interface. For information, see Managing Access Gateway Logs.
Access Gateway Service: The logs contain the messages sent between the Gateway Service and the Embedded Service Provider and between the Gateway Service and the web server. This type of logging is turned off and must be enabled. For information, see Managing Access Gateway Logs.
The logrotate daemon is configured to scan the files in the directories once a day. It rolls them over when they have reached their maximum size and deletes the oldest version when the maximum number of copies have been created.
For any of the components, if you want to modify this behavior, see the following files:
Administration Console
/etc/logrotate.d/novell-devman
Identity Server
/etc/logrotate.d/novell-idp
Access Gateway
etc/logrotate.d/novell-mag
This sections discusses the following topics: