Edit log settings

This document describes logging in PhenixID Server.

The reader of this document should have some basic knowledge about PhenixID Server.

Note that changes are reloaded without the requirement of restating the server.

System requirements

PhenixID Server installed.

Overview

When PhenixID server starts, by default two log-files are created:

  • server.log (see description below)
  • events.log (see description below)

The PhenixID server uses log4j as logging API. (See documentation)

Default log behavior in PhenixID server is configured in the log4j.xml file which is located in the PhenixID/config folder, e.g. /opt/PhenixID/Server/config or c:\Program Files\PhenixID\Server\config. By default most of the log-levels are set to INFO, but there are some that are set to WARN

Log Appenders

Log appenders describes how and where the logs will be written. There are different types of appenders available, for example console, file and syslog.

Log levels

INFO – The INFO level designates informational messages that highlight the progress of the application at coarse-grained level.

WARN – The WARN level designates potentially harmful situations.

ERROR – The ERROR level designates error events that might still allow the application to continue running.

DEBUG – The DEBUG Level designates fine-grained informational events that are most useful to debug an application.

TRACE – The TRACE Level designates finer-grained informational events than the DEBUG

server.log

The Server Log contains system information used when troubleshooting.

The default behaviour is to roll the log file every day, as in the example below:

<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
     <param name="File" value="logs/server.log"/>
     <param name="DatePattern" value="'.'yyyy-MM-dd"/>
     <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%d [%c{1}] %p: %m%n"/>
     </layout>
</appender>

To change the default behaviour, and instead roll the log depending on size, follow the example below:

<appender name="ROLLINGFILE" class="org.apache.log4j.RollingFileAppender">
     <param name="File" value="logs/server.log"/>
     <param name="MaxFileSize" value="5000KB"/>
     <param name="MaxBackupIndex" value="10"/>
     <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%d [%c{1}] %p: %m%n"/>
     </layout>
</appender>

In this example each file will be 5MB and 10 files will be kept as backup.

To enable this new appender as the default behaviour, change the root logger element as below:

<root>
     <level value="WARN"/>
     <appender-ref ref="ROLLINGFILE"/>
</root>

events.log

The Audit Event Log contains server events like startup, deployment, user authentication and more.

The default behaviour is to roll the log file every day, as in the example below:

<appender name="EVENT" class="org.apache.log4j.DailyRollingFileAppender">
     <param name="File" value="logs/events.log"/>
     <param name="DatePattern" value="'.'yyyy-MM-dd"/>
     <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%m%n"/>
     </layout>
</appender>

To change the default behaviour, and instead roll the log depending on size, follow the example below:

<appender name="ROLLINGEVENT" class="org.apache.log4j.RollingFileAppender">
     <param name="File" value="logs/events.log"/>
     <param name="MaxFileSize" value="5000KB"/>
     <param name="MaxBackupIndex" value="10"/>
     <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%m%n"/>
     </layout>
</appender>

In this example each file will be 5MB and 10 files will be kept as backup.

To enable this new appender as the default behaviour for events, change the logger element as below:

<logger name="EVENT" additivity="false">
     <level value="INFO"/>
     <appender-ref ref="ROLLINGEVENT"/>
</logger>

Send events to syslog

A syslog appender is available in the file /config/log4j.xml.
Uncomment to use it.
Make sure to set ip and port.
To enable it for EVENT, add an appender-ref for syslog according to this:

<logger name="EVENT" additivity="false">
        <level value="INFO"/>
        <appender-ref ref="EVENT"/>
        <appender-ref ref="SYSLOG"/>
    </logger> 

Debug for troubleshooting

When troubleshooting it is helpful to set the log level to debug to get additional information in the log file.

This should NOT be used in production unless specifically instructed, since the information written is substantial.

To set PhenixID server logging to debug, follow the example below:

<logger name="com.phenixidentity">
     <level value="DEBUG"/>
</logger>

Debug for specific packages

You can also enable debug logging for certain modules / packages.

RADIUS

<logger name="com.phenixidentity.radius.authenticator">
    <level value="DEBUG"/>
</logger>

Pipes

<logger name="com.phenixidentity.pipes">
    <level value="DEBUG"/>
</logger>

HTTP Authentication

<logger name="com.phenixidentity.authentication">
    <level value="DEBUG"/>
</logger>

NEOTP

<logger name="com.phenixidentity.neotp">
    <level value="DEBUG"/>
</logger>

SAML

<logger name="com.phenixidentity.saml">
    <level value="DEBUG"/>
</logger>

SAML IdP

<logger name="com.phenixidentity.samlidp">
    <level value="DEBUG"/>
</logger>