Skip to main content

Configuring logging levels on an application server

There are times when you need more information for troubleshooting than the default logging level provides, but increased logging generates large logs. To avoid overwhelmingly large logs, activate additional logging only for the binaries under investigation.

There are two methods to adjust the logging level: from the command-line interface (CLI) using psdebug, or by configuring the Logging service (idmlogsvc) using the web UI. Both methods assume the issue occurs on the Bravura Security Fabric server, rather than on other systems.

The general workflow for generating additional logging is as follows:

  1. Precisely define the required steps to reproduce the issue.

  2. Make note of the time and rotate the logs to generate clean logs if necessary:

    <instance>\instance.bat

    <instance>\samples\idmlib\script\rotate_logs.py

    OR

    <instance>\idmlogsvc.exe -rotatelog

  3. Set the desired log level, from the command line or from the web interface.

  4. Reproduce the issue by following the previously defined steps.

  5. Reset to the default log level.

  6. Verify the log output.

  7. Provide context for the debug logging data:

    • The date and time of the workflow or process.

    • Step-by-step details of the workflow or process that can be followed to reproduce the issue.

    • Any relevant values to look for (user IDs, attributes, or PDR involved).

    • A zip archive of idmsuite.log and any input/output KVG files.

  8. Make use of the information.

Configuration of both psdebug and idmlogsvc is server-specific. Their settings are saved in the Windows registry in keys that are excluded from file replication.

Using either of these methods increases the log level for the duration of the time required to reproduce a problem. This helps troubleshoot an issue or monitor specific log entries that are not available at the default (Info) level.

Set the logging level from the command line

Use the psdebug program on an application server to configure logging output from various Bravura Security Fabric software components. It is helpful when troubleshooting installation or functionality problems.

The psdebug utility allows you to add specific exceptions (one binary or script at a time) to global application-wide logging settings configured in the Logging Service, for more refined logging. Using psdebug produces smaller, more relevant, and more readable logs. There is less interference from other subsystems when you troubleshoot a specific issue.

  1. Open an administrative instance prompt.

  2. Run the psdebug command:

    util\psdebug -level 6 -prog <executable>

    where <executable> is the name, without file extension, of the core product binary, script (default or custom), connector pack agent, or interface for which you want to increase logging. The debug level for most binaries is 5, but here we use 6 as the increased debug level for some agents and interfaces.

    For example, to enable the most detailed logging (Verbose = 99) for the Active Directory DN agent, run the following command:

    util\psdebug -level 99 -prog agtaddn

  3. If more than one binary, custom script, or connector pack agent is relevant to the issue, repeat the previous step as necessary.

  4. To create an idmsuite.log file that contains only the time period in which you reproduce the issue, run the following command:

    service\idmsuite.exe -rotatelog

  5. If the affected binary is a service, ensure the log level change takes effect by running the following command:

    service\idmlogsvc.exe -trace-restart

  6. Reproduce the issue by following the previously defined steps.

  7. Remove the additional logging settings that you added in step 2. For example, to remove the settings for agtaddn, run the following command:

    util\psdebug -remove -prog agtaddn

  8. If the affected binary is a service, apply the default settings by executing the following command:

    service\idmlogsvc.exe -trace-restart

See psdebug usage for more command-line usage information and examples.

Set logging levels from the web interface

This method modifies the logging level for all executables in the product. This can result in very large log files. It is generally better to use the CLI method to pinpoint the specific facility to increase the logging level, if possible.

Ensure sufficient disk space is available to accommodate the extra data before you enable a higher level of logging.

To enable enhanced logging from the Manage the system module:

  1. Sign in as superuser or another administrative user.

  2. Select Manage the system > Maintenance > Services > Logging Service (idmlogsvc).

  3. Note the current level for Default level for log messages so that you can revert later.

  4. Change the level to Full debugging.

    This is Debug level (5), not Verbose. The Logging service page does not have an option for Verbose levels. Use the CLI method instead for extended logging.

  5. If additional debugging options are required, select one or more options from the drop-down menu directly to the right of Enabled extended log levels, which can be blank by default.

  6. Click Update.

  7. Notify the logging service to read its configuration:

    ..\service\idmlogsvc -trace-restart

  8. Reproduce the issue by following the previously defined steps.

  9. To ensure the correct information was captured, check the idmsuite.log file.

  10. Revert the Default level for log messages to its original level using steps 2 through 6 after you are satisfied with the information gathered.

See Logging service for more information on global instance logging configuration.

In this section: