Automated management and purging of IIQ application log files

Version : 8.4

We use IIQ and are experiencing rapid growth in the number of log files generated by the application and the application server (Tomcat/Log4j) on disk.

We run the Perform Maintenance task and have configured the Days before provisioning transaction event deletion and Days before syslog event deletion settings in the Global Settings to regularly purge the Syslog table and Provisioning Transactions.

Our issue: Physical log files (Log4j) on disk. The application’s physical log files (those configured via log4j2.properties, often in DEBUG or TRACE mode for troubleshooting) continue to consume a significant amount of disk space.

What best practice does SailPoint recommend for automating the monthly purging or lifecycle management of physical application log files (.log files on disk, not stored in a database)?

Are there any age- or size-based deletion policies directly in the log4j2.properties configuration file?

Or is it necessary to use external operating system scripts (such as scheduled tasks on Windows) to identify and delete .log files that exceed the desired age (e.g., 30 days)?

Thank you for your feedback.

Hi @Hamza10 based on my understanding “and pleae revalidate/double-check” , IIQ only helps you purge database data (Syslog, Provisioning Transactions) via Perform Maintenance + Global Settings. It does not manage or delete the physical log files on disk. Those are fully handled by log4j2/Tomcat/OS.

What I usually do on projects:

• Let log4j2 handle rotation + retention
  In log4j2.properties (the one used by sailpoint.log, etc.) make sure you’re using a RollingFile / RollingRandomAccessFile appender with both:
  • time/size-based rollover
  • a delete policy for old files
• Use OS tools for non-log4j logs
  For things like catalina.out or any app-server logs that aren’t under log4j2:
  • Windows: simple scheduled PowerShell to delete *.log older than N days.

Please don’t hesitate to let me know if you need any further elaboration or samples

Regards,

Mustafa

Hi @Hamza10 here is an example of the rollingFile Appender creating a 100mb log with a max of 10. Oldest ones are deleted when it hits the max threshold.
appender.default.type = RollingFile

appender.default.name = LogToRollingFile

appender.default.fileName = ${basePath}/sailpoint.log

appender.default.filePattern = ${basePath}/$${date:yyyy-MM}/sailpoint-%d{MM-dd-yyyy}-%i.log.gz

appender.default.layout.type = PatternLayout

appender.default.layout.pattern = %d{ISO8601} %5p %c{4}:%L - %msg%n

appender.default.policies.type = Policies

appender.default.policies.time.type = TimeBasedTriggeringPolicy

appender.default.policies.size.type = SizeBasedTriggeringPolicy

appender.default.policies.size.size=100MB

appender.default.strategy.type = DefaultRolloverStrategy

appender.default.strategy.max = 10

Thank you @Muhammad_Mustafa for your detailed and accurate answer.
Your explanation fully matches what we observe in our IIQ environment and what SailPoint recommends.

Thank you @ryan_toornburg for the configuration example.
This complements the previous answer well:
Log4j2 rotation is indeed the right way to control the size of application logs.

After reviewing internally with our architect and checking our own log4j2.properties, here is the summary we validated:

Our IIQ instance already uses RollingFile for sailpoint.log and sailpoint-debug.log

Rotation is working correctly (20MB max, capacity 5 and 20 files)

However, as mentioned above, stdout/stderr are not managed by log4j2, and Tomcat still writes very large files (sometimes several GB)

Because of this, we will disable stdout logging in log4j2 and rely only on the rotating appenders

Thanks again to everyone for the help.
Much appreciated!

You are more than welcome any time @Hamza10 , have a nice and great one !

Regards,

Mustafa

You bet @Hamza10 , glad you were able to work it out.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.