CCG logs in identityNow

Hi Team,

Can some one help me to get CCG logs.

We are doing below points to get CCG logs ,Please let me know if I’m missing anything.

1. Adding logger path in my two servers - log4j2.properties file and following below link steps to add in log4j2.properties.
   CCG Enable Debug Log by Connector - Compass

2. Enabling debug in identity Now( Virtual Appliance Clusters)

Please let me know if I’m missing anything.

And what all are logs we will be getting in CCG.log.

And how long loggers will stay in log4j2.properties file, Can we do anything to have all the time ?

Thank you,
Saikumar

How are you accessing the logs? Are you logging into your Virtual Appliance to view the logs?

Hi Sai

You are doing it correctly. All logging will be in ccg.log file

I believe loggers will stay in log4j2.properties until CCG is restarted.

I make a copy of log4j2.properties (eg log4j2.properties.backup) - so I can just copy the file back as required

> cp log4j2.properties.backup log4j2.properties

Hi @saikumar39 , you are doing it right.
For your question, you will see detailed level logs related to provisioning, aggregation, health checks, etc. for the source that you’ve defined in debug mode.

I believe it’s like that for 24hours after which VA resets them to INFO (from my understanding).

Hi Gaurav ,

I want the logs level to be setup at Error, But I haven’t seen any where in compass.

Can we setup like below
logger.ADLDAPConnector.level = ERROR

Thank you,
Saikumar

Hi Sharvari,

After sometime loggers are getting removed from log4j2.properties but we haven’t restarted CCG.

Is that expected behavior?

And how long loggers will stay in log4j2.properties file ?

You can use the below API to check the duration.

GET /beta/managed-clusters

• durationMinutes is the number of minutes to enable the logging.

Standard duration might be 60 mins.

Loggers don’t stay in ccg file forever they get removed if ccg is restarted or logging is enabled/disabled. To retain changes in log4j2 file I usually make a copy of the file so it can be swapped easily when we wish to debug again.

Hi Sharvari,

Is there any API to modify this duration lets say 48 hours or so ?
We never know when the issue will come in Prod tenant and need to monitor for some decent time.

Thanks in advance.

Yes, you can use the below API to modify duration etc.

PUT /beta/managed-clusters/{id}/log-config

Kindly refer this link for more information : https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107

Hi Shavari,

We have updated 1440 mints which is 24 hours but after one hour they get removed.

Please find Screenshot for ref .

And we have updated below loggers.

logger.ADLDAPConnector.name = sailpoint.connector.ADLDAPConnector
logger.ADLDAPConnector.level = ERROR
logger.ADLDAPConnector.additivity = false
logger.ADLDAPConnector.appenderRef.rolling.ref = STDOUT

logger.LDAPConnector.name = sailpoint.connector.LDAPConnector
logger.LDAPConnector.level = ERROR
logger.LDAPConnector.additivity = false
logger.LDAPConnector.appenderRef.rolling.ref = STDOUT

logger.DelimitedFileConnector.name = sailpoint.connector.DelimitedFileConnector
logger.DelimitedFileConnector.level = ERROR
logger.DelimitedFileConnector.additivity = false
logger.DelimitedFileConnector.appenderRef.rolling.ref = STDOUT

MicrosoftTeams-image (1)775×573 17 KB

I am not sure why it worked that way, did you try to open a Sailpoint support case ?

Also, I see you are setting log level to ERROR. I believe all errors are captured in the logs by default so if there was any you should be able to see it in ccg log.

Hi Sharvari ,

So by default, INFO would be the log level setup in CCG ?
We wanted to have DEBUG level for initial few days post Go Live so wanted to check the above configurations work for Error/Debug.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.