(c) Copyright 2018 SailPoint Technologies, Inc., All Rights Reserved.
NOTE: The syntax of this file is different than what it was for
IdentityIQ 7.3 and earlier. These syntax changes are due to
our upgrade to log4j version 2.
for description of the new syntax.
######################################
Global log4j2 properties
######################################
name=identityiq_default
status=warn
monitorInterval=20
packages=sailpoint.api.logging
######################################
sailpoint properties
######################################
property.logLocation=${sys:java.io.tmpdir}${sys:file.separator}
property.discardsFilename=sailpointDiscardedMessages
#######################################
Appenders
#######################################
direct log messages to stdout
appender.stdout.type=Console
appender.stdout.name=stdout
appender.stdout.target=SYSTEM_OUT
appender.stdout.layout.type=PatternLayout
appender.stdout.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %m%n
CRLF log injection can reduce the value of application logs. CRLF log injection can
be neutralized by applying log4j2âs replace conversion pattern to a log message. If
log4j2 environment is set up to use the PatternLayout, then while in stdout or file
write, an administrator can use the âreplaceâ conversion pattern to a log message to
neutralize CRLF sequence to double underscore. In the example below, the inner replace
pattern replaces a sequence of line feed (\n) and carriage return (\r) to two underscores
respectively, whereas the outer replace pattern replaces the carriage return and line feed
sequence of a log message to two underscores respectively. Adjust double underscore from
both the places as per oneâs own choice of sequence.
#appender.stdout.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %replace{%replace{%m}{\n\r}{}}{\r\n}{}%n
direct log messages to the db
appender.syslog.type=spsyslog
appender.syslog.name=spsyslog
Below is an example of how to create a logger that writes to a file.
Uncomment the following five lines, then uncomment the
rootLogger.appenderRef.file.ref definition below
#appender.file.type=File
#appender.file.name=file
#appender.file.fileName=/app/tomcat9/logs/sailpoint.log
#appender.file.filePattern=/app/tomcat9/logs/sailpoint-%d{yyyy-MM-dd}-%i.log.gz
#appender.file.fileName=C:/Windows/Temp/sailpoint.log
#appender.file.layout.type=PatternLayout
#appender.file.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %m%n
appender.RollingFile.type=RollingFile
appender.RollingFile.name=file
appender.RollingFile.fileName=/app/tomcat9/logs/sailpoint.log
appender.RollingFile.filePattern=/app/tomcat9/logs/sailpoint-%d{yyyy-MM-dd}-%i.log.gz
appender.RollingFile.layout.type=PatternLayout
appender.RollingFile.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %m%n
appender.RollingFile.policies.type=Policies
appender.RollingFile.policies.size.type=SizeBasedTriggeringPolicy
appender.RollingFile.policies.size.size=50MB
appender.RollingFile.strategy.type=DefaultRolloverStrategy
appender.RollingFile.strategy.max=5
used by queue processing to log messages that could not be processed
appender.discards.type=RollingFile
appender.discards.name=discards
appender.discards.fileName=${logLocation}${discardsFilename}.log
appender.discards.filePattern=${discardsFilename}-%d{MM-dd-yyyy}-%i.log
appender.discards.layout.type=PatternLayout
appender.discards.layout.pattern=%m%n
appender.discards.policies.type=Policies
appender.discards.policies.size.type=SizeBasedTriggeringPolicy
appender.discards.policies.size.size=100MB
appender.discards.strategy.type=DefaultRolloverStrategy
appender.discards.strategy.max=5
SailPoint metering is useful to help diagnose performance issues.
Some critical sections of code will gather performance data
metrics, and will log the data to the meter appender.
Below is an example of how to create a csv of metered data.
Uncomment the following 11 lines, as well as the logger.apiMeter lines
near the end of this file
#appender.meter.type=RollingFile
#appender.meter.name=meter
#appender.meter.fileName=C:/Windows/Temp/meter.log
#appender.meter.filePattern=C:/Windows/Temp/meter-%d{yyyy-MM-dd}-%i.log.gz"
#appender.meter.layout.type=PatternLayout
#appender.meter.layout.pattern=%m%n
#appender.meter.policies.type=Policies
#appender.meter.policies.size.type=SizeBasedTriggeringPolicy
#appender.meter.policies.size.size=10MB
#appender.meter.strategy.type=DefaultRolloverStrategy
#appender.meter.strategy.max=5
#######################################
rootLogger
#######################################
set default log levels and appenderRef
valid log levels in increasing order of severity are:
trace, debug, info, warn, error, fatal, off
trace is required to get method entry and exit logging
rootLogger.level=warn
rootLogger.appenderRef.stdout.ref=stdout
rootLogger.appenderRefs=IIQRollingFile
Uncomment to also write to file appender by default.
Also need to uncomment the file appender definition above.
rootLogger.appenderRef.file.ref=file
#######################################
3rd-party loggers (recommended)
#######################################
Suppress a warning about using a default configuration
logger.ehcache.name=net.sf.ehcache
logger.ehcache.level=error
Suppress ânarrowing proxyâ hibernate warning.
logger.ohe_spc.name=org.hibernate.engine.StatefulPersistenceContext
logger.ohe_spc.level=error
Suppress warnings about deprecated gadgets during import
logger.jasper_engine_xml.name=net.sf.jasperreports.engine.xml
logger.jasper_engine_xml.level=error
Note: The following logging properties turn off warnings that result from our
combination of technologies (Tomahawk/Faceletes/A4J, etc.).
Commenting them out will result in a slew of parser warnings.
If you donât want to clutter your logs with a bunch of useless warning
messages please leave these as they are.
Suppress warning message about Unparsable lastModified
logger.renderkit1.name=org.apache.myfaces.renderkit.html.util.MyFacesResourceLoader
logger.renderkit1.level=error
Suppress warning message about response not having or tags
logger.renderkit2.name=org.apache.myfaces.renderkit.html.util.DefaultAddResource
logger.renderkit2.level=error
Suppress warning message about invalid HTML inside javascript
logger.renderkit3.name=org.apache.myfaces.renderkit.html.util.ReducedHTMLParser
logger.renderkit3.level=error
#######################################
SailPoint loggers (required)
#######################################
make sure the syslog code doesnât try to call itself if thereâs a problem.
NOTE: The additivity flag is critical here!
logger.syslogAppender.name=sailpoint.api.logging.SyslogAppender
logger.syslogAppender.level=error
logger.syslogAppender.appenderRef.stdout.ref=stdout
logger.syslogAppender.additivity=false
logger.syslogEvent.name=sailpoint.object.SyslogEvent
logger.syslogEvent.level=error
logger.syslogEvent.appenderRef.stdout.ref=stdout
logger.syslogEvent.additivity=false
logger.sailpoint.name=sailpoint
logger.sailpoint.level=warn
logger.sailpoint.appenderRef.syslog.ref=spsyslog
logger.discards.name=discards
logger.discards.level = info
logger.discards.additivity = false
logger.discards.appenderRefs = discards
logger.discards.appenderRefs.level = info
logger.discards.appenderRef.discards.ref = discards
Hibernate logs a warn every time Criteria is used. Supress this until JPA migration is completed -rap
logger.hibernateDeprecation.name=org.hibernate.orm.deprecation
logger.hibernateDeprecation.level=error
ActiveMQ client often issues unuseful errors/warnings
logger.activemqfailover.name=org.apache.activemq.transport.failover.FailoverTransport
logger.activemqfailover.level=OFF
logger.activemqsecurity.name=org.apache.activemq.broker.TransportConnection.Service
logger.activemqsecurity.level=error
#######################################
SailPoint loggers (troubleshooting)
#######################################
#logger.orgHibernate.name=org.hibernate
#logger.orgHibernate.level=info
#logger.orgHibernate.level=debug
#logger.orgHibernate.level=trace
#logger.hibernateCache.name=org.hibernate.cache
#logger.hibernateCache.level=trace
#logger.orgSpringframework.name=org.springframework
#logger.orgSpringframework.level=info
#logger.orgQuartz.name=org.quartz
#logger.orgQuartz.level=info
Uncomment to log all SQL and prepared statement parameter values.
#logger.hibernateSQL.name=org.hibernate.SQL
#logger.hibernateSQL.level=debug
#logger.hibernateType.name=org.hibernate.type
#logger.hibernateType.level=trace
Uncomment this to log all SailPoint generated HQL queries and
query parameters.
#logger.persistenceHQL.name=sailpoint.persistence.hql
#logger.persistenceHQL.level=trace
Uncomment to view JSF logging
#logger.phaseTracker.name=sailpoint.web.util.PhaseTracker
#logger.phaseTracker.level=trace
#logger.sunFaces.name=com.sun.faces
#logger.sunFaces.level=trace
#logger.javaxFaces.name=javax.faces
#logger.javaxFaces.level=trace
Uncomment to enable logging of performance metering data
#logger.apiMeter.name=sailpoint.api.Meter
#logger.apiMeter.level=info
#logger.apiMeter.appenderRef.meter.ref=meter
Uncomment to enable authentication related logging
#logger.authFilter.name=sailpoint.web.PageAuthenticationFilter
#logger.authFilter.level=debug
#logger.authService.name=sailpoint.service.PageAuthenticationService
#logger.authService.level=debug
#logger.ssoValidator.name=sailpoint.web.sso.DefaultSSOValidator
#logger.ssoValidator.level=debug
#logger.ssoDefault.name=sailpoint.web.sso.DefaultSSOAuthenticator
#logger.ssoDefault.level=debug
#logger.ssoSAML.name=sailpoint.web.sso.SAMLSSOAuthenticator
#logger.ssoSAML.level=debug
Uncomment to enable detailed multi-factor authentication logging
#logger.mfaFilter.name=sailpoint.web.MFAFilter
#logger.mfaFilter.level=debug
#logger.mfaLibrary.name=sailpoint.workflow.MFALibrary
#logger.mfaLibrary.level=info
Uncomment to enable detailed statistics monitoring logging
#logger.monitoringService.name=sailpoint.server.MonitoringService
#logger.monitoringService.level=debug
#logger.aggregator.name=sailpoint.api.Aggregator
#logger.aggregator.level=trace
#logger.cacheTracker.name=sailpoint.api.CacheTracker
#logger.cacheTracker.level=trace
#logger.certificationer.name=sailpoint.api.Certificationer
#logger.certificationer.level=info
#logger.remediationManager.name=sailpoint.api.certification.RemediationManager
#logger.remediationManager.level=info
#logger.certificationPhaser.name=sailpoint.api.CertificationPhaser
#logger.certificationPhaser.level=info
#logger.correlationModel.name=sailpoint.api.CorrelationModel
#logger.correlationModel.level=info
#logger.lockTracer.name=sailpoint.api.LockTracker
#logger.lockTracer.level=trace
#logger.managedAttributer.name=sailpoint.api.ManagedAttributer
#logger.managedAttributer.level=info
#logger.provisioner.name=sailpoint.api.Provisioner
#logger.provisioner.level=info
#logger.oimClient.name=sailpoint.integration.oim.OIMClient
#logger.oimClient.level=info
#logger.objectConfig.name=sailpoint.object.ObjectConfig
#logger.objectConfig.level=info
#logger.dateType.name=sailpoint.persistence.DateType
#logger.dateType.level=info
#logger.debugInterceptor.name=sailpoint.persistence.DebugInterceptor
#logger.debugInterceptor.level=debug
#logger.hibernatePersistenceManager.name=sailpoint.persistence.HibernatePersistenceManager
#logger.hibernatePersistenceManager.level=trace
#logger.hibernatePersistenceManager.level=info
#logger.newXmlType.name=sailpoint.persistence.NewXmlType
#logger.newXmlType.level=info
#logger.sailPointInterceptor.name=sailpoint.persistence.SailPointInterceptor
#logger.sailPointInterceptor.level=info
#logger.xmlType.name=sailpoint.persistence.XmlType
#logger.xmlType.level=info
#logger.sailpointReporting.name=sailpoint.reporting
#logger.sailpointReporting.level=trace
#logger.bsfRuleRunner.name=sailpoint.server.BSFRuleRunner
#logger.bsfRuleRunner.level=trace
#logger.cacheService.name=sailpoint.server.CacheService
#logger.cacheService.level=info
#logger.serverEnvironment.name=sailpoint.server.Environment
#logger.serverEnvironment.level=trace
#logger.iiqRestService.name=sailpoint.service.IIQRestService
#logger.iiqRestService.level=info
#logger.idRefreshExecutor.name=sailpoint.task.IdentityRefreshExecutor
#logger.idRefreshExecutor.level=trace
#logger.roleSynchronizer.name=sailpoint.task.RoleSynchronizer
#logger.roleSynchronizer.level=info
#logger.timingFilter.name=sailpoint.web.util.TimingFilter
#logger.timingFilter.level=trace
#logger.heartbeat.name=sailpoint.server.HeartbeatService
#logger.heartbeat.level=trace
#logger.identityai.name=sailpoint.identityai
#logger.identityai.level=debug
#logger.connector_sm.name=sailpoint.connector.sm
#logger.connector_sm.level=debug
#logger.rs.name=sailpoint.rapidsetup
#logger.rs.level=debug
#logger.rsl.name=sailpoint.workflow.RapidSetupLibrary
#logger.rsl.level=debug
#logger.post_commit_handler.name=sailpoint.persistence.PostCommitUpdateListener
#logger.post_commit_handler.level=debug
#logger.hibernateListenerService.name=sailpoint.persistence.HibernateListenerService
#logger.hibernateListenerService.level=debug
Uncomment to enable detailed AccessHistory logging
#logger.accesshistory.name=sailpoint.accesshistory
#logger.accesshistory.level=debug
Uncomment to enable detailed change event generation logging
#logger.changeevent.name=sailpoint.accesshistory.changeevent
#logger.changeevent.level=debug
Uncomment to enable detailed logging for AccessHistoryWriterService
#logger.accesshistorywriterservice.name=sailpoint.server.AccessHistoryWriterService
#logger.accesshistorywriterservice.level=debug
Uncomment to enable detailed logging for HistoryEventConsumer
#logger.historyeventconsumer.name=sailpoint.accesshistory.HistoryEventConsumer
#logger.historyeventconsumer.level=debug
Uncomment to enable detailed logging for AccessHistoryUtil
#logger.accesshistoryutil.name=sailpoint.accesshistory.AccessHistoryUtil
#logger.accesshistoryutil.level=debug
Uncomment to enable detailed logging for ALL Identity event generators
#logger.identityeventgenerators.name=sailpoint.accesshistory.event.identity
#logger.identityeventgenerators.level=debug
Uncomment to enable detailed logging for Identity AssignedRoleAddedEventGenerator
#logger.identityassignedroleadded.name=sailpoint.accesshistory.event.identity.AssignedRoleAddedEventGenerator
#logger.identityassignedroleadded.level=debug
Uncomment to enable detailed logging for Identity AssignedRoleRemovedEventGenerator
#logger.identityassignedroleremoved.name=sailpoint.accesshistory.event.identity.AssignedRoleRemovedEventGenerator
#logger.identityassignedroleremoved.level=debug
Uncomment to enable detailed logging for Identity DetectedRoleAddedEventGenerator
#logger.identityassignedroleadded.name=sailpoint.accesshistory.event.identity.DetectedRoleAddedEventGenerator
#logger.identityassignedroleadded.level=debug
Uncomment to enable detailed logging for Identity DetectedRoleRemovedEventGenerator
#logger.identitydetectedroleremoved.name=sailpoint.accesshistory.event.identity.DetectedRoleRemovedEventGenerator
#logger.identitydetectedroleremoved.level=debug
Uncomment to enable detailed logging for Identity EntitlementAddedEventGenerator
#logger.identityentitlementadded.name=sailpoint.accesshistory.event.identity.EntitlementAddedEventGenerator
#logger.identityentitlementadded.level=debug
Uncomment to enable detailed logging for Identity EntitlementRemovedEventGenerator
#logger.identityentitlementremoved.name=sailpoint.accesshistory.event.identity.EntitlementRemovedEventGenerator
#logger.identityentitlementremoved.level=debug
Uncomment to enable detailed logging for Identity ManagerChangeEventGenerator
#logger.identitymanagerchanage.name=sailpoint.accesshistory.event.identity.ManagerChangeEventGenerator
#logger.identitymanagerchanage.level=debug
Uncomment to enable detailed logging for Identity StatusChangeEventGenerator
#logger.identitystatuschanage.name=sailpoint.accesshistory.event.identity.StatusChangeEventGenerator
#logger.identitystatuschanage.level=debug
Uncomment to enable detailed logging for IdentityAttributeChangeEventGenerator
#logger.identityattributechanage.name=sailpoint.accesshistory.event.identity.IdentityAttributeChangeEventGenerator
#logger.identityattributechanage.level=debug
Uncomment to enable detailed logging for Identity PolicyViolationMitigationEventGenerator
#logger.identitypolicyviolationmitigation.name=sailpoint.accesshistory.event.identity.PolicyViolationMitigationEventGenerator
#logger.identitypolicyviolationmitigation.level=debug
#Uncomment to enable detailed logging for BaseDataExtractExecutor
#logger.basedataextractexecutor.name=sailpoint.task.BaseDataExtractExecutor
#logger.basedataextractexecutor.level=debug
