Configuring Web Agent Log Rotation

For web agents, when the current log file reaches a specific size, a new log file is created. Log information is then stored in the new log file until it reaches the size limit. This default behavior is configurable. Therefore, log rotation can be turned off or the size limit can be changed.

The following types of information are logged for Policy Agent 3.0:

• Troubleshooting information

• Access denied information

• Access allowed information

The troubleshooting, or diagnostic, information is stored in log files, locally, with the web agent. The access denied and access allowed information, which is often referred to as audit-related information, can be stored both locally and with OpenSSO Enterprise.

Configuration that relates to the local log files is performed by editing the web agent property labeled Rotate Local Audit Log (Tab: Global, Name: com.sun.identity.agents.config.local.log.rotate). The Rotate Local Audit Log property is accessible using the OpenSSO Enterprise Console. Configuration that relates to the audit related logs stored with OpenSSO Enterprise is not controlled by an agent property, but this type of configuration can also be implemented using the Console.

The log rotation described in this section refers to logs that store troubleshooting information locally.

The local logs are rotated automatically since by default, the Rotate Local Audit Log property is enabled. When this property is not enabled, no rotation takes place for the local log file.

The following properties are also related to log rotation:

• The value of the following web agent property, which is available in the OpenSSOAgentBootstrap.propertiesfile, indicates the location of the debug file:

  com.sun.identity.agents.config.local.logfile

  Be aware that this property is not available in OpenSSO Enterprise Console. Since a local audit file is created during agent installation, the location of that file is assigned to this bootstrap file property at that time.

• The value of the web agent property labeled Local Audit Log Rotation Size (Tab: Global, Name: com.sun.identity.agents.config.local.log.size) indicates the maximum number of bytes the debug file holds. You can set this agent property in OpenSSO Enterprise Console.

This property controls the log file size in that a new log file is created when the current log file reaches a specific size. The file size should be a minimum of 3000 bytes. The default size is 10 megabytes.

When a new log file is created an index appends to the name of the log file as such:

amAgent-1
amAgent-2

Where amAgent represents the fully qualified path name to the log files excluding the appended number. The numbers 1 and 2 represent the appended number. The appended number indicates the chronological order in which information of a given size was filed away into its respective log file. There is no limit to the number of log files that can be rotated.