7.3 Configuring Logging for Access Manager

Graphical user interface is not available to change logger levels, only WLST commands can be used.

This section describes tasks only for Access Manager.

See Also:

"Configuring Logging for Security Token Service and Identity Federation"

This section provides the following topics:

• Modifying the Logger Level for Access Manager

• Adding an Access Manager-Specific Logger and Log Handler

7.3.1 Modifying the Logger Level for Access Manager

Administrators can use custom WLST commands for Access Manager to change logger settings.

Your deployment and choices will be different.

Note:

Use the WLST command help("fmw diagnostics").

See Also:

WLST Command Reference for WebLogic Server

Follow this procedure to modify the OAM logger level.

1. Confirm that the OAM Server is running.
2. Acquire the custom WLST script for Access Manager. For example:

   $ORACLE_HOME/common/bin/wlst.sh
   

3. Connect to the WebLogic Server and log in as the WebLogic Administrator. For example:

   connect([username, password])
   

4. List available loggers for the OAM Server. For example:

   wls:/base_domain/serverConfig> listLoggers(pattern="oracle.oam.*",
     target="oam_server1")
   
   wls:/WLS_IDM/serverConfig> listLoggers(pattern="oracle.oam.*",
     target="oam_policy_mgr1")
   

   Here pattern= represents the oam.controller component and target= represents the desired OAM Server as it was specified during registration.

5. View the list of Access Manager loggers associated with this OAM Server. For example:

   Logger                                      | Level
   --------------------------------------------+-----------------
   oracle.oam                                  | <Inherited>
   oracle.oam.admin.foundation.configuration   | <Inherited>
   oracle.oam.agent-default                    | <Inherited>
   oracle.oam.audit                            | <Inherited>
   oracle.oam.binding                          | <Inherited>
   oracle.oam.commonutil                       | <Inherited>
   oracle.oam.config                           | <Inherited>
   oracle.oam.controller                       | <Inherited>
   oracle.oam.default                          | <Inherited>
   oracle.oam.diagnostic                       | <Inherited>
   oracle.oam.engine.authn                     | <Inherited>
   oracle.oam.engine.authz                     | <Inherited>
   oracle.oam.engine.policy                    | <Inherited>
   oracle.oam.foundation.access                | <Inherited>
   oracle.oam.idm                              | <Inherited>
   oracle.oam.idm                              | <Inherited>
   oracle.oam.idm                              | <Inherited>
   oracle.oam.user.identity.provider           | <Inherited>
   

6. Modify the log level based on your requirements. For example, this sequence changes the log level of the oam.controller to TRACE:32 with no persistence:

   wls:/base_domain/serverConfig> domainRuntime()
   wls:/base_domain/domainRuntime> setLogLevel(logger="oracle.oam.controller", 
   level="TRACE:32", persist="0", target="oam_server1")
   
   wls:/WLS_IDM/domainRuntime> setLogLevel(logger="oracle.oam", level="TRACE:32", persist="0", target="oam_policy_mgr1")
   

7. Repeat step 4 to list the loggers again and verify the log level change. For example:

   wls:/base_domain/serverConfig> listLoggers(pattern="oracle.oam.*",target="oam_
   server1")
   

   Logger                                      | Level
   --------------------------------------------+-----------------
   oracle.oam                                  | <Inherited>
   oracle.oam.admin.foundation.configuration   | <Inherited>
   oracle.oam.agent-default                    | <Inherited>
   oracle.oam.audit                            | <Inherited>
   oracle.oam.binding                          | <Inherited>
   oracle.oam.commonutil                       | <Inherited>
   oracle.oam.config                           | <Inherited>
   oracle.oam.controller                       | TRACE:32
   oracle.oam.default                          | <Inherited>
   oracle.oam.diagnostic                       | <Inherited>
   oracle.oam.engine.authn                     | <Inherited>
   oracle.oam.engine.authz                     | <Inherited>
   oracle.oam.engine.policy                    | <Inherited>
   oracle.oam.foundation.access                | <Inherited>
   oracle.oam.idm                              | <Inherited>
   oracle.oam.idm                              | <Inherited>
   oracle.oam.idm                              | <Inherited>
   oracle.oam.user.identity.provider           | <Inherited>
   

8. Verify the generated log file to confirm the controller is logged at the TRACE:32 level:

   $DOMAIN_HOME/server/SERVER_INSTNCE_NAME/logs/
   

9. Proceed to "Validating Run-time Event Logging Configuration".

7.3.2 Adding an Access Manager-Specific Logger and Log Handler

Administrators can use the following procedure to specify a log file path and necessary attributes.

In the following procedure, you will identify the target OAM Server, rotation and retention periods, a path to the log file, the handler, and logger. Your deployment and choices will be different.

Note:

Use the WLST command help("fmw diagnostics") to get more information.

Skip steps 1 through 3 if the following items are true:

• The OAM Server is running

• You have the WLST script

• You have connected to the server and logged in

See Also:

Customization Commandsin WLST Command Reference for WebLogic Server

Follow this procedure to specify the OAM logger. level and log handler.

1. Confirm that the OAM Server is running.
2. Acquire the WLST script. For example:

   $ORACLE_HOME/common/bin/wlst.sh
   

3. Connect to the WebLogic Server and log in as the WebLogic Administrator. For example:

   sh wlst.sh wls:/offline> connect
   

4. Add an Access Manager logger and level for the OAM Server. For example:

   wls:/base_domain/serverConfig> domainRuntime()
   wls:/base_domain/domainRuntime> setLogLevel(logger="oracle.oam", 
   level="WARNING", persist="0", target="oam_server1")
   

5. Add a custom log handler and associate it with the Access Manager logger. For example:

   wls:/base_domain/domainRuntime> configureLogHandler(name="oam-log-handler", 
   target="oam_server1", rotationFrequency="daily", retentionPeriod="week", path="${domain.home}/oamlogs" , maxFileSize ="10485760", maxLogSize = "104857600", addHandler="true", handlerType="oracle.core.ojdl.logging
   .ODLHandlerFactory", addToLogger="oracle.oam")
   
   wls:/base_domain/domainRuntime>configureLogHandler(name="oam-log-handler", 
   addProperty="true", propertyName="supplementalAttributes", propertyValue=
   "OAM.USER, OAM.COMPONENT", target="oam_server1")
   

6. Verify all the logs in the $DOMAIN_HOME/oamlogs directory:

   $DOMAIN_HOME/oamlogs/