You can configure the degree of detail to be contained in a specific log file by adding attributes to the AMConfig.properties file. Use the following format:
iplanet-am-logging.logfileName.level=java.util.logging.Level where logfileName is the name of a log file for an Access Manager service (see table 1), andjava.util.logging.Level is an allowable attribute value . Access Manager services log at the INFO level. SAML and Identity Federation services also log at more detailed levels (FINE, FINER, FINEST). Example:
iplanet-am-logging.amSSO.access.level=FINER
Logging to a particular log file can also be turned off. Example:
iplanet-am-logging.amConsole.access.evel=OFF
Table A–1 Access Manager Log Files
Log File Name |
Records Logged |
---|---|
amAdmin.access |
Successful amadmin command-line events |
amAdmin.error |
amadmin command-line error events |
amAuthLog.access |
Access Manager Policy Agent related events. See the Note following this table. |
amAuthentication.access |
Successful authentication events |
amAuthentication.error |
Authentication failures |
amConsole.access |
Console events |
amConsole.error |
Console error events. |
amFederation.access |
Successful Federation events. |
amFederation.error |
Federation error events. |
amPolicy.access |
Storage of policy allow events |
amPolicy.error |
Storage of policy deny events |
amSAML.access |
Successful SAML events |
amSAML.error |
SAME error events |
amLiberty.access |
Successful Liberty events |
amLiberty.error |
Liberty error events |
amSSO.access |
Single sign-on creation and destruction |
amSSO.error |
Single sign-on error events |
The amAuthLog filename is determined by the Policy Agent properties in AMAgent.properties. For Web Policy Agents, the property is com.sun.am.policy.agents.config.remote.log. For J2EE Policy Agents, the property is com.sun.identity.agents.config.remote.logfile. The default is amAuthLog.host.domain.port, where host.domain is the fully-qualified host name of the host running the Policy Agent web server, and where port is the port number of that web server. If you have multiple Policy Agents deployed, you can have multiple instances of this file. The property com.sun.identity.agents.config.audit.accesstype (for both Web and J2EE Agents) determines what data is logged remotely. The logged data can include policy allows, policy denies, both allows and denies, or neither allows nor denies.