This chapter contains the following sections:
Section 16.6, "Oracle Identity Analytics Scheduling Logging"
Section 16.7, "Oracle Identity Analytics Identity Access Management (IAM) Logging"
Section 16.10, "Oracle Identity Analytics Identity Certification (IDC) Logging"
This chapter provides guidance about messages that should be monitored in order to maintain system performance. Examples show the type of function, the message severity, the module name, and the log message.
Tomcat logging captures messages related to the Tomcat application server.
All Tomcat-related errors are shown in the following manner in the log file. Monitor anything that contains this string:
[org.springframework.web.context.ContextLoader]
15:11:56,500 ERROR [org.springframework*] ** 15:11:56,500 FATAL [org.springframework*] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following error is a context initialization error that can occur when Oracle Identity Analytics starts. The error indicates that there is a context initialization failure, and the log message indicates which file caused the error.
In the following sample error message, the job.xml file under WEB-INF has caused the error.
Severity: ERROR Module name: ContextLoader Log message: 15:11:56,500 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'usersImportTrigger' defined in ServletContext resource [/WEB-INF/jobs.xml]: Error setting property values; nested exception is org.springframework.beans.PropertyAccessExceptionsException: PropertyAccessExceptionsException (1 errors); nested propertyAccessExceptions are: [org.springframework.beans.MethodInvocationException: Property 'cronExpression' threw exception; nested exception is java.text.ParseException: '?' can only be specfied for Day-of-Month or Day-of-Week.] PropertyAccessExceptionsException (1 errors)
In the following example, the log message shows that the scheduling-context.xml file under WEB-INF has caused the error. The log message also shows the line in the file that caused the error.
Severity: ERROR Module name: ContextLoader Log message: 15:22:03,109 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed org.springframework.beans.factory.BeanDefinitionStoreException: Line 137 in XML document from ServletContext resource [/WEB-INF/scheduling-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException: The string "--" is not permitted within comments.
VAAU Commons logging captures messages having to do with component interactions within Oracle Identity Analytics.
VAAU Commons errors are shown as follows in the log file. For monitoring purposes, monitor anything that contains [com.vaau.commons].
15:11:56,500 ERROR [com.vaau.commons*] ** 15:11:56,500 FATAL [com.vaau.commons*] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following example contains information about Oracle Identity Analytics. The log message shows the version of Oracle Identity Analytics that is running and the application status.
Severity: INFO Module name: ContextLifecycleListener Log message: 10:30:19,859 INFO [com.vaau.commons.springframework.context.ContextLifecycleListener] Oracle Identity Analytics (build: 5.1.0.20080903_406_3061) Started
Oracle Identity Analytics Core logging logs messages having to do with core Oracle Identity Analytics events.
This section provides sample Oracle Identity Analytics core logging messages. For monitoring purposes, monitor anything that contains [com.vaau.rbacx].
15:11:56,500 ERROR [com.vaau.rbacx *] ** 15:11:56,500 FATAL [com.vaau.rbacx *] ** 15:11:56,500 ERROR [com.vaau.rbacx.service *] ** 15:11:56,500 FATAL [com.vaau.rbacx.service *] ** 15:11:56,500 ERROR [com.vaau.rbacx.core*] ** 15:11:56,500 FATAL [com.vaau.rbacx.core*] ** 15:11:56,500 ERROR [com.vaau.rbacx.manager*] ** 15:11:56,500 FATAL [com.vaau.rbacx.manager *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following message shows Oracle Identity Analytics back-end activities. The log messages show that Oracle Identity Analytics is updating the sequence table in the database.
Severity: DEBUG Module name: SequenceGeneratorServiceImpl Log message: 13:22:35,203 DEBUG [com.vaau.rbacx.service.impl.SequenceGeneratorServiceImpl] Getting MemorySequence for sequence name NamespaceKey 13:22:35,203 DEBUG [com.vaau.rbacx.service.impl.SequenceGeneratorServiceImpl] Creating new MemorySequence for sequence name NamespaceKey 13:22:35,203 DEBUG [com.vaau.rbacx.dao.ibatis.SqlMapSequenceDao] Getting next count for sequenceName=NamespaceKey, increment=10 13:22:35,218 DEBUG [com.vaau.rbacx.dao.ibatis.SqlMapSequenceDao] Returning next count for sequenceName=NamespaceKey, count=1010 13:22:35,234 DEBUG [com.vaau.rbacx.service.impl.SequenceGeneratorServiceImpl] Returning count for sequence name Name
Oracle Identity Analytics Security logging logs events related to security, including user creation events, and login and logout events.
Oracle Identity Analytics security logging errors are logged as shown here. For monitoring purposes, monitor anything that contains [com.vaau.rbacx.security].
15:11:56,500 ERROR [com.vaau.rbacx.security *] ** 15:11:56,500 FATAL [com.vaau.rbacx.security *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following message shows a Oracle Identity Analytics security warning. The warning indicates that the user's login or password is incorrect.
Severity: WARN Module name: UserManagerImpl Log message: 14:14:45,359 WARN [com.vaau.rbacx.security.manager.impl.UserManagerImpl] RbacxUser with username: 'testuser' not found
The following message shows that the user testuser has been created.
Severity: DEBUG Module name: RbacxSecurityServiceImpl Log message: 15:35:00,750 DEBUG [com.vaau.rbacx.security.service.impl.RbacxSecurityServiceImpl] adding user testuser 15:35:00,750 DEBUG [com.vaau.rbacx.security.manager.impl.UserManagerImpl] creating user: Last name: User; First name: Test; Email: testuser@oracle.com 15:35:00,765 DEBUG [com.vaau.rbacx.security.manager.impl.UserManagerImpl] setting credentials for testuser: 3dbb4a67672880904958500b68d4ab481116a1b9
The following user deletion message shows that the user testuser has been deleted.
Severity: DEBUG Module name: RbacxSecurityServiceImpl Log message: 15:34:23,359 DEBUG [com.vaau.rbacx.security.service.impl.RbacxSecurityServiceImpl] deleting user testuser 15:34:23,375 DEBUG [com.vaau.rbacx.security.manager.impl.UserManagerImpl] deleting user: Last name: user; First name: test; Email: testuser@oracle.com
Oracle Identity Analytics Scheduling logging logs messages related to the scheduler component.
This section shows example Oracle Identity Analytics scheduling error messages. For monitoring purposes, monitor anything that contains [com.vaau.rbacx.scheduling].
15:11:56,500 ERROR [com.vaau.rbacx.scheduling *] ** 15:11:56,500 FATAL [com.vaau.rbacx.scheduling *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following message shows the information for a scheduled execution. The message shows that a certification reminder has executed as scheduled.
Severity: INFO Module name: VaauSchedulerEventListenerImpl Warn message: 14:19:00,187 INFO [com.vaau.rbacx.scheduling.impl.VaauSchedulerEventListenerImpl] Job executed: Certification Reminder, SYSTEM
The following message shows the information for a scheduled execution. The message shows that an account import job has executed as scheduled.
Severity: DEBUG Module name: IAMJob Warn message: 14:21:00,062 DEBUG [com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.IAMJob] Accounts Import job executed successfully = true
Oracle Identity Analytics Identity Access Management (IAM) logging logs events based on activity between Oracle Identity Analytics and an Identity Access Management (IAM) server. This includes any file-based imports that occur inside Oracle Identity Analytics.
This section shows example Oracle Identity Analytics IAM (Identity Access Management) errors. For monitoring purposes, monitor anything that contains [com.vaau.rbacx.iam].
15:11:56,500 ERROR [com.vaau.rbacx.iam *] ** 15:11:56,500 FATAL [com.vaau.rbacx.iam *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following message shows an error from a user file import. The error indicates that there is a data type violation. The first column in the schema file is specified by statusKey, and in the user file, it has Active corresponding to the statusKey. The statusKey, however, is defined to be either 1 as active, or 2 as inactive. The correct data type corresponding to the statusKey should be either 1 or 2.
Severity: ERROR Module name: UserFileReader Log message: 11:29:00,593 ERROR [UserFileReader] PropertyAccessExceptionsException (1 errors) Schema file: statusKey,manager,primaryEmail,firstName,middleName,username User file imported with error: Active,testmanager,testuser@email.com,Test,User,testuser Correct user file: 1,testmanager,testuser@email.com,Test,User,testuser
The following message shows an account file import error. The error indicates that the account file does not match the schema file. The schema file shows that one role will be imported to the account. However, the account file has two roles. Instead of importing two roles as two attributes, import the two roles into the role attribute as a single attribute.
Severity: ERROR Module name: CSVAccountFileReader Log message: 11:53:02,625 ERROR [CSVAccountFileReader] BAD RECORD FORMAT: File: UNX_01_accounts, line no. 1, doesn't match schema, found [testuser,JOB_1,JOB_2,UNX] Schema file: name<CorrelationKey>,role,endpoint Account file imported with error: testuser,JOB_1,JOB_2,UNX Correct user file: testuser,"JOB_1,JOB_2",UNX
In this example of an account file import error, the error indicates that the user of the account file does not match any users in the database. In this case, configure the system to either drop the account or to correlate to a default global user.
Severity: ERROR Module name: CSVAccountFileReader Log message: 12:12:01,015 ERROR [CSVAccountFileReader] CORRELATION ERROR: Unknown global user 'test-user' for account 'test-user' Schema file: name<CorrelationKey>,role,endpoint Account file imported with error: test-user, "JOB_1,JOB_2",UNX Correct user file: testuser,"JOB_1,JOB_2",UNX
Oracle Identity Analytics Reports logging logs events related to the running of reports inside Oracle Identity Analytics.
All Oracle Identity Analytics reporting-related errors will be shown in the following manner. For monitoring purposes, monitor anything that contains [com.vaau.rbacx.reporting].
15:11:56,500 ERROR [com.vaau.rbacx.reporting *] ** 15:11:56,500 FATAL [com.vaau.rbacx.reporting *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
The following example shows the information that is logged when reports are generated. The log messages show the type of report that is generated and the location of the file.
Severity: DEBUG Module name: JasperReportsUtils Log message: 10:33:09,390 DEBUG [com.vaau.rbacx.reporting.renderer.jasperreports.JasperReportsUtils] ---> checking if 'C:\Vaau\rbacx-4.0\reports\BusinessUnitUsers.jrxml' has any sub-reports that need compiling 10:33:09,406 DEBUG [com.vaau.rbacx.reporting.renderer.jasperreports.JasperReportsUtils] ---> C:\Vaau\rbacx-4.0\reports\BusinessUnitUsers.jrxml has following sub-reports --> [] 10:33:09,406 DEBUG [com.vaau.rbacx.reporting.renderer.jasperreports.JasperReportsUtils] ---> following sub-reports require compilation [] 10:33:09,406 DEBUG [com.vaau.rbacx.reporting.renderer.jasperreports.JasperReportsUtils] checking if report file --> 'C:\Vaau\rbacx-4.0\reports\BusinessUnitUsers.jrxml' requires compilation 10:33:09,406 DEBUG [com.vaau.rbacx.reporting.renderer.jasperreports.JasperReportsUtils] ---> compiling reports []
Oracle Identity Analytics Audit logging logs auditing events inside Oracle Identity Analytics, such as login and logout events and changes made inside Oracle Identity Analytics.
The following example messages show audit-related errors. For monitoring purposes, monitor anything that contains [com.vaau.rbacx.rbacxaudit].
15:11:56,500 ERROR [com.vaau.rbacx.rbacxaudit *] ** 15:11:56,500 FATAL [com.vaau.rbacx.rbacxaudit *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
These example messages show the information that is logged when users log in to or log out of Oracle Identity Analytics. The log also captures changes made in Oracle Identity Analytics.
Severity: DEBUG Module name: RbacxAuditUtil Log message: 10:33:09,390 DEBUG [com.vaau.rbacx.rbacxaudit.util.RbacxAuditUtil] ---> User "testuser" logged in
Oracle Identity Analytics Identity Certification (IDC) logging logs events related to the Oracle Identity Analytics Identity Certification component.
Identity certification (IDC) errors are shown as follows in the log file. For monitoring purposes, monitor anything that contains [com.vaau.rbacx.idc].
15:11:56,500 ERROR [com.vaau.rbacx.idc *] ** 15:11:56,500 FATAL [com.vaau.rbacx.idc *] **
Note -
* Refers to the specific module.
** Refers to the actual error message.
Examples are shown in the subsections below.
This message shows the number of certification reminders that have fired.
Severity: DEBUG Module name: ReminderManagerImpl Log message: 12:43:00,171 DEBUG [ReminderManagerImpl] No. of first certification reminders = 19 12:43:00,171 DEBUG [ReminderManagerImpl] No. of second certification reminders = 0 12:43:00,171 DEBUG [ReminderManagerImpl] No. of third certification reminders = 0 12:43:00,171 DEBUG [ReminderManagerImpl] No. of fourth certification reminders = 0 12:43:00,171 DEBUG [ReminderManagerImpl] No. of fifth certification reminders = 0 12:43:00,171 DEBUG [ReminderManagerImpl] [finished] firing certification reminders, took 31ms
The following message shows certification information. The messages show that the users and the accounts involved in the certification are not being created because the users or the accounts are not active.
Severity: DEBUG Module name: RbacxIDCServiceImpl Log message: 16:20:59,375 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] creating full certification 'T2' 16:20:59,390 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] loading global users from business units --> [3066] 16:20:59,453 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] loaded 2 GlobalUsers, took 63ms 16:20:59,453 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] creating IDC Users... 16:20:59,500 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] loading Accounts, Roles and Policies for 2 users 16:20:59,515 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] loaded Accounts, Roles and Policies for 2 users, took 15ms 16:20:59,515 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] --> user: ZRC0217 16:20:59,546 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] ----> user 'ZRC0217' has no accounts to certify 16:20:59,546 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] ---> user Craig, Ryan has not accounts, and will not inlcluded 16:20:59,546 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] --> user: ZTJ0071 16:20:59,546 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] ----> user 'ZTJ0071' has no accounts to certify 16:20:59,546 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] ---> user Jorgensen, Thomas has not accounts, and will not inlcluded 16:20:59,546 DEBUG [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] created 0 IDC Users , took 93ms
In this example, the message shows that the business unit involved in the certification is not being created because either the users or the accounts are not active.
Severity: ERROR Module name: RbacxIDCServiceImpl Log message: 16:40:01,203 ERROR [com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl] ERROR: unable to create certification: T3_Aaron Hackett - ZAH0140 com.vaau.rbacx.idc.IDCInvalidArgumentException: BusinessUnit 'Aaron Hackett - ZAH0140' has no acitve users to certify at com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl. createCertification(RbacxIDCServiceImpl.java:511) at com.vaau.rbacx.idc.service.impl.RbacxIDCServiceImpl. createCertifications(RbacxIDCServiceImpl.java:256) at com.vaau.rbacx.scheduling.executor.certification. CertificationJobExecutor.execute(CertificationJobExecutor.java:22) at com.vaau.rbacx.scheduling.manager.providers.quartz. jobs.AbstractQuartzJob.execute(AbstractQuartzJob.java:58) at org.quartz.core.JobRunShell.run(JobRunShell.java:191) at org.quartz.simpl.SimpleThreadPool$WorkerThread. run(SimpleThreadPool.java:516)