Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How To Change Logging Modes

How To Change Logging Modes

This doc will guide you in changing Logging Modes from Errors Only, DEBUG and Info.

 

There are 2 way that you can change logging levels.

  1. Health Center
  2. .exe.config File

Health Center Log Change

  1. Log into the SIQ Admin Client
  2. Navigate to the Health Center in the left-hand panel.
  3. In the Health Center menu, locate the name Service that you are needing to inspect/troubleshoot. (Note: SecurityIQ Agent Configuration Manager will be used for this scenario)Click the Actions drop down.
  4. Click the Actions drop down.
  5. Change Log Level and select which Logging Mode you would like to use. You do not have to restart the service and now the service will begin logging to the mode you selected.

 

Changing the logs via the .exe.config File

  • This method should be used if the Health Center log change method does not work for some reason or the Service(s) you are trying to troubleshoot does not have this option such as Activity Monitors. Please note, not all services have the .config file (ie. Elasticsearch).
  • Not every customer's environment is the same file structure. For the example below, the C drive will be the use case.
  1. Navigate to C:\Program Files\SailPoint\SecurityIQ.
    • This is where the majority of the Services live. You will need to open the folder that contains the Service/Agent that you are looking for. Note: Agent Configuration Manager will still be used for this scenario.
  2. Once you are inside the desired Service/Agent folder click the Type filter option near the top Windows File Explorer panel until XML Configuration File is at the top (see screenshot below for reference).
  3. Right-click the .exe.config file and select Edit with and choose either Notepad++ or the built-in Windows Notepad.
  4. You will need to edit the <root> level value (see screenshot below for reference). You can change this to ERROR, DEBUG or INFO. You need to use ALL CAPS. For the most part, your will either be using ERROR or DEBUG. Be sure to change the logs back to ERROR when any troubleshooting is completed. Staying in DEBUG mode can create large files. With this activated, you can run tasks or troubleshooting to generate the appropriate logs.
    • ERROR
      		DEBUG
  5. With this activated, you can run tasks or troubleshooting to generate the appropriate logs.
  6. IMPORTANT: Be sure to revert back to ERROR mode once logs have been collected as this will take up disk space and may cause task(s) to slow down since more in-depth logging is taking place.

 

Increasing The Number of Logs Collected

There are times when troubleshooting and debugging where you may be asked to increase the logs being collected. Below is how you do this. 

In this example, we will be increasing the number of logs collected for the Data Classification service. Note: Each service has its own config file that can be edited in and is generally in the same format. 

  1. Navigate to the .config file location. Default location, C: Drive > Program Files > SailPoint > SecurityIQ > Name of Service.
  2. Locate the ".exe.config" file, right-click open with NotePad or NotePad++.

configFile.png

3. Once you are in the edit view inside the config file, scroll down until you see the following key, <maxSizeRollBackups> within the "RollingFile " key. Note: The default value is 0 (zero). However, this means that only 1 log file will be generated, which is the default. 

logs1.png

4. Depending on what type of issues you are encountering and trying to troubleshoot can help you determine how many log files you want to allow to be generated. For our example for Data Classification, we will increase this to 5 just to be safe. What this means is, a maximum of 5 logs files in of 30MB in size will be allowed to be generated. 

logs2.png

5. Manually start and stop the services for these changes to take effect. 

 

Adjusting Logging Level For Elasticsearch

 

8.2 Logging Update

As of 8.2 File Access Manager no longer using the Log4Net logging system but rather NLog.
More information about NLog and its keys can be found here: https://nlog-project.org/documentation/v4.3.0/html/Properties_T_NLog_Targets_FileTarget.htm

Do not attempt to add keys to the NLog.config file unless directed by Engineering.

Note: Central Permission Collection - CPC 1 will be the example for the below steps.

Changing from ERROR to DEBUG

To change the service's logging level...

  1. Navigate to the Service's root folder.
    Note: Your drive my differ depending on the location of where initially installed the File Access Manager Service
  2. Open the NLog.config with Notepad or a preferreed text editor
  3. Change minlevel="ERROR" to "DEBUG"
  4. Save the file, restart the service
 

Adjusting Logging Level in 8.PNG

Increasing the Amount of Logs Collected

These setting are also located in the NLog.config file.

maxArchiveFiles="10"

The default is currently set to 10 log files that will be kept.

 

archiveAboveSize="31457280"
 

This sets the size in bytes, this is approx. 31 MB.

 

Logging Settings.PNG

 

Special Note

The logs will eventually auto remove themselves from the Logs folder on their respective services after 15 days. This is can be changed from the below table and Row name.

select * from whiteops.system_configuration_value
where name like '%Log Files Expiration Days%'

 

This applies for previous versions to 8.2

Version history
Revision #:
5 of 5
Last update:
‎Aug 18, 2021 06:23 PM
Updated by:
SailPoint Employee
 
View Article History