Showing results for 
Show  only  | Search instead for 
Did you mean: 

IdentityIQ 8.0: Changes to logging

IdentityIQ 8.0: Changes to logging

Back to the IdentityIQ 8.0 overview: What’s new in IdentityIQ 8.0




Version 8.0 of IdentityIQ uses version 2.11.1 of Log4j: Log4j2   This change adds new logging capabilities (specifically, change listening), and also means that there are changes to the the logging configuration file name, and to logging syntax.


Configuration File Name/Location

Previously, the log4j configuration file was  WEB-INF/classes/  This file is no longer shipped, and will not be referenced if present.

In IdentityIQ 8.0, the log4j2 configuration file is WEB-INF/classes/ (Note the digit 2 in the filename.)


Syntax of

Log4j2's syntax is different from log4j's. Previously in v1 in, the syntax was:


In version 2 in, you now declare using this syntax:



Notice the differences:

  • the log4j. prefix no longer used
  • 2 lines are required instead of 1
  • the logger identifier value (acmeExample) is not important, other than it is uniquely used to join the two lines together


In IdentityIQ 8.0, the previous have been fully converted into the new syntax in the file. You can refer to Apache's Log4j – Configuring Log4j 2 - Apache Log4j 2​  document for a full description of log4j2 configuration.


Examples of Logging Syntax for IdentityIQ

The file that is shipped with IdentityIQ version 8.0 includes statements for SailPoint loggers.Some are enabled by default and others provide commented-out statements; in these cases you can simply un-comment the statements that provides the logging you want. Here are some examples:


Hibernate Example



Aggregator Example



Sailpoint Connector Example



OpenConnector Example for Okta



Apache Commons Logging

As with previous releases, with version 8.0 it is recommended that classes which perform simple logging use org.apache.commons.logging. For example:


import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

private static Log log = LogFactory.getLog(MyClass.class);"printing message 1");


Change Listening

Listening for, and automatically enforcing, changes to the logging configuration is a new feature of log4j2. IdentityIQ's default declares a monitorInterval of 20 seconds, so changes will be enforced within 20 seconds of saving changes to

You can turn off change listening by setting the property monitorInterval to 0 in


Upgrade Considerations

As part of your upgrade to IdentityIQ version 8.0, you must edit the new file to reflect any customizations you may have made to your prior version of IdentityIQ. The sample logging statements in the file can help you with the log4j2 logging syntax.

Also, any rules that that use log4j logging may require updating, and verification that they are importing correctly. If there are tools, plugins, or other custom code written that used log4j v1 APIs (typically to modify logging configurations), those will need to be rewritten to use the new log4j v2 APIs in order to work for IdentityIQ 8.0. For more information, refer to the section on Converting to the Log4j 2 API in Migrating from Log4j 1.x

NOTE: There is some  support for backward-compatibility with basic log4j v1 APIs, due to the inclusion of the log4j-1.2-api-2.11.2.jar.  But, as mentioned earlier, the apache commons-logging should be used for the basic logging calls.


Additional Resources

For more information on Log4j2, refer to these Apache documents:


For more information on logging in IdentityIQ, see . Although this document is written for the earlier version of log4j, it includes general guidance about logging that is useful regardless of the version of log4j you are using.

Labels (2)

Are there any plans to enhance the SSB to include identifying where log4j v1 calls exist when upgrading to IdentityIQ 8.0?

I have added a small note to the doc, Chris:

NOTE: There is some  support for backward-compatibility with basic log4j v1 APIs, due to the inclusion of the log4j-1.2-api-2.11.2.jar.  But, as mentioned earlier, the apache commons-logging should be used for the basic logging calls.

But that will only help for cases when just very simple logging calls were being done with log4j v1.

I appreciate the update.  However, converting from the old log4j v1 to v2 would be ideal in many engagements where log4j Loggers were used.  The asynchronous file I/O in log4j v2 is really nice.  As such, would it be possible to update the SSB to have some kind of check for the v1 imports and method calls that exist in Rules, Workflows, etc.?  That way we can provide customers with a list of items that can be updated to take advantage of the features afforded by log4j v2.


According to , we can look for the v1 package "org.apache.log4j" as opposed to the v2 package "org.apache.logging.log4j". I'm probably just going to write a custom Ant task (see to scan all configurations for the v1 package and fail the build if it finds any.

Thanks for that really helpful article.

We recently upgrade to 8.0p1 and it seems the that UI setting "Level at which syslog events are stored" is not honored anymore.

We suspect that this is now solely adjustable via and the UI setting is obsolete in 8.0+.

Can you please confirm or advice how to set the log level for syslog events via UI in 8.0+?


There is an excellent overview of log4j here:

Is there a plan to deliver a similar document with the same amount of detail for log4j2?  The information about how to configure log4j2 seems to be very sparse here, more help on how to correctly configure logging for version 8.0+ of SailPoint IIQ would be appreciated, rather than having to rely on trial and error to see if we have set the configuration up correctly or not.

Agree the same.  Not sure how to convert of 7.3p2 to

Fully agreed!

There is also another excellent article as part of the BSDG series which is not updated yet:
Even though an update version is promised since a very long time.

Please kindly provide some more details regarding log4j2 in the same manner this was done related to log4j.

Thank you very much.

We upgrade from IIQ 7.3 to 8.1. Now we are not getting any logging info being written in the sailpoint.log file.

The last entry was.


WARN ServerThread sailpoint.server.FileChangeMonitor:114 - Monitored file D:/apache-tomcat-9.0/webapps/identityiq/WEB-INF/classes/ no longer exists

If you have upgraded tomcat along with it, then have you updated to include that path?

Sudhir P. Kalapala
NUIT-AS-IdentityServices | Northwestern University IT| 847.491.4056
Version history
Revision #:
4 of 4
Last update:
‎Feb 23, 2023 12:03 PM
Updated by: