This chapter gives information about the different log files and messages for OpenAM's classic Logging Service, which is based on the Java SDK.
OpenAM 13.0.0 introduces a new Audit Logging Service, which is an audit logging framework common across all ForgeRock products. Both logging services are available in OpenAM ${serverDocTargetVersion}, but the classic Logging Service will be deprecated in a future release.
This section describes the different OpenAM log files.
This chapter describes OpenAM audit log files:
Audit logs record information about OpenAM events. You can adjust the amount of detail in the administrative logs under Configuration > System > Logging.
Contains log data for when users log into and out of OpenAM, including failed authentications
Contains log data about errors encountered when users login and out of OpenAM
Contains data about actions run as the administrator in the console, including changes to realms and policies
Contains data on errors encountered during administrator sessions
Contains data about password resets
Contains data about authorization actions permitted by policies, including policy creation, removal, or modification
Contains data on errors encountered during actions related to the policy
Contains data about actions as part of the policy delegation, including any changes to the delegation
Contains data about policies accessed remotely
Contains data about access to REST endpoints
Contains data about authorizations to access REST endpoints
Contains data about user sessions, including times of access, session time outs, session creation, and session termination for stateful sessions; contains data about session creation and session termination for stateless sessions
Contains data about actions run against the core token
Contains data on errors encountered regarding the core token
Contains data about the circle of trust
Contains data on errors encountered for the circle of trust
Contains data about entitlement actions or changes
Contains data about federation actions, including the creation of authentication domains or the hosted providers
Contains data on errors encountered during federation actions
Contains data about actions run for the federation Liberty schema
Contains data on errors encountered for the federation Liberty schema
Contains data about actions for the OAuth 2.0 provider
Contains data about errors encountered by the OAuth 2.0 provider
Contains data about SAML 2 actions, including changes to assertions, artifacts, response, and requests
Contains data about errors encountered during SAML 2 actions
Contains data about SAML actions, including changes to assertions, artifacts, response, and requests
Contains data about errors encountered during SAML actions
Contains data about actions completed for SSO as admin
Contains data about activity for Web Services Security
Contains data on errors encountered by Web Services Security
Contains data about activity for WS Federation, including changes and access information
Contains data on errors encountered during WS Federation
Debug log files provide information to help troubleshoot OpenAM problems.
The number of messages that OpenAM logs to the debug log files varies depends on the debug logging level. The default debug logging level is Error. With other logging levels, such as Warning and Message, OpenAM logs many more debug log messages and creates many more debug log files than it does by default.
When configured with the Message logging level, OpenAM can produce
more than a hundred debug log files.
Use the debug log file names to determine the type of troubleshooting
information in each file. For example, the OpenAM command-line interface
logs debug messages to the amCLI
debug file.
The OpenAM OAuth2 provider logs debug messages to the
OAuth2Provider
debug file. The OpenAM Naming Service
logs messages to the amNaming
debug file.
For information about configuring the location and verbosity of debug log files, see ????.