12. Logs

28 февраля 2020 г.

11:03

Хранятся в %LocalAppData%\One Identity\One Identity Manager\

https://support.oneidentity.com/technical-documents/identity-manager/8.0.1/configuration-guide/132

How to Enable TRACE Logging (261074) (oneidentity.com)

QBM_Pjournal пишет в DialogJournal

----

1) Можно включить логирование для Job Server (Insert)

На Job Server

Job Service Configuration - Files\One Identity\One Identity Manager\JobService.cfg File Templates ? Module list Job destination Configuration Lo v.'ltter eventloglogwfiter filalogwfitar Insert eventloglogwfiter filalogwfit ar Re m,ove

SQLProvider перенастроить, так как сбивается

Перезапустить службу.

Логи OneIdentity

Логи процессора Powershell (в папке пользователя от которого запущен jobserver)

File Home StdioProcessor Share Users administrator.lAMDEMO App Data Local One Identity Date modified 12/02/2020 22:20 11/02/2020 23:16 07/02/20201815 06/02/2020 2042 05/02/2020 23:43 05/02/2020 0640 04/02/2020 13/02/20200•13 One Identity Manager Stdioprocessor Quick access Desktop Downloads Documents Pictures Backup This pc Desktop 8 Documents Name StdioProcessor.0.log StdioProcessor.1.log Stdi0Processor.2.log StdioProcessor,3.log StdioProcessorA.log StdioProcessor.5.log Stdi0Processor.6.log StdioProcessor,log Type Text Document Text Document Text Document Text Document Text Document Text Document Text Document Text Document Size 30 KB

Конфиг логов можно найти в

И там путь к логам указан

APPServer

C:\inetpub\wwwroot\AppServer\App_Data\Logs

. Enable Tracing first and try a new test

- in globallog.config (This is found in the installation folder), change this line(s)

below, from

\<logger name="*" minlevel="Info" writeTo="viewer"/>

to

\<logger name="*" minlevel="Trace" writeTo="viewer"/>

You need also to uncomment the \<-- ... --> that are under these line.

2. Enable the sync logs

See also

https://support.oneidentity.com/identity-manager/kb/267514/how-to-enable-synchronization-logging-and-retrieve-the-synchronization-summary-267514-

3. Send these logs aswell if you have them generated(they should be on the involved Jobserver):

- %LOCALAPPDATA%\One Identity\One Identity Manager\StdioProcessor\StdioProcessor.log

- %LOCALAPPDATA%\One Identity\One Identity Manager\SynchronizationEditor\SynchronizationEditor.log

- %LOCALAPPDATA%\One Identity\One Identity Manager\Projector.Isolator\Projector.Isolator.log

4. Export sync project as a .projshell file.

see also:

https://support.oneidentity.com/identity-manager/kb/187752/how-to-export-the-synchronization-project-shell-from-the-synchronization-editor

5. Send Sync Report:

from sync editor | Help | Generate synchronization analysis report

The logs are located in this folder

C:\Users\your-account\AppData\local\OneIdentity\OneIdentityManager

or C:\windows\System32\config\systemprofile\AppData\Local\One Identity\One Identity Manager

Указать путь для хранения логов JobSever

Log Severity level

Table 359: Warning Levels for Logging Severity level Description Info Warning Serious All messages are written to the log file. The log file quickly becomes large and cumbersome. Only warnings and exception errors are written to the log file (default). Only exception errors are written to the log file.

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwi6huGW3uH4AhWhVvEDHc0RDEIQFnoECAwQAw&url=https%3A%2F%2Fsupport.oneidentity.com%2Ftechnical-documents%2Fidentity-manager%2F8.0%2Fconfiguration-guide%2F127&usg=AOvVaw3_xddk1Ink2RFlKIv-00Dd

Displaying Messages in the Database Journal

The database journal is used to store information, warning and error messages from different components of One Identity Manager, for example, DBQueue Processor, Configuration Wizard or One Identity Manager Service. Actions in the program "Job Queue Info", such as re-enabling process steps, are also written to the database journal.

To display items from database journal

  • In the Job Queue Info, go to View | System log.

From \<https://support.oneidentity.com/technical-documents/identity-manager/8.0.1/configuration-guide/124#TOPIC-910139>

Extended Debugging in the One Identity Manager Service

There are two parameters available in the One Identity Manager Service configuration module that you can use to extend debugging functionality:

  • DebugMode

  • Component debugging mode (ComponentDebugMode)

One Identity Manager Service writes more detailed data into the log file if the parameter "DebugMode" is set, for example, all parameters that are passed to a component as well as the processing results together with OUT parameters.

Individual One Identity Manager Service process components can output additional process data to the One Identity Manager Service log file. To do this you set the parameter "ComponentDebugMode" in the configuration module. You should only use "ComponentDebugMode" for localizing errors because the effect on performance means that it is not recommended for normal use.

From \<https://support.oneidentity.com/technical-documents/identity-manager/8.0.2/configuration-guide/128>

-----

NLOG

Скачиваем программу Log2Console

Настраиваем ресивер

Receivers Add... • Remove UDP (IP and •..,6) Configuration Multicast Group Address (Optional) Receive Buffer Size UDP Port Number use IPv6 Addresses 10000

На JobServer в файле "C:\Program Files\One Identity\One Identity Manager\globallog.config"

Из комментов переносим строку с writeti='chainsaw'

И в строке target type=Chainsaw указывает ip адрес машины с установленным Log2Console

globallog.config Notepad File Edit Format View Help (target name="objectlogfile" . log" maxArchiveFi1 (target name="jobgenlogfile" . log" maxArchiveFi1 just for debug purposes via viewer xsi : type—"EventLog" (target (target (targets) (target < logger < logger clogger xsi : name="viewer" xsi:type="Chainsaw" name="chainsaw" address= address= source= "udp4://[REDACTED_IP]: 7071 name= name= "eventLog" minlevel="lnfo" "${companyName} ${productTit1e} just for debug purposes via < logger min1eve1="Trace" < logger min1eve1="Trace" viewer writeTo=" chainsaw" / > < ! Debug logger definitions for trace log < logger min1eve1="Trace" writeTo="debug"/> < logger name="Sq1Log" min1eve1="Trace" writeTo="sq110gfi1e"/> < logger name="ObjectLog" min1eve1="Trace"

How to Enable and Collect IT Shop Logs (Логи портала)

From \<https://support.oneidentity.com/identity-manager/kb/230911/how-to-enable-and-collect-it-shop-logs>

1. On the server where the Identity Manager web portal is installed, navigate to C:\inetpub\wwwroot\IdentityManager\bin and open WebDesigner.ConfigFileEditor.exe to edit the web.config file located under C:\inetpub\wwwroot\IdentityManager:

2. Connect to the database:

Login to the database LAB-V71\OnelM802. Enter new connection Authentication method O System user viadmin

3. Click to expand the "Log" section.  Enable the logging level as specified by Support.  "Trace" is used to gather verbose logging.  Support will normally request both the "Application log" and the "Database log":

Save the config file once logging has been enabled.  This will trigger a restart of the application pool.

4. After reproducing the issue, gather the required application and database logs from the C:\inetpub\wwwroot\IdentityManager\App_Data\Logs directory.  E.g.:

Уведомления о FrozenDetect

Отвечает процесс VID_Jobqueue_Notify_Frozen

Письмо plaintext без шаблонов каких-либо

Уведомления о ошибках синхронизации

Процесс DPR_DPRProjectionStartInfo_Run_Synchronization

Process step properties General Generation Error handling Extended Notification on error Name Process task Description Process information Prioritj Run Synchronization ProjectorComponent - FullProjection None Notification (error} Process history D&Queue does not wait Disabled by preprocessor

Notifications about process step handling

You have the possibility to send a message when a process step has succeeded or when it has failed. Prerequisite for using the notification system is an SMTP host, set up for sending mail and activation of the configuration parameter for mail notification. Use the various configuration parameters for mail notifications for setting up notifications. For detailed information about configuring the email notification, see the One Identity Manager Installation Guide.

To configure mail notification for a process step

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Click on the element for the process step in the process document.

  4. Select the Process step properties view.

  5. On the General tab, enable the Notification (success) and Notification (error) options.

  6. Enter the data for sending notifications on the Notification on success and Notification on error tabs.
    NOTE: You must enter all data in VB.NET syntax. Use #LD notation for language-dependent formatting of the information.

Property Meaning
Sender email address Email address of the notification sender.
Recipient email address Email address of the notification recipient.
Subject Subject line.
Message The message to be sent.

Table 116: Properties for notifications

NOTE: Email notifications are only sent during processing if all the data is entered for a case (failure or success).

Example for configuring an email message

Sender email address Value = Connection.GetConfigParm("Common\MailNotification\DefaultSender")
Recipient email address Value = Connection.GetConfigParm("Common\MailNotification\DefaultAddress")
Subject Value = #LD("Error updating the Active Directory user account {0}.", \$CanonicalName\$)#
Message Value = #LD("The user account {0} could not be updated.)#

The process VID_SendMail (DialogDatabase table) is used to send email notifications from the process handling. This process uses the parameters of the vid_InsertForSendMail database procedure. To customize this process, create a copy of the process and edit it.

TIP:

To send the error messages logged by the One Identity Manager Service in case of an error by email notification, the vid_InsertForSendMail database procedure supplies the pcAdditionalMessage parameter.

To access this functionality, use the variable [AdditionalMessage] when you set up your failure notification message.

Example of a message:

Value = "Process failed." & vbcrlf _

& vbcrlf _

& "------------------------------------------------------------------------" & vbcrlf _

& "[AdditionalMessage]"

From \<https://support.oneidentity.com/technical-documents/identity-manager/8.1.5/configuration-guide/60#TOPIC-1651083>

Notify on sync failure - Forum - Identity Manager Community - One Identity Community

VID_Jobqueue_Notify_Frozen