Best Practices for Logging

Setting up logging is one of the first things to configure when setting up a SailPoint IdentityIQ environment for the first time.

Although there isn’t any set standard I have seen in setting up logging, there are a few simple steps I usually take to make life easier when trying to look through the logs.

It is important to note that this is not absolutely necessary, but helpful in differentiating between apache logs and IIQ logs. Without setting up these logs, all logging information on IIQ will be sent directly to standard out (stdout) by default. However, there are other logging options defined in the IIQ log file, but are commented out using #. The log file is located in identityiq/WEB-INF/classes folder. The file name is

In my opinion the best practice is to separate IIQ logs from all other logs by setting up the daily rolling file appender. Doing this will create a new log file each day. This helps with the management of logs. It takes 2 easy steps to set this up:

Step 1

Uncomment the following lines in the log file by removing the # symbol infront of the line.

#log4j.appender.RollingAppender.File=”C:Program FilesApache Software Foundationapache-tomcat-7.0.64logssailpoint.log”
#log4j.appender.RollingAppender.layout.ConversionPattern=[%p] %d %c %M – %m%n

Note that the location the files will go to is “C:Program FilesApache Software Foundationapache-tomcat-7.0.64logssailpoint.log”. This location can be changed.

Step 2

Set the rootLogger by changing the following line

log4j.rootLogger=warn,stdout to log4j.rootLogger=error,RollingAppender.
This is all that is needed to setup rolling logs with iiq.

Note that there are a numerous amount of lines commented out in the bottom. Uncomment lines are necessary when working with an object to see the logs. An example will be adding/uncommenting the line log4j.logger.sailpoint.WorkflowTrace=trace . This will allow you to see the logs in a workflow you are currently running or working on.