Debug logging

AM services capture a variety of information in debug logs. Unlike audit log records, debug log records are unstructured. Debug logs contain different types of information that is useful when troubleshooting AM, including stack traces.

AM uses Logback as the handler for debug logging, making it easily customizable. For example, the level of debug log record output is configurable, as is the storage location and format.

AM lets you enable the debug log level for specific classes in the AM code base. This can be useful when you must turn on debug logging in a production system where you want to avoid excessive logging, but must gather messages when you reproduce a problem.

You can choose the level of logging from the following options:

Off: No debug messages are logged.
Error: Debug messages signifying that an error has occurred are logged.
Warning: Debug messages signifying potentially harmful situations are logged.
Information: Debug messages that contain coarse-grained information about the status of AM are logged.
Debug: Debug messages that contain fine-grained information useful for troubleshooting AM are logged.

This is the default level.
Trace: All debug messages are logged.

Create loggers to specify the debug level for a class, and choose where the output is recorded. The logger used by a feature in AM is hierarchical, based on the class that is creating the debug messages. The most specific logger is used, which is the logger whose path most closely matches the class that is creating the log messages.

For example, if you knew there was an issue in an authentication module, you might enable trace-level debug logging in org.forgerock.openam.authentication.modules. If you are not sure where the problem lies, you may choose a broader option, for example org.forgerock.openam.authentication.

The least-specific, catch-all logger is named ROOT.

AM also logs information related to client interactions using the org.apache.http.wire and org.apache.http.headers appenders. The information they collect is useful, for example, when you are developing authentication scripts or when your environment requires STS transformations.

By default, these appenders are always set to the Warning level unless logging is disabled. For more information, see the org.forgerock.allow.http.client.debug advanced server property.

You can configure debug logging temporarily by using the AM admin UI, or you can create a file in the AM classpath with persistent debug configuration.

Temporarily enable debug logging with `Logback.jsp`

These steps let you temporarily capture debug messages, until the next time AM or the container in which it runs is restarted.

In the AM admin UI, go to Logback.jsp in the root context of the AM installation, for example https://openam.example.com:8443/openam/Logback.jsp.

No links to this page are provided in the AM admin UI.

Only the amAdmin administrator account can access the Logback.jsp page and alter the debug settings; delegated administrators do not have access.

The page displays all the appenders and their associated debug loggers, for example:

For configuration that defines similar appenders and loggers, refer to the example logback.xml.

Logback.jsp logger names

The following lists contain the available logger names ordered by their associated appender:

Authentication

Authentication service, framework, Auth modules, Callbacks, JAAS, API
com.sun.identity.authentication.spi.AMLoginModule,
org.forgerock.openam.core.rest.authn.callbackhandlers,
com.sun.identity.authentication.spi.AMAuthCallBackImpl,
com.sun.identity.authentication.service.AuthContextLookup,
com.sun.identity.authentication.util,
org.forgerock.openam.authentication.service.LoginContextFactory,
com.sun.identity.authentication.server.AuthContextLocal,
com.sun.identity.authentication.service.AMAccountLockout,
com.sun.identity.authentication.service.LoginState,
com.sun.identity.authentication.UI.LoginViewBean,
com.sun.identity.authentication.client,
org.forgerock.openam.core.rest.authn.trees,
com.sun.identity.authentication.spi.FirstTimeLogin,
org.forgerock.openam.auth,
org.forgerock.openam.authentication.service.SessionPropertyUpgrader,
com.sun.identity.authentication.UI.AuthExceptionViewBean,
com.sun.identity.authentication.spi.ReplayPasswd,
com.sun.identity.authentication.config,
com.sun.identity.authentication.share,
org.forgerock.openam.authentication.SessionUpgradeVerifier,
com.sun.identity.authentication.service.DSAMECallbackHandler,
com.sun.identity.authentication.spi.AMModuleProperties,
org.forgerock.openam.utils.MappingUtils,
com.sun.identity.authentication.UI.AuthenticationServletBase,
com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverFactory,
com.sun.identity.authentication.UI.LogoutViewBean,
com.iplanet.security,
com.sun.identity.authentication.internal,
com.sun.identity.authentication.AuthContext,
com.sun.identity.policy.plugins.AuthenticatedSharedAgents,
org.forgerock.openam.ldap.LDAPAuthUtils,
com.sun.identity.authentication.UI.AuthViewBeanBase,
org.forgerock.openam.authentication.modules,
com.iplanet.services.cdm,
org.forgerock.openam.authentication.service.AuthUtilsWrapper,
com.sun.identity.policy.plugins.AuthenticatedAgents,
com.sun.identity.authentication.spi.JwtReplayPassword,
com.sun.identity.policy.plugins.AllowedAgents,
com.sun.identity.authentication.service.AuthenticationServiceAttributeCache,
com.sun.identity.authentication.jaas,
com.sun.identity.authentication.service.AuthD,
org.forgerock.openam.core.rest.authn.core,
org.forgerock.openam.scripting.api,
com.sun.identity.common.ISAccountLockout,
org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerFactory,
org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager,
org.forgerock.openam.webhook,
com.iplanet.services.cdc,
com.sun.identity.authentication.modules,
org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1,
com.sun.identity.authentication.service.AuthUtils,
com.sun.identity.policy.plugins.AuthenticatedSharedAgentsCondition,
org.forgerock.openam.authentication.service.JAASModuleDetector,
org.forgerock.openam.core.rest.authn.RestAuthenticationHandler

Configuration

Service Configuration, Delegation, SMS Schema, SMS repository, plugins
com.sun.identity.sm.ServiceSchemaManager,
com.iplanet.services.ldap.event.EventService,
com.sun.identity.sm.SMSSchema,
com.sun.identity.tools,
com.sun.identity.sm.SMSUtils,
com.sun.identity.common.configuration.ServerConfigXMLObserver,
com.sun.identity.sm.ServiceSchema,
com.sun.identity.delegation,
com.sun.identity.sm.OrganizationConfigManager,
com.sun.identity.sm.ldap,
com.sun.identity.sm.SMSNotificationManager,
com.sun.identity.sm.PluginSchema,
com.sun.identity.sm.AttributeValidator,
com.sun.identity.sm.ServiceConfigManagerImpl,
com.sun.identity.sm.ServiceConfigImpl,
com.sun.identity.sm.SMSPropertiesObserver,
com.sun.identity.sm.OrganizationConfigManagerImpl,
com.sun.identity.sm.AuthenticationServiceNameProviderImpl,
org.forgerock.openam.xui.XUIFilter,
com.sun.identity.sm.ServiceSchemaImpl,
com.sun.identity.setup,
com.sun.identity.sm.AttributeSchemaState,
com.sun.identity.sm.ServiceInstanceImpl,
org.forgerock.openam.auditors,
com.sun.identity.workflow,
com.sun.identity.sm.ServiceConfigManager,
org.forgerock.openam.sm.validation,
com.sun.identity.common.configuration.SessionSiteNames,
com.sun.identity.sm.ServiceConfig,
com.sun.identity.sm.SMServlet,
com.sun.identity.sm.ServiceManager,
com.sun.identity.common.configuration.ServerPropertyValidator,
com.sun.identity.sm.SMSEntry,
com.sun.identity.sm.PluginConfig,
org.forgerock.openam.utils.OpenAMSettingsImpl,
com.sun.identity.sm.jaxrpc,
com.sun.identity.sm.DNMapper,
com.sun.identity.sm.SMSException,
com.sun.identity.sm.SMSEventListenerManager,
org.forgerock.openam.utils.MapHelper,
com.sun.identity.sm.ServiceInstance,
com.sun.identity.config.util,
com.sun.identity.sm.CachedSubEntries,
com.sun.identity.sm.PluginConfigImpl,
com.sun.identity.authentication.service.ConfiguredSocialAuthServices,
com.sun.identity.sm.ServiceSchemaManagerImpl,
com.sun.identity.sm.CachedSMSEntry,
com.sun.identity.sm.CreateServiceConfig,
com.sun.identity.sm.AttributeSchema,
com.sun.identity.sm.PluginSchemaImpl

CoreSystem

Core infrastructure services, PLL, cookies, naming, logging, upgrade, Scripting
com.sun.identity.monitoring,
com.sun.identity.saml2.idpdiscovery,
com.sun.identity.security.cert.CRLValidator,
org.forgerock.openam.xacml.v3.rest,
org.forgerock.openam.core.rest.SelfServiceUserUiRolePredicate,
org.forgerock.openam.core.rest.cts,
org.forgerock.openam.sm.datalayer.impl.ldap.LdapSearchHandler,
org.forgerock.openam.security,
com.sun.identity.plugin.monitoring.impl,
org.forgerock.openam.sm.datalayer.providers,
com.zaxxer.hikari,
org.forgerock.openam.uma.UmaUserUiRolePredicate,
com.sun.identity.common.RequestUtils,
org.forgerock.openam.entitlement.rest.SubjectAttributesResourceV1,
org.forgerock.openam.services.baseurl,
org.forgerock.openam.core.rest.IdentityRestUtils,
org.forgerock.openam.core.rest.UserGroupsResource,
org.forgerock.openam.oauth2.rest,
com.sun.identity.authentication.UI.taglib,
org.forgerock.openam.core.rest.docs,
com.sun.identity.log,
org.forgerock.openam.core.rest.AllAuthenticatedUsersResource,
org.forgerock.openam.utils.WhitelistObjectInputStream,
org.forgerock.openam.core.rest.dashboard,
com.sun.identity.common.SystemTimerPool,
org.forgerock.openam.core.rest.session.AnyOfAuthzModule,
org.forgerock.openam.rest,
org.forgerock.openam.core.rest.sms,
com.sun.identity.common.admin,
org.forgerock.openam.shared.resourcename,
com.sun.identity.security.AdminTokenAction,
org.forgerock.openam.uma.rest.UmaPolicyResourceAuthzFilter,
org.forgerock.openam.shared.concurrency,
org.forgerock.openam.core.rest.session.SessionResourcePrivilegeAuthzModule,
org.forgerock.openam.entitlement.rest.ResourceTypesResource,
org.forgerock.openam.uma.rest.UmaPolicyServiceImpl,
org.forgerock.openam.entitlement.rest.DecisionCombinersResource,
com.sun.identity.common.HttpURLConnectionManager,
org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor,
org.forgerock.openam.network.ipv4.IPv4AddressRange,
org.forgerock.openam.audit,
org.forgerock.audit,
com.sun.identity.common.DNUtils,
org.forgerock.openam.utils.IPRange,
org.forgerock.openam.services.RestSecurity,
org.forgerock.openam.core.rest.IdentityResourceV4,
org.forgerock.openam.core.rest.IdentityResourceV3,
com.sun.identity.security.SecurityDebug,
org.forgerock.openam.backstage,
org.forgerock.openam.core.rest.server,
org.forgerock.openam.utils.ClientUtils,
org.forgerock.openam.core.rest.IdentityResourceV2,
org.forgerock.openam.entitlement.rest.ApplicationV1Filter,
org.forgerock.openam.core.rest.IdentityResourceV1,
org.forgerock.openam.core.rest.devices,
org.forgerock.openam.entitlement.rest.ApplicationsResource,
com.sun.identity.policy.util.Gateway,
com.sun.identity.shared.jaxrpc,
org.forgerock.openam.forgerockrest,
com.iplanet.am.util,
com.iplanet.services.comm,
org.forgerock.openam.core.rest.authn.AuditHelper,
org.forgerock.openam.sm.datalayer.impl.PooledTaskExecutor,
org.forgerock.openam.ldap.LdifUtils,
org.forgerock.openam.core.rest.session.action.LogoutByHandleActionHandler,
org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder,
com.sun.identity.shared.search,
org.forgerock.openam.entitlement.rest.SubjectTypesResource,
com.sun.identity.shared.encode.CookieUtils,
com.iplanet.services.naming,
org.forgerock.openam.cors,
com.sun.identity.idsvcs,
com.sun.identity.jaxrpc,
org.forgerock.openam.http,
org.forgerock.openam.shared.guice,
org.forgerock.openam.utils.AMKeyProvider,
org.forgerock.openam.utils.AuthLevelUtils,
org.forgerock.openam.shared.security.whitelist,
org.forgerock.openam.notifications,
com.sun.identity.policy.util.GatewayServletUtils,
org.forgerock.openam.core.sms,
org.forgerock.openam.blacklist,
com.sun.identity.common.configuration.AgentConfiguration,
org.forgerock.openam.entitlement.rest.ApplicationTypesResource,
org.forgerock.openam.monitoring,
com.sun.identity.common.ResourceLookup,
org.forgerock.openam.entitlement.rest.PolicyV1Filter,
com.sun.identity.authentication.server.AuthXMLRequestParser,
org.forgerock.openam.entitlement.rest.wrappers,
com.sun.identity.security.cert.AMCertStore,
org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutor,
com.sun.identity.shared.locale,
com.sun.identity.shared.whitelist,
org.forgerock.openam.sm.datalayer.impl.ldap.CTSDJLDAPv3PersistentSearch,
com.sun.identity.protocol,
org.forgerock.openam.scripting.rest,
org.forgerock.openam.entitlement.rest.ConditionTypesResource,
org.forgerock.openam.core.rest.record,
com.sun.identity.security.cert.AMCertPath,
org.forgerock.openam.utils.ServiceConfigUtils,
com.sun.identity.authentication.server.AuthXMLRequest

EMBEDDED_DIRECTORY

Embedded Directory Server
org.forgerock.opendj,
com.forgerock.opendj,
com.forgerock.opendj.ldap.config,
org.opends

Federation

Federated SSO, protocols (WS-Federation, SAML2), Metadata, Hub, Circle of Trust
com.sun.identity.wsfederation.profile,
com.sun.identity.saml2.servlet,
com.sun.identity.saml2.plugins.SAML2PluginsUtils,
com.sun.identity.plugin.datastore,
com.sun.identity.saml2.logging,
com.sun.identity.saml2.protocol,
com.sun.identity.saml2.common,
com.sun.identity.saml2.plugins.DefaultAccountMapper,
org.forgerock.openam.federation,
com.sun.identity.wsfederation.plugins.DefaultSPAttributeMapper,
com.sun.identity.saml2.plugins.DefaultSPAccountMapper,
com.sun.identity.wsfederation.plugins.whitelist,
com.sun.identity.saml2.profile,
com.sun.identity.wsfederation.plugins.DefaultLibrarySPAccountMapper,
com.sun.identity.saml2.plugins.SAML2IDPProxyFRImpl,
com.sun.identity.wsfederation.key,
com.sun.identity.multiprotocol,
com.sun.identity.saml2.plugins.SAML2IDPProxyImpl,
com.sun.identity.wsfederation.servlet,
com.sun.identity.xacml,
com.sun.identity.plugin.monitoring.MonitorManager,
com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper,
com.sun.identity.wsfederation.plugins.DefaultAccountMapper,
com.sun.identity.saml2.plugins.DefaultAttributeMapper,
com.sun.identity.wsfederation.plugins.DefaultAttributeMapper,
org.forgerock.openam.authentication.Saml2SessionUpgradeHandler,
com.sun.identity.saml2.ecp,
org.forgerock.openam.wsfederation,
com.sun.identity.federation,
org.forgerock.openam.saml2,
jsp.saml2,
com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper,
com.sun.identity.saml2.plugins.DefaultLibrarySPAccountMapper,
com.sun.identity.plugin.log,
com.sun.identity.saml,
com.sun.identity.wsfederation.meta,
com.sun.identity.wsfederation.plugins.DefaultIDPAuthenticationMethodMapper,
com.sun.identity.saml2.plugins.DefaultFedletAdapter,
com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper,
com.sun.identity.saml2.xmlenc,
com.sun.identity.saml2.plugins.DefaultSPAttributeMapper,
com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper,
com.sun.identity.saml2.xmlsig,
com.sun.identity.liberty.ws.security,
com.sun.identity.plugin.session.SessionManager,
com.sun.identity.wsfederation.plugins.DefaultIDPAccountMapper,
com.sun.identity.plugin.session.impl.FMSessionProvider,
com.sun.identity.saml2.key,
com.sun.identity.wsfederation.logging,
com.sun.identity.saml2.plugins.DefaultIDPAccountMapper,
com.sun.identity.wsfederation.plugins.DefaultADFSPartnerAccountMapper,
com.sun.identity.saml2.assertion,
com.sun.identity.wsfederation.plugins.DefaultIDPAttributeMapper,
com.sun.identity.plugin.session.impl.FedletSessionProvider,
com.sun.identity.saml2.meta,
com.sun.identity.plugin.configuration,
com.sun.identity.saml2.soapbinding,
com.sun.identity.wsfederation.common,
com.sun.identity.cot

IdRepo

Identity Repositories, Datastores, plugins
com.sun.identity.common.ISResourceBundle,
com.iplanet.am.sdk,
org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo,
org.forgerock.openam.shared.security.crypto,
com.iplanet.sso.SSOTokenManager,
com.iplanet.services.ldap.DefaultDataStoreConfigurationManager,
com.sun.identity.idm,
org.forgerock.openam.idrepo.ldap.helpers.DirectoryHelper,
com.sun.identity.shared.encode.Hash,
org.forgerock.openam.core.realms,
org.forgerock.openam.shared.security.ThreadLocalSecureRandom,
com.iplanet.services.ldap.event.LDAPv3PersistentSearch,
org.forgerock.openam.idrepo.ldap.psearch,
com.sun.identity.security.ServerInstanceAction,
org.forgerock.openam.identity,
org.forgerock.openam.ldap.LDAPUtils

OAuth2Provider

OAuth 2.0 Provider
org.forgerock.openam.oauth2.OpenAMClientRegistrationStore,
org.forgerock.openam.oauth2.secrets,
org.forgerock.openidconnect,
org.forgerock.openam.oauth2.resources.ResourceSetLabelRegistration,
org.forgerock.openam.oauth2.OAuth2GlobalSettings,
org.forgerock.openam.oauth2.OpenAMClientRegistration,
org.forgerock.openam.oauth2.ciba,
org.forgerock.openam.oauth2.requesturis,
org.forgerock.openam.oauth2.OAuth2AuditLogger,
org.forgerock.openam.oauth2.token,
org.forgerock.openam.oauth2.IdentityManager,
org.forgerock.openam.oauth2.IgAgentClientRegistration,
org.forgerock.openam.oauth2.jwks,
org.forgerock.oauth2,
org.forgerock.openam.utils.RealmNormaliser,
org.forgerock.openam.oauth2.AgentClientRegistration,
org.forgerock.openam.oauth2.ClientCredentialsReader,
org.forgerock.openam.oauth2.remoteconsent,
org.forgerock.openam.oauth2.OpenAMScopeValidator,
org.forgerock.openam.oauth2.OAuth2Monitor

OpenDJ-SDK

Directory Server SDK
org.forgerock.opendj.ldif,
org.forgerock.opendj.asn1,
com.forgerock.opendj.util,
com.forgerock.opendj.ldap,
org.forgerock.opendj.ldap,
org.forgerock.opendj.util

OtherLogging

Miscellaneous logs
org.forgerock.openam.secrets.SecretIdChoiceValues,
org.forgerock.am.iot.IntrospectTokenActionHandler,
com.sun.identity.sm.SmsObjectResolver,
org.forgerock.config.resolvers,
org.forgerock.openam.services.datastore,
org.forgerock.openam.utils.JCECipherProvider,
org.forgerock.config.resolvers.SystemPropertyResolver,
com.sun.identity.policy.plugins,
org.forgerock.openam.entitlement.rest,
org.forgerock.openam.services.datastore.DataStoreConsistencyFilter,
org.forgerock.openam.oauth2.saml2,
org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore,
org.forgerock.openam.headers.DisableSameSiteCookiesFilter,
org.forgerock.openam.oauth2.resources,
org.forgerock.openam.uma.rest,
org.forgerock.openam.integration.idm.IdmClientIdRepo,
org.forgerock.am.health.HealthCheckService,
com.sun.identity.shared,
org.forgerock.openam.network.ipv4,
com.forgerock,
org.forgerock.openam.core.rest.session,
org.forgerock.util.encode.Base64url,
org.forgerock.openam.core.rest,
com.iplanet.services.ldap.ServerGroup,
org.forgerock.am.iot.ThingsResource,
org.forgerock.openam.uma,
org.forgerock.openam.secrets.config.GoogleKeyManagementServiceSecretStore,
org.forgerock.api.models.Resource,
org.forgerock.openam.oauth2.saml2.core.Saml2GrantTypeHandler,
com.sun.identity.configuration.ConfigFedMonitoring,
org.forgerock.openam.setup.BootstrapSubstitutionService,
org.forgerock.util.promise,
org.forgerock.config.resolvers.EnvironmentVariableResolver,
org.forgerock.config.util,
org.forgerock.openam.scripting.ScriptEngineConfigurator,
org.forgerock.openam.oauth2.guice,
org.forgerock.openam.scripting.persistence,
org.forgerock.api.models.Items,
org.forgerock.openam.homedirectory.HomeDirectoryUtils,
org.forgerock.openam.selfservice,
com.iplanet.services,
org.forgerock.openam.scripting.ThreadPoolScriptEvaluator,
jsp,
org.forgerock.am.health.ReadinessCheckEndpoint,
io.swagger.models.parameters.AbstractSerializableParameter,
org.forgerock.openam.social,
com.sun.identity.plugin.monitoring,
org.forgerock.openam.services.MailService,
OAuth2Factory,
org.apache.http.headers,
org.forgerock.json,
org.forgerock.openam.oauth2.OAuth2UrisFactory,
com.sun.identity.shared.encode,
org.forgerock.http.swagger,
com.iplanet,
com.sun.identity.common.configuration,
org.forgerock.json.resource.InterfaceCollectionInstance,
org.forgerock.json.resource.http.HttpUtils,
org.forgerock.openam.uma.UmaProviderSettingsFactory,
org.forgerock.openam.utils,
org.forgerock.openam.scripting,
org.forgerock.openam.uma.rest.UmaEnabledFilter,
org.forgerock.openam.sts.publish.rest.RestSTSSetupListener,
org.forgerock.util.encode.Base64,
com.zaxxer,
org.forgerock.openam.oauth2.guice.OAuth2GuiceModule,
org.forgerock.openam.social.idp.SocialIdpJwksSecretsProvider,
org.forgerock.secrets,
org.forgerock.util.promise.Promises,
org.forgerock.secrets.SecretReference,
org.forgerock.openam.sts.publish.common.STSInstanceConfigStoreBase,
io.swagger.models.parameters,
org.forgerock.openam.sts.publish.common,
io.swagger,
org.forgerock.openam.oauth2.pop,
org.forgerock.openam.sm.datalayer,
org.forgerock.openam.social.idp.choiceValues.AllowedJweAlgorithms,
org.forgerock.http,
oauth2,
org.forgerock.openam.service.datastore.LdapDataStoreService,
org.forgerock.http.filter,
org.apache.http.wire,
org.forgerock.http.swagger.OpenApiRequestFilter,
org.forgerock.openam.xui,
org.forgerock.api.models,
com.iplanet.services.ldap.event,
org.forgerock.json.jose.jws.SigningManager,
com.sun.identity.shared.xml.XMLUtils,
org.forgerock.http.oauth2,
org.forgerock.util.promise.PromiseImpl,
org.forgerock.openam.secrets,
org.forgerock.openam.sts.publish.service,
org.forgerock.openam.sm.config.ConsoleConfigHandlerImpl,
org.forgerock.openam.integration.idm,
com.sun.identity.authentication,
io.swagger.models,
org.forgerock.openam.selfservice.SelfServiceRequestHandler,
org.forgerock.am.health.LivenessCheckEndpoint,
com.sun.identity.sm.RootSuffixProvider,
org.forgerock.am.iot,
idRepoAuditor,
org.forgerock.openam.sm.datalayer.impl,
org.forgerock.http.util,
com.sun.identity.plugin.session.impl,
com.sun.identity.common,
org.forgerock.openam.utils.PerThreadCache,
com.sun.identity.shared.xml,
org.forgerock.openam.service.datastore,
com.sun.identity.shared.datastruct,
org.forgerock.json.jose.jws,
com.sun.identity.common.configuration.ConfigurationObserver,
com.sun.identity.configuration,
org.forgerock.http.filter.TransactionIdInboundFilter,
frRest,
org.forgerock.secrets.propertyresolver,
org.apache,
org.forgerock.openam.service,
org.forgerock.openam.secrets.SecretsUtils,
org.forgerock.openam.utils.LogUtils,
ROOT,
com.sun.identity.common.ShutdownManager,
org.forgerock.am.iot.GetAccessTokenActionHandler,
org.forgerock.openam.core.rest.authn,
org.forgerock.openam.scripting.persistence.config.consumer.ScriptTypeAdapter,
com.sun,
org.forgerock.util.i18n,
org.forgerock.openam.entitlement.service.ApplicationServiceImpl,
com.sun.identity.policy.plugins.PrefixResourceName,
com.sun.identity.wsfederation.plugins,
org.forgerock.openam.secrets.config.GoogleSecretManagerSecretStoreProvider,
org.forgerock.api.transform,
org,
org.forgerock.util.encode,
com.sun.identity.sm.SmsWrapperObject,
org.forgerock.openam.sm.config,
org.forgerock.openam.scripting.sandbox,
org.forgerock.openam.shared.security,
org.forgerock.api.transform.OpenApiTransformer,
org.forgerock.http.oauth2.ResourceServerFilter,
org.forgerock.openam.headers,
com.sun.identity,
org.forgerock.openam.core.rest.authn.http,
org.forgerock.openam.errors,
org.forgerock.openam.idrepo.ldap.helpers,
org.forgerock.openam.secrets.config.SecretsPlugin,
org.forgerock.http.protocol.Form,
org.forgerock.json.resource,
org.forgerock.util.i18n.PreferredLocales,
com.iplanet.services.ldap,
com.sun.identity.sm.schema.ParsedSchema,
org.forgerock.openam.scripting.service.ScriptChoiceValues,
org.forgerock.openam.sts.publish.rest.RestSTSInstancePublisherImpl,
org.forgerock.openam.errors.AgentResourceExceptionMappingHandler,
org.forgerock.config.resolvers.FlatFileResolver,
org.forgerock.http.routing,
org.forgerock.openam.oauth2.pop.MutualTlsConfirmationMethod,
org.forgerock.openam.scripting.StandardScriptEvaluator,
org.forgerock.am.iot.IotClientRegistrationStore,
org.forgerock.http.servlet.Servlet3Adapter,
org.forgerock.openam.idrepo,
org.forgerock.config,
ldapUrl,
org.forgerock.json.resource.InterfaceSingletonHandler,
org.forgerock.openam.secrets.config,
org.forgerock.openam.sm.DefaultAnnotatedServiceRegistry,
org.forgerock.am.health,
org.forgerock.caf.authentication.framework,
org.forgerock.am.iot.GetUserTokenActionHandler,
com.sun.identity.authentication.UI.LoginLogoutMapping,
org.forgerock.openam.config,
io,
org.forgerock.caf.authentication,
org.forgerock.openam.sm,
org.forgerock.openam.sm.ServiceSchemaRegistrar,
org.forgerock.api.models.Operation,
org.forgerock.http.protocol,
org.forgerock.util.DirectoryWatcher,
com.sun.identity.security,
org.forgerock.openam.entitlement,
org.forgerock.openam.oauth2.ClientCertificateHeaderFormat,
org.forgerock.am.iot.GetUserCodeActionHandler,
org.forgerock.openam.shared,
org.forgerock.http.servlet,
org.forgerock.api.CrestApiProducer,
org.forgerock.openam.sm.annotations.SchemaBuilder,
org.forgerock.openam.scripting.sandbox.RhinoSandboxClassShutter,
org.forgerock.util.xml,
com.sun.identity.authentication.service.ConfiguredIdentityTypes,
org.forgerock.openam.xacml,
org.forgerock.openam.scripting.service.GlobalScriptChoiceValues,
com.iplanet.services.ldap.Server,
com.sun.identity.sm,
org.forgerock.openam.sts.publish.rest.RestSTSPublishServiceListener,
org.forgerock.secrets.AllowedKeyUsageConstraint,
org.forgerock.openam.oauth2.jar,
org.forgerock.openam.oauth2.OAuth2Utils,
org.forgerock.openam.sm.health.FbcLivenessCheck,
org.forgerock.json.resource.http,
org.forgerock.openam.idrepo.ldap,
com.sun.identity.authentication.UI,
com.iplanet.services.util,
com.sun.identity.liberty.ws,
com.sun.identity.authentication.server,
org.forgerock.openam.sts.publish.service.SoapSTSPublishServiceRequestHandler,
org.forgerock.util,
com.iplanet.sso,
org.forgerock.openam.sm.health.PluginStartupCheck,
org.forgerock.guice.core.InjectorFactory,
org.forgerock.openam.sm.datalayer.impl.ldap,
org.forgerock.openam.sts.publish,
org.forgerock.macaroons,
org.forgerock.openam.selfservice.SelfServiceTreesResource,
com,
org.forgerock.openam.scripting.service.StandardScriptStoreFactory,
org.forgerock.openam.scripting.persistence.config,
org.forgerock.openam.validation,
com.sun.identity.authentication.service,
com.sun.identity.sm.SMSThreadPool,
org.forgerock.openam.validation.RequestEntitySizeVerificationFilter,
org.forgerock.util.promise.Promises$CompletedPromise,
com.sun.identity.authentication.service.AuthConfigMonitor,
org.forgerock.am,
org.forgerock.openam.scripting.service,
org.forgerock.api,
org.forgerock.http.header.SetCookieHeader,
org.forgerock.macaroons.SerializationFormatV2,
org.forgerock.am.iot.IotService,
org.forgerock.openam.ldap,
com.iplanet.am,
com.sun.identity.plugin,
org.forgerock.macaroons.SerializationFormatV1,
com.sun.identity.plugin.session,
org.forgerock.openam.services,
org.forgerock.util.xml.XMLUtils,
org.forgerock.openam.oauth2.saml2.core,
org.forgerock.openam.social.idp,
org.forgerock.openam.config.ServiceComponentConfigBuilder,
org.forgerock.openam.core.rest.session.action,
com.sun.identity.liberty,
org.forgerock.openam.homedirectory,
org.forgerock.openam.scripting.StandardScriptEngineManager,
org.forgerock.openam.secrets.Secrets,
org.forgerock.caf.authentication.framework.AuthenticationFramework,
org.forgerock.json.jose.utils.Utils,
org.forgerock.openam.social.idp.SocialIdentityProviders,
org.forgerock.openam.core.rest.authn.AuthIdHelper,
org.forgerock.openam.oauth2,
org.forgerock.openam.core.CoreWrapper,
org.forgerock.guice,
org.forgerock.http.protocol.Entity,
org.forgerock.openam.sts.publish.service.RestSTSPublishServiceRequestHandler,
org.forgerock.openam.scripting.persistence.config.consumer,
org.forgerock.openam.network,
org.forgerock.http.header,
org.forgerock.openam.entitlement.service,
org.forgerock.openam.integration,
com.sun.identity.common.SystemTimer,
org.forgerock.openam.core,
com.sun.identity.sm.SmsChangesLogger,
org.forgerock.openam.sm.datalayer.impl.CtsConnectionCheck,
org.forgerock.openam.sts,
com.sun.identity.authentication.server.AuthXMLHandler,
org.forgerock.openam.sm.annotations,
org.forgerock.config.resolvers.PropertyResolvers,
org.forgerock.secrets.SecretsProvider,
com.sun.identity.policy,
com.sun.identity.wsfederation,
org.forgerock.json.resource.http.HttpAdapter,
org.forgerock.http.util.Uris,
com.sun.identity.shared.datastruct.CollectionHelper,
org.forgerock.guice.core,
org.forgerock,
org.forgerock.openam.sts.publish.rest,
org.forgerock.openam.social.idp.choiceValues,
com.iplanet.services.util.Crypt,
com.sun.identity.config,
org.forgerock.json.resource.InterfaceCollectionHandler,
org.forgerock.openam,
jsp.realmSelection,
org.forgerock.openam.service.datastore.SmsDataStoreLookup,
com.sun.identity.authentication.service.AMLoginContext,
com.sun.identity.authentication.spi,
org.forgerock.config.util.JsonValuePropertyEvaluator,
org.forgerock.openam.xacml.v3,
org.forgerock.http.routing.Router,
com.iplanet.services.ldap.LDAPUser,
com.sun.identity.policy.util,
org.apache.http,
com.sun.identity.sm.schema,
org.forgerock.http.servlet.HttpFrameworkServlet,
org.forgerock.openam.setup,
org.forgerock.openam.social.idp.DefaultOpenIdConnectRelyingPartySettings,
org.forgerock.openam.headers.SecureCookieFilter,
com.iplanet.services.util.JCEEncryption,
org.forgerock.json.jose,
org.forgerock.openam.oauth2.OAuth2NotificationPublisher,
com.sun.identity.security.cert,
org.forgerock.json.jose.utils,
org.forgerock.caf,
org.forgerock.openam.oauth2.jar.JarAuthorizeRequestValidator,
org.forgerock.openam.sm.health,
org.forgerock.config.resolvers.ChainedPropertyResolver

Plugins

Plugin Framework
org.forgerock.openam.plugins

Policy

Policy Framework,Subject, Condition, Resource Attributes, XACML, Plugins, API
com.sun.identity.policy.PolicyManager,
com.sun.identity.policy.plugins.Organization,
com.sun.identity.policy.SharedSubject,
com.sun.identity.policy.ActionDecision,
com.sun.identity.policy.ResourceManager,
com.sun.identity.policy.plugins.IDRepoResponseProvider,
com.sun.identity.policy.plugins.AuthSchemeCondition,
com.sun.identity.policy.plugins.LEAuthLevelCondition,
com.sun.identity.policy.PolicyCache,
com.sun.identity.policy.PolicyDecision,
org.forgerock.openam.entitlement.monitoring,
com.sun.identity.policy.ProxyPolicyEvaluatorFactory,
com.sun.identity.policy.Rule,
com.sun.identity.policy.ResourceComparatorValidator,
com.sun.identity.policy.plugins.IPCondition,
com.sun.identity.policy.ProxyPolicyEvaluator,
com.sun.identity.policy.remote,
com.sun.identity.policy.ValidationErrorHandler,
org.forgerock.openam.entitlement.rest.EntitlementsExceptionMappingHandler,
org.forgerock.openam.network.ipv6,
com.sun.identity.policy.Subjects,
com.sun.identity.policy.plugins.PeerOrgReferral,
com.sun.identity.policy.Policy,
com.sun.identity.policy.ActionSchema,
org.forgerock.openam.idrepo.ldap.helpers.ADHelper,
org.forgerock.openam.entitlement.configuration,
com.sun.identity.policy.plugins.SubOrgReferral,
com.sun.identity.policy.plugins.AuthenticateToRealmCondition,
org.forgerock.openam.entitlement.indextree,
com.sun.identity.policy.SubjectEvaluationCache,
org.forgerock.openam.uma.rest.UserPolicyResource,
com.sun.identity.policy.plugins.OrgReferral,
com.sun.identity.policy.plugins.LDAPUsers,
com.sun.identity.policy.plugins.UserSelfCheckCondition,
com.sun.identity.policy.ResponseProviderTypeManager,
com.sun.identity.policy.plugins.LDAPFilterCondition,
com.sun.identity.policy.plugins.SimpleTimeCondition,
com.sun.identity.policy.ResponseProviders,
org.forgerock.openam.xacml.v3.resources,
com.sun.identity.policy.PolicyUtils,
com.sun.identity.policy.plugins.SessionCondition,
org.forgerock.openam.entitlement.CachingEntitlementCondition,
com.sun.identity.policy.plugins.AMIdentitySubject,
com.sun.identity.policy.Referrals,
com.sun.identity.policy.ResourceIndexManager,
com.sun.identity.policy.plugins.AuthLevelCondition,
com.sun.identity.policy.plugins.LDAPConnectionPools,
com.sun.identity.policy.plugins.AuthenticateToServiceCondition,
com.sun.identity.policy.plugins.AuthRoleCondition,
com.sun.identity.policy.plugins.AMIdentityMembershipCondition,
com.sun.identity.entitlement,
com.sun.identity.policy.PolicyEvaluatorFactory,
com.sun.identity.policy.plugins.SessionPropertyCondition,
org.forgerock.openam.entitlement.PolicyConstants,
com.sun.identity.policy.PolicyEvaluator,
com.sun.identity.policy.ServiceTypeManager,
com.sun.identity.policy.ServiceType,
com.sun.identity.policy.ResourceResult,
com.sun.identity.policy.plugins.ResourceEnvIPCondition,
org.forgerock.openam.entitlement.conditions,
com.sun.identity.policy.ConditionTypeManager,
com.sun.identity.policy.PolicyConfig,
com.sun.identity.policy.plugins.LDAPGroups,
org.forgerock.openam.network.ipv4.IPv4Condition,
com.sun.identity.policy.SubjectTypeManager,
org.forgerock.openam.entitlement.utils,
com.sun.identity.policy.util.PolicyDecisionUtils,
org.forgerock.openam.entitlement.PolicySetNotificationConsumer,
com.sun.identity.policy.Conditions,
org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV2,
com.sun.identity.policy.ReferralTypeManager,
org.forgerock.openam.entitlement.rest.PolicyResource,
org.forgerock.openam.entitlement.rest.JsonPolicyParser

Push

Push Notification
org.forgerock.openam.services.push

Radius

RADIUS server
org.forgerock.openam.radius

Session

Session framework, session management, SSOToken, session failover, API
org.forgerock.openam.core.rest.session.action.SetPropertyActionHandler,
org.forgerock.openam.core.rest.session.action.GetPropertyActionHandler,
org.forgerock.openam.core.rest.session.SessionResource,
com.sun.identity.sm.ServerIDValidator,
org.forgerock.openam.cts,
org.forgerock.openam.core.rest.session.action.LogoutActionHandler,
org.forgerock.openam.dpro,
com.iplanet.sso.providers,
org.forgerock.openam.core.rest.session.action.ValidateActionHandler,
org.forgerock.openam.core.rest.session.action.GetSessionPropertiesActionHandler,
org.forgerock.openam.session,
org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig,
org.forgerock.openam.core.rest.session.action.UpdateSessionPropertiesActionHandler,
org.forgerock.openam.core.rest.session.SSOTokenPartialSessionFactory,
org.forgerock.openam.sm.SMSConfigurationFactory,
org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread,
com.iplanet.dpro,
com.sun.identity.plugin.session.impl.FMSessionNotification,
org.forgerock.openam.core.rest.session.action.GetPropertyNamesActionHandler,
org.forgerock.openam.core.rest.session.SessionResourceUtil,
org.forgerock.openam.core.rest.session.SessionResourceV2,
com.sun.identity.sm.SiteIDValidator,
org.forgerock.openam.core.rest.session.action.DeletePropertyActionHandler

UmaProvider

UMA provider
org.forgerock.openam.oauth2.AccessTokenProtectionFilter,
org.forgerock.openam.uma.UmaSettingsImpl,
org.forgerock.openam.uma.icg,
org.forgerock.openam.uma.PendingRequestEmailTemplate,
org.forgerock.openam.uma.rest.UmaPolicyApplicationListener,
org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook,
org.forgerock.openam.oauth2.resources.labels,
org.forgerock.openam.uma.UmaProviderSettingsImpl,
org.forgerock.openam.uma.UmaGrantTypeHandler,
org.forgerock.openam.uma.rest.UmaLabelResource,
org.forgerock.openam.uma.PendingRequestsService,
org.forgerock.openam.uma.audit

WebServices

Web services security (WSS), STS, Identity Services
com.sun.identity.liberty.ws.paos,
com.sun.identity.liberty.ws.common,
com.sun.identity.policy.plugins.WebServicesClients,
com.sun.identity.liberty.ws.soapbinding,
com.sun.identity.authentication.spi.WSSReplayPasswd

amUpgrade

Upgrade framework
com.sun.identity.sm.ServiceSchemaModifications,
org.forgerock.openam.upgrade,
com.sun.identity.common.configuration.ServerConfiguration,
com.sun.identity.config.upgrade,
com.sun.identity.security.cert.AMCRLStore

To set the logging level for all loggers that output to a particular appender:
1. Select the name of the appender from the Appender drop-down list.
2. Select the debug level from the Level drop-down list.
3. Click Apply.

To set the logging level for a class or package:

Select the name of the individual logger from the Logger drop-down list, or select the global ROOT logger to set the level for all loggers.

The current debug level is shown in the Level field.

Scripts that create debug messages have their own logger that’s created after the script has executed at least once.

The name of the logger uses the format: scripts.<context>.<uuid>.(<name>).

For example, scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script).

Select a new debug level from the Level drop-down list.
Click Apply.

When you apply any changes to the logger settings , a Logger settings updated message is shown at the top of the Logback.jsp page.

Changes made in Logback.jsp apply immediately, but are not permanently stored. Restarting AM or the container in which it runs will reset the levels to defaults.

You can configure the default settings that will be applied when AM starts up. Refer to Change the startup debug settings.

As soon as you have reproduced the problem you are investigating, return to the Logback.jsp page and revert the logger levels to the previous settings, to avoid filling up disk space.

Persistent debug logging with `logback.xml`

Debug logging can be enabled and persisted in AM by configuring a logback.xml file. This file describes the classes for which to capture debug messages, and the destination, or appender, where the output is stored.

For more information about configuring Logback, refer to Logback configuration in the Logback Documentation.

Configure basic debug logging

Follow these steps to configure basic persistent debug logging in AM, using a logback.xml file:

Create a logback.xml file in the AM classpath, for example in /path/to/tomcat/webapps/openam/WEB-INF/classes/.

To view or use an existing file with example loggers and appenders, place the following logback.xml in your classpath and set the paths for your environment.

Example logback.xml

<configuration>
 <!--    amUpgrade  -->
 <appender name="amUpgrade" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/amUpgrade</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.sm.ServiceSchemaModifications" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.common.configuration.ServerConfiguration" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultIDPAccountMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultIDPAccountMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.config.upgrade" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultLibrarySPAccountMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultADFSPartnerAccountMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultIDPAttributeMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="org.forgerock.openam.upgrade" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultSPAttributeMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultSPAccountMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.security.cert.AMCRLStore" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultSPAttributeMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultLibrarySPAccountMapper" level="Error" >
  <appender-ref ref="amUpgrade"/>
 </logger>

 <!--    Authentication  -->
 <appender name="Authentication" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Authentication</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.authentication.spi.AMLoginModule" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.callbackhandlers" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.spi.AMAuthCallBackImpl" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.AuthContextLookup" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.util" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.service.LoginContextFactory" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.server.AuthContextLocal" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.AMAccountLockout" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.LoginState" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.UI.LoginViewBean" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.client" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.trees" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.spi.FirstTimeLogin" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.auth" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.service.SessionPropertyUpgrader" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.UI.AuthExceptionViewBean" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.spi.ReplayPasswd" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.config" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.share" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.SessionUpgradeVerifier" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.DSAMECallbackHandler" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.spi.AMModuleProperties" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.utils.MappingUtils" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.UI.AuthenticationServletBase" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverFactory"
         level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.UI.LogoutViewBean" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.iplanet.security" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.internal" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.AuthContext" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthenticatedSharedAgents" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.ldap.LDAPAuthUtils" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.UI.AuthViewBeanBase" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.modules" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.iplanet.services.cdm" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.service.AuthUtilsWrapper" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthenticatedAgents" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.spi.JwtReplayPassword" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AllowedAgents" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.AuthenticationServiceAttributeCache" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.jaas" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.AuthD" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.core" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.scripting.api" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.common.ISAccountLockout" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerFactory" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.webhook" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.iplanet.services.cdc" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.modules" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.AuthUtils" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthenticatedSharedAgentsCondition" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.service.JAASModuleDetector" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.RestAuthenticationHandler" level="Error" >
  <appender-ref ref="Authentication"/>
 </logger>

 <!--    Configuration   -->
 <appender name="Configuration" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Configuration</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.sm.ServiceSchemaManager" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.iplanet.services.ldap.event.EventService" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSSchema" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.tools" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSUtils" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.common.configuration.ServerConfigXMLObserver" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceSchema" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.delegation" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.OrganizationConfigManager" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ldap" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSNotificationManager" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.PluginSchema" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.AttributeValidator" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceConfigManagerImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceConfigImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSPropertiesObserver" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.OrganizationConfigManagerImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.AuthenticationServiceNameProviderImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="org.forgerock.openam.xui.XUIFilter" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceSchemaImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.setup" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.AttributeSchemaState" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceInstanceImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="org.forgerock.openam.auditors" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.workflow" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceConfigManager" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="org.forgerock.openam.sm.validation" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.common.configuration.SessionSiteNames" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceConfig" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMServlet" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceManager" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.common.configuration.ServerPropertyValidator" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSEntry" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.PluginConfig" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="org.forgerock.openam.utils.OpenAMSettingsImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.jaxrpc" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.DNMapper" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSException" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.SMSEventListenerManager" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="org.forgerock.openam.utils.MapHelper" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceInstance" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.config.util" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.CachedSubEntries" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.PluginConfigImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.authentication.service.ConfiguredSocialAuthServices" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.ServiceSchemaManagerImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.CachedSMSEntry" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.CreateServiceConfig" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.AttributeSchema" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>
 <logger name="com.sun.identity.sm.PluginSchemaImpl" level="Error" >
  <appender-ref ref="Configuration"/>
 </logger>

 <!--    CoreSystem  -->
 <appender name="CoreSystem" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/CoreSystem</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.monitoring" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.saml2.idpdiscovery" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.security.cert.CRLValidator" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.xacml.v3.rest" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.SelfServiceUserUiRolePredicate" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.cts" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.LdapSearchHandler" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.security" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.plugin.monitoring.impl" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.providers" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.zaxxer.hikari" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.uma.UmaUserUiRolePredicate" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.RequestUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.SubjectAttributesResourceV1" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.services.baseurl" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.IdentityRestUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.UserGroupsResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.rest" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.authentication.UI.taglib" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.docs" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.log" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.AllAuthenticatedUsersResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.utils.WhitelistObjectInputStream" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.dashboard" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.SystemTimerPool" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.AnyOfAuthzModule" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.rest" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.sms" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.admin" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.shared.resourcename" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.security.AdminTokenAction" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.uma.rest.UmaPolicyResourceAuthzFilter" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.shared.concurrency" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.SessionResourcePrivilegeAuthzModule" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.ResourceTypesResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.uma.rest.UmaPolicyServiceImpl" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.DecisionCombinersResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.HttpURLConnectionManager" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.network.ipv4.IPv4AddressRange" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.audit" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.audit" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.DNUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.utils.IPRange" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.services.RestSecurity" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.IdentityResourceV4" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.IdentityResourceV3" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.security.SecurityDebug" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.backstage" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.server" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.utils.ClientUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.IdentityResourceV2" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.ApplicationV1Filter" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.IdentityResourceV1" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.devices" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.ApplicationsResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.policy.util.Gateway" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.shared.jaxrpc" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.forgerockrest" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.iplanet.am.util" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.iplanet.services.comm" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.AuditHelper" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.PooledTaskExecutor" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.ldap.LdifUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.LogoutByHandleActionHandler" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.shared.search" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.SubjectTypesResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.shared.encode.CookieUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.iplanet.services.naming" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.cors" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.idsvcs" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.jaxrpc" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.http" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.shared.guice" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.utils.AMKeyProvider" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.utils.AuthLevelUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.shared.security.whitelist" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.notifications" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.policy.util.GatewayServletUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.sms" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.blacklist" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.configuration.AgentConfiguration" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.ApplicationTypesResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.monitoring" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.common.ResourceLookup" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.PolicyV1Filter" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.authentication.server.AuthXMLRequestParser" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.wrappers" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.security.cert.AMCertStore" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutor" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.shared.locale" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.shared.whitelist" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.CTSDJLDAPv3PersistentSearch" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.protocol" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.scripting.rest" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.ConditionTypesResource" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.record" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.security.cert.AMCertPath" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="org.forgerock.openam.utils.ServiceConfigUtils" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>
 <logger name="com.sun.identity.authentication.server.AuthXMLRequest" level="Error" >
  <appender-ref ref="CoreSystem"/>
 </logger>

 <!--    Embedded   -->
 <appender name="Embedded" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Embedded</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.opendj" level="Error" >
  <appender-ref ref="Embedded"/>
 </logger>
 <logger name="com.forgerock.opendj" level="Error" >
  <appender-ref ref="Embedded"/>
 </logger>
 <logger name="com.forgerock.opendj.ldap.config" level="Error" >
  <appender-ref ref="Embedded"/>
 </logger>
 <logger name="org.opends" level="Error" >
  <appender-ref ref="Embedded"/>
 </logger>

 <!--    Federation  -->
 <appender name="Federation" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Federation</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.wsfederation.profile" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.servlet" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.SAML2PluginsUtils" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.datastore" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.logging" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.protocol" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.common" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultAccountMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="org.forgerock.openam.federation" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.whitelist" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.profile" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.SAML2IDPProxyFRImpl" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.key" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.multiprotocol" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.SAML2IDPProxyImpl" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.servlet" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.xacml" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.monitoring.MonitorManager" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultAccountMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultAttributeMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultAttributeMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="org.forgerock.openam.authentication.Saml2SessionUpgradeHandler" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.ecp" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="org.forgerock.openam.wsfederation" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.federation" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="org.forgerock.openam.saml2" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="jsp.saml2" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.log" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.meta" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.plugins.DefaultIDPAuthenticationMethodMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultFedletAdapter" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.xmlenc" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.xmlsig" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.liberty.ws.security" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.session.SessionManager" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.session.impl.FMSessionProvider" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.key" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.logging" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.assertion" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.session.impl.FedletSessionProvider" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.meta" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.plugin.configuration" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.saml2.soapbinding" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.wsfederation.common" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>
 <logger name="com.sun.identity.cot" level="Error" >
  <appender-ref ref="Federation"/>
 </logger>

 <!--    IdRepo  -->
 <appender name="IdRepo" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/IdRepo</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.common.ISResourceBundle" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.iplanet.am.sdk" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.shared.security.crypto" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.iplanet.sso.SSOTokenManager" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.iplanet.services.ldap.DefaultDataStoreConfigurationManager" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.sun.identity.idm" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.idrepo.ldap.helpers.DirectoryHelper" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.sun.identity.shared.encode.Hash" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.core.realms" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.shared.security.ThreadLocalSecureRandom" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.iplanet.services.ldap.event.LDAPv3PersistentSearch" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.idrepo.ldap.psearch" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="com.sun.identity.security.ServerInstanceAction" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.identity" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>
 <logger name="org.forgerock.openam.ldap.LDAPUtils" level="Error" >
  <appender-ref ref="IdRepo"/>
 </logger>

 <!--    OAuth2Provider  -->
 <appender name="OAuth2Provider" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/OAuth2Provider</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.openam.oauth2.OpenAMClientRegistrationStore" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.secrets" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openidconnect" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.resources.ResourceSetLabelRegistration" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.OAuth2GlobalSettings" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.OpenAMClientRegistration" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.ciba" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.requesturis" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.OAuth2AuditLogger" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.token" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.IdentityManager" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.IgAgentClientRegistration" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.jwks" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.oauth2" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.utils.RealmNormaliser" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.AgentClientRegistration" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.ClientCredentialsReader" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.remoteconsent" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.OpenAMScopeValidator" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.OAuth2Monitor" level="Error" >
  <appender-ref ref="OAuth2Provider"/>
 </logger>

 <!--    OpenDJ-SDK  -->
 <appender name="OpenDJ-SDK" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/OpenDJ-SDK</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.opendj.ldif" level="Error" >
  <appender-ref ref="OpenDJ-SDK"/>
 </logger>
 <logger name="org.forgerock.opendj.asn1" level="Error" >
  <appender-ref ref="OpenDJ-SDK"/>
 </logger>
 <logger name="com.forgerock.opendj.util" level="Error" >
  <appender-ref ref="OpenDJ-SDK"/>
 </logger>
 <logger name="com.forgerock.opendj.ldap" level="Error" >
  <appender-ref ref="OpenDJ-SDK"/>
 </logger>
 <logger name="org.forgerock.opendj.ldap" level="Error" >
  <appender-ref ref="OpenDJ-SDK"/>
 </logger>
 <logger name="org.forgerock.opendj.util" level="Error" >
  <appender-ref ref="OpenDJ-SDK"/>
 </logger>

 <!--    Plugins     -->
 <appender name="Plugins" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Plugins</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.openam.plugins" level="Error" >
  <appender-ref ref="Plugins"/>
 </logger>

 <!--    Policy  -->
 <appender name="Policy" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Policy</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.policy.PolicyManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.Organization" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.SharedSubject" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ActionDecision" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ResourceManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.IDRepoResponseProvider" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthSchemeCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.LEAuthLevelCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyCache" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyDecision" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.monitoring" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ProxyPolicyEvaluatorFactory" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.Rule" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ResourceComparatorValidator" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.IPCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyContinuousListener" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ProxyPolicyEvaluator" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.remote" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ValidationErrorHandler" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.EntitlementsExceptionMappingHandler" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.network.ipv6" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.Subjects" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.PeerOrgReferral" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.Policy" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ActionSchema" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.idrepo.ldap.helpers.ADHelper" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.configuration" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.SubOrgReferral" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthenticateToRealmCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.indextree" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.LDAPRoles" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.SubjectEvaluationCache" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.uma.rest.UserPolicyResource" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.OrgReferral" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.LDAPUsers" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.UserSelfCheckCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ResponseProviderTypeManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.LDAPFilterCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.SimpleTimeCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ResponseProviders" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.xacml.v3.resources" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyUtils" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.SessionCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.CachingEntitlementCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AMIdentitySubject" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.Referrals" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ResourceIndexManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthLevelCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.LDAPConnectionPools" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthenticateToServiceCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AuthRoleCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.AMIdentityMembershipCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.entitlement" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyEvaluatorFactory" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.SessionPropertyCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.PolicyConstants" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyEvaluator" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ServiceTypeManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ServiceType" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ResourceResult" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.ResourceEnvIPCondition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.conditions" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ConditionTypeManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.PolicyConfig" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.LDAPGroups" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.network.ipv4.IPv4Condition" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.SubjectTypeManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.utils" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.util.PolicyDecisionUtils" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.PolicySetNotificationConsumer" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.Conditions" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV2" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="com.sun.identity.policy.ReferralTypeManager" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.PolicyResource" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>
 <logger name="org.forgerock.openam.entitlement.rest.JsonPolicyParser" level="Error" >
  <appender-ref ref="Policy"/>
 </logger>

 <!--    Push    -->
 <appender name="Push" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Push</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.openam.services.push" level="Error" >
  <appender-ref ref="Push"/>
 </logger>

 <!--    Radius  -->
 <appender name="Radius" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Radius</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.openam.radius" level="Error" >
  <appender-ref ref="Radius"/>
 </logger>

 <!--    Session  -->
 <appender name="Session" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/Session</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.openam.core.rest.session.action.SetPropertyActionHandler" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.GetPropertyActionHandler" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.SessionResource" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="com.sun.identity.sm.ServerIDValidator" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.cts" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.LogoutActionHandler" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.dpro" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="com.iplanet.sso.providers" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.ValidateActionHandler" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.GetSessionPropertiesActionHandler"
         level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.session" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.UpdateSessionPropertiesActionHandler"
         level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.SSOTokenPartialSessionFactory" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.sm.SMSConfigurationFactory" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="com.iplanet.dpro" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="com.sun.identity.plugin.session.impl.FMSessionNotification" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.GetPropertyNamesActionHandler" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.SessionResourceUtil" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.SessionResourceV2" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="com.sun.identity.sm.SiteIDValidator" level="Error" >
  <appender-ref ref="Session"/>
 </logger>
 <logger name="org.forgerock.openam.core.rest.session.action.DeletePropertyActionHandler" level="Error" >
  <appender-ref ref="Session"/>
 </logger>

 <!--    UmaProvider     -->
 <appender name="UmaProvider" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/UmaProvider</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="org.forgerock.openam.oauth2.AccessTokenProtectionFilter" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.UmaSettingsImpl" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.PendingRequestEmailTemplate" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.rest.UmaPolicyApplicationListener" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.oauth2.resources.labels" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.UmaProviderSettingsImpl" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.UmaGrantTypeHandler" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.rest.UmaLabelResource" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.PendingRequestsService" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>
 <logger name="org.forgerock.openam.uma.audit" level="Error" >
  <appender-ref ref="UmaProvider"/>
 </logger>

 <!--    WebServices     -->
 <appender name="WebServices" class="ch.qos.logback.core.FileAppender">
  <file>/path/to/debug/WebServices</file>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <logger name="com.sun.identity.liberty.ws.paos" level="Error" >
  <appender-ref ref="WebServices"/>
 </logger>
 <logger name="com.sun.identity.liberty.ws.common" level="Error" >
  <appender-ref ref="WebServices"/>
 </logger>
 <logger name="com.sun.identity.policy.plugins.WebServicesClients" level="Error" >
  <appender-ref ref="WebServices"/>
 </logger>
 <logger name="com.sun.identity.liberty.ws.soapbinding" level="Error" >
  <appender-ref ref="WebServices"/>
 </logger>
 <logger name="com.sun.identity.authentication.spi.WSSReplayPasswd" level="Error" >
  <appender-ref ref="WebServices"/>
 </logger>

 <!--    OtherLogging rotation created so that ROOT could be set without outputting same debug to all files     -->
 <appender name="OtherLogging" class="ch.qos.logback.core.rolling.RollingFileAppender">
  <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
   <file>/path/to/debug/OtherLogging</file>
   <fileNamePattern>/path/to/debug/OtherLogging.%d{yyyy-MM-dd}-%i</fileNamePattern>
   <maxFileSize>1GB</maxFileSize>
  </rollingPolicy>
  <encoder>
   <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
 </appender>
 <root level="Error">
  <appender-ref ref="OtherLogging" />
 </root>
</configuration>

Download logback.xml.

In your empty logback.xml file, add a top-level element called configuration.

For example:

<configuration>
</configuration>

This element will contain the configuration of the loggers and appenders, added in later steps.

To instruct AM to periodically check the logback.xml file for changes, and apply them to the running instance, add both a scan and a scanPeriod attribute to the <configuration> element. For example:

<configuration scan="true" scanPeriod="30 seconds">
</configuration>

If AM is not configured to scan the logback.xml file for changes, you’ll need to restart the instance in order to pick up any changes.

You can set the scanPeriod attribute to a longer time period, for example one hour, so that you don’t have to restart a running system when you need to alter the debugging level.

For more information, refer to Automatically reloading configuration file upon modification in the Logback Documentation.

To troubleshoot issues when configuring debug logging using the logback.xml file, add a debug attribute, set to true, to the <configuration> element. For example:
```
<configuration debug="true">
</configuration>
```
AM records debug logging status information to the default log file for the container in which it’s running. For example, in Tomcat, status messages about the configuration of logback are recorded in the Catalina.out file.

For more information, refer to Status data in the Logback Documentation.

Define one or more appenders in the <configuration> element.

The following example appender logs messages to a file named debug.out in the default AM debug directory:
```
<configuration>
  <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender">
    <file>openam/var/debug/debug.out</file>
    <encoder>
      <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
    </encoder>
  </appender>
</configuration>
```
The pattern in the above example creates debug log entries that are identical to the output produced by previous versions of AM, including the transaction ID to aid with tracking events as they occur throughout the system.

You can also define an appender that uses the JsonLayout class to include the transaction ID automatically. Refer to Format log files for details.
Define one or more loggers in the <configuration> element.

Loggers specify which classes to capture debug messages from, including any sub-classes. They also specify the level of debug information to capture, and which appender is used to store the output.

This example logger applies the Debug level to the scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script). Note that script loggers are only created after the script has executed at least once. The output is recorded in the file specified in the debug.out appender, created in an earlier step:
```
<configuration>
  <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender">
    <file>openam/var/debug/debug.out</file>
    <encoder>
      <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
    </encoder>
  </appender>
  <logger name="scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script)" level="Debug" >
    <appender-ref ref="DEBUG.OUT" />
  </logger>
</configuration>
```

Define a single <root> catch-all element in the <configuration> element, to specify the global logging level for all classes that don’t match any of the loggers defined in the logback.xml file.

<configuration>
  <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender">
    <file>openam/var/debug/debug.out</file>
    <encoder>
      <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
    </encoder>
  </appender>
  <logger name="scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script)" level="Debug" >
    <appender-ref ref="DEBUG.OUT" />
  </logger>
  <root level="Error">
    <appender-ref ref="DEBUG.OUT" />
  </root>
</configuration>

Save your changes.

The changes are applied the next time you restart AM, or the container in which it runs.

If you are editing an existing logback.xml that AM has already loaded, and contains the scan="true" attribute, you do not need to reboot.

Instead, wait for the amount of time specified in the scanPeriod attribute, and the new configuration will be loaded into AM.

To verify that the configuration from the logback.xml file has loaded, go to the Logback.jsp file, for example at https://openam.example.com:8443/openam/Logback.jsp, which reflects the configuration found:

Note that any changes made in the Logback.jsp are temporary, and are not persisted to the logback.xml file.

Output to stdout

Configure logback.xml to send logging to standard output. For example, for Apache Tomcat deployments, console output is typically redirected to the Tomcat logging file, catalina.out.

This example configuration captures all debug-level logging using the default <root> element, and redirects it to the STDOUT appender:

<configuration>
  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> (1)
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>
  <root level="Debug">                                                 (2)
    <appender-ref ref="STDOUT" />
  </root>
</configuration>

To configure this example, create the following elements:

1 An <appender> that uses the ch.qos.logback.core.ConsoleAppender class.

2 A <logger>, or a <root> element as shown here, referencing the STDOUT appender.
Save your changes as described in Configure basic debug logging.
Check that debug logging is now output to stdout. For example:

tail -f $TOMCAT_HOME/logs/catalina.out

Output to multiple locations

You can direct debug logging to more than one output location by defining multiple appenders and loggers. Note that you can only define at most one root element.

This example defines loggers for the com.sun.identity.sm.ServiceInstance and org.forgerock.openam.utils.MapHelper classes that output debug logging to file, using the DEBUG.OUT appender.

All warning-level logging is also directed to standard output using the STDOUT appender.

<configuration>
  <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender"> (1)
    <file>openam/var/debug/debug.out</file>
    <encoder>
      <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
    </encoder>
  </appender>
  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> (2)
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>
  <logger name="com.sun.identity.sm.ServiceInstance" level="Debug"> (3)
      <appender-ref ref="DEBUG.OUT" />
    </logger>
  <logger name="org.forgerock.openam.utils.MapHelper" level="Debug">  (3)
    <appender-ref ref="DEBUG.OUT" />
  </logger>
  <root level="Warning">                                                 (4)
    <appender-ref ref="STDOUT" />
  </root>
</configuration>

To configure this example, create the following elements:

1	An `<appender>` that uses the `ch.qos.logback.core.FileAppender` class.
2	An `<appender>` that uses the `ch.qos.logback.core.ConsoleAppender` class.
3	A `<logger>` for each script, referencing the DEBUG.OUT appender.
4	A `<logger>`, or a `<root>` element as shown here, referencing the STDOUT appender.

Save and verify your changes as described in Configure basic debug logging.

Format log files

The org.forgerock.openam.logback.JsonLayout class extends Logback JSON layout functionality by adding the transaction ID to the JSON output.

This example shows how you can include the JsonLayout class to format your log files:

<appender name="JSON" class="ch.qos.logback.core.rolling.RollingFileAppender"> (1)
  <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
    <fileNamePattern>openam/var/debug/debugLog.%d{yyyy_MM_dd}.json</fileNamePattern>
    <maxHistory>7</maxHistory>
  </rollingPolicy>
  <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">          (2)
    <layout class="org.forgerock.openam.logback.JsonLayout">                   (3)
      <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter"> (4)
        <prettyPrint>true</prettyPrint>
      </jsonFormatter>
      <timestampFormat>yyyy-MM-dd' 'HH:mm:ss.SSS</timestampFormat>
      <appendLineSeparator>true</appendLineSeparator>
    </layout>
  </encoder>
</appender>

To configure this example, create the following elements:

1	An `<appender>` that uses the `ch.qos.logback.core.rolling.RollingFileAppender` class.
2	An `<encoder>` that uses the `ch.qos.logback.core.encoder.LayoutWrappingEncoder` class.
3	A `<layout>` element that uses the `org.forgerock.openam.logback.JsonLayout` class.
4	A `<jsonFormatter>` element that uses the `ch.qos.logback.contrib.jackson.JacksonJsonFormatter` class.

Save and verify your changes as described in Configure basic debug logging.

The use of the JsonLayout class results in the addition of a transactionId at the top level of the log entry.

For example:

{
  "timestamp" : "2022-07-28 15:39:44.562",
  "level" : "DEBUG",
  "thread" : "http-nio-8080-exec-6",
  "mdc" : {
    "transactionId" : "eb0664cc-4615-461e-973a-64a1fc4f659a-34695"
  },
  "logger" : "org.forgerock.openam.rest.restAuthenticationFilter",
  "message" : "OpenAM SSO Token Session Module has successfully authenticated the client",
  "context" : "default",
  "transactionId" : "eb0664cc-4615-461e-973a-64a1fc4f659a-34695"
}

Rotate debug logs

Logback provides built-in support for a number of log file rotation schemes, including time- and-size based rotation. If you have configured AM with a logback.xml file, you can configure log file rotation in the appenders, as follows:

In the <configuration> element, create an appender that uses the ch.qos.logback.core.rolling.RollingFileAppender class, for example:
```
<appender name="DAILYLOG" class="ch.qos.logback.core.rolling.RollingFileAppender">
  <encoder>
    <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
  </encoder>
</appender>
```
Within the appender, specify whether to rotate based on time, and optionally also size, as follows:
- To rotate the log files based only on time, add a <rollingPolicy> element to the appender, which uses the ch.qos.logback.core.rolling.TimeBasedRollingPolicy class.
  
  Include a <fileNamePattern> element that defines when the log files should roll over, and the naming convention.
  
  For example, the following appender rolls the log file over at midnight each day, and includes the date in the filename:
  <appender name="DAILYLOG" class="ch.qos.logback.core.rolling.RollingFileAppender"> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>openam/var/debug/dailyLog.%d{yyyy-MM-dd}.log</fileNamePattern> </rollingPolicy> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender>
- To rotate the log files based on both time and size, add a <rollingPolicy> element to the appender, which uses the ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy class.
  
  Include a <fileNamePattern> element that defines when the log files should roll over, and where the counter for rolling over based on size occurs, specified by including %i. You must also include a <maxFileSize> element to define the maximum size of the log files.
  
  For example, the following appender rolls the log file over at midnight each day, but earlier if the file reaches 2 gigabytes in size, and includes the date in the filename:
  <appender name="DAILYLOG2GB" class="ch.qos.logback.core.rolling.RollingFileAppender"> <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> <fileNamePattern>openam/var/debug/dailyLog2GB.%d{yyyy-MM-dd}-%i.log</fileNamePattern> <maxFileSize>2GB</maxFileSize> </rollingPolicy> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender>
Save and verify your changes as described in Configure basic debug logging.

Debug log files will roll over each night, and also if they reach the 2GB size limit. The file names will contain the date, and a counter to signify the order in which they were written.

Change the startup debug settings

You can configure the settings that are applied when AM starts up and there is no logback.xml file present.

The settings specified as defaults will be reflected in the Logback.jsp file, for example at https://openam.example.com:8443/openam/Logback.jsp. However, they will not override the configuration contained with a custom logback.xml file.

Set the default debug level

These steps set the default debug level used by all loggers, when AM starts up:

In the AM admin UI, go to Deployment > Servers > Server Name > General > Debugging.
Select an option from the Debug Level field.

The default level for debug logging is Error. This level is appropriate for normal production operations, in which case no debug log messages are expected.

Setting the debug log level to Warning increases the volume of messages. Setting the debug log level to Message dumps detailed trace messages.

Unless told to do so by qualified support personnel, do not use Warning or Message levels as a default in production. Instead, set the levels on a per-class basis.
Save your changes.

Changes are applied immediately.

Set the default debug directory

These steps set the default directory used to store debug log files:

In the AM admin UI, go to Deployment > Servers > Server Name > General > Debugging.
Enter a directory in which to store log files in the Debug Directory field.

The default value is as follows:
Unix/Linux

Windows
%BASE_DIR%/var/debug

BASE_DIR is the local Access Management configuration directory; for example /path/to/openam.

%BASE_DIR%\var\debug

BASE_DIR is the local Access Management configuration directory; for example \path\to\openam.
Make sure that the specified folder can be written to by the account that is running AM or the container in which it runs.
Save your changes.

The changes are applied the next time you restart AM, or the container in which it runs.

Combine log messages in a single file

These steps log all debug messages to a single debug.out file:

In the AM admin UI, go to Deployment > Servers > Server Name > General > Debugging.
Set the Merge Debug Files property to On.
Save your changes.

Changes are applied immediately.

All debug log messages will be written to a single debug file named debug.out. The file will be located in the directory specified in the Debug Directory property. Refer to Set the default debug directory.