Connector logs

By default, logging is not enabled for RCS.

It can be difficult to determine if the root cause of a problem is at the ICF or connector level, or at the application level.

The ICF API sets the LoggingProxy at a very high level. You can consider the Logging Proxy as the border between the application (IDM) and the ICF framework.

Logging levels

Finer logging levels generate more noise but can be helpful when troubleshooting:

  • SEVERE (highest value, least noise)


  • INFO


  • FINE


  • FINEST (lowest value, most noise)

Enable IDM connector logging

If you are using ICF connectors bundled with IDM, you can adjust the log levels for specific parts of the system in the path/to/openidm/conf/logging.properties file. To start logging, enable the Logging Proxy and set the level for all or some operations:

Enable the LoggingProxy
Log all operations
Log specific operations

You can log any of the following operations:

  • AuthenticationApiOp

  • CreateApiOp

  • DeleteApiOp

  • GetApiOp

  • ResolveUsernameApiOp

  • SchemaApiOp

  • ScriptOnConnectorApiOp

  • ScriptOnResourceApiOp

  • SearchApiOp

  • SyncApiOp

  • TestApiOp

  • UpdateApiOp

  • ValidateApiOp

Java RCS logging

Logging configuration file

The default location for the logging configuration file is /path/to/openicf/conf/logback.xml. To use another location, edit the following property in your conf/ConnectorServer.properties configuration file:

connectorserver.loggingConfigFile=otherDirectory/filename.xml (1)
1 The path can be absolute or relative to /path/to/openicf/.

Enable Java RCS debug logging

For additional Java RCS debug logging information, refer to this Knowledge Base article.

To enable debug logging in the remote Java Connector Server, uncomment the following line in the logging configuration file:

<logger name="org.identityconnectors.framework.impl.api.LoggingProxy" level="DEBUG" additivity="false">
    <appender-ref ref="TRACE-FILE"/>
<logger name="org.identityconnectors.framework.api.operations" level="DEBUG" additivity="false">
    <appender-ref ref="TRACE-FILE"/>

Rolling log policy

To change the total size for all log files or maximum time length before a log rolls over to a new file, edit conf/logback.xml and update the applicable maxHistory and totalSizeCap properties. The default rolling log policy has the following configuration:


For more information, refer to maxHistory and totalSizeCap in the Logback documentation.

.NET RCS logging

To enable logging in the .NET RCS, edit the ConnectorServer.exe.config configuration file, and set the logging.proxy key to true:

<add key="logging.proxy" value="true"/>
Copyright © 2010-2024 ForgeRock, all rights reserved.