General

Where can I find useful logs for troubleshooting ForgeRock products?

Last updated Mar 21, 2019

The purpose of this article is to provide information on finding logs across ForgeRock products (AM/OpenAM, DS/OpenDJ, IDM/OpenIDM and IG/OpenIG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.


AM/OpenAM logs

The following logs are available:

Log type Location
AM/OpenAM debug logs $HOME/[am_instance]/openam/debug
AM/OpenAM audit logs $HOME/[am_instance]/openam/log
ssoadm logs /path/to/openam-tools/[ssoadm_install_folder]/debug
Fedlet debug logs $HOME/fedlet/debug
Container logs if deployed on Apache Tomcat™ (localhost_access_log.YYYY-MM-DD.log and catalina.out) /path/to/tomcat/logs
SSL debug logs if deployed on Apache Tomcat (catalina.out) /path/to/tomcat/logs

Agents logs

The following logs are available:

Log type Location
Web agents debug.log /path/to/agent/instances/agent_n/logs/debug directory where the agent is installed.
Web agents audit.log /path/to/agent/instances/agent_n/logs/audit directory where the agent is installed.
Web agents install log (installYYYYMMDDHHMMSS.log) /path/to/agent/log directory where the agent is installed.

Web agents system information:

  • system_n.log (Agents 5.5 and later)
  • agent.log (Pre-Agents 5.5)
/path/to/agent/log directory where the agent is installed.
Validator log (validate_xx.log) - Agents 5.5 and later  /path/to/agent/log directory where the agent is installed.
Java agents debug log (amAgent) /path/to/agent/agent_n/logs/debug directory where the agent is installed.
Java agents audit logs /path/to/agent/agent_n/logs/audit directory where the agent is installed.
Java agents install logs /path/to/agent/installer-logs directory where the agent is installed.
Validator log (validate_xx.log) - Agents 5.5 and later  /path/to/agent/log directory where the agent is installed.

DS/OpenDJ logs

The following logs are available:

Log type Location
Embedded DS/OpenDJ logs (access, errors and replication) $HOME/[am_instance]/opends/logs
External DS/OpenDJ logs (access, errors and replication) /path/to/ds/logs directory where DS/OpenDJ is installed.
SSL debug logs (server.out) /path/to/ds/logs directory where DS/OpenDJ is installed

IDM/OpenIDM logs

The following logs are available:

Log type Location
IDM/OpenIDM log (openidm0.log.n) /path/to/idm/logs
IDM/OpenIDM audit logs /path/to/idm/audit
Jetty® Request logs /path/to/idm/logs
DS/OpenDJ password sync plugin /path/to/ds/logs directory where DS/OpenDJ is installed.
Active Directory® password sync plugin (idm.log) The location is specified in the logPath registry entry under the HKEY_LOCAL_MACHINE\SOFTWARE\ForgeRock\OpenIDM\PasswordSync registry key.

IG/OpenIG logs

The following logs are available:

Log type Location
IG 5 and later $HOME/.openig/logs
OpenIG 3.x and 4.x stdout (catalina.out if you are using Apache Tomcat™) or /tmp/gateway.log depending on how you have configured logging.
SAML logs $HOME/.openig/SAML/debug

See Also

How do I collect all the data required for troubleshooting AM/OpenAM and Policy Agents (All versions)?

How do I enable debug logging for troubleshooting Policy Agents (All versions)?

How do I use the Support Extract tool in DS 5.x, 6 and OpenDJ 3.x to capture troubleshooting data?

How do I collect debug logs in IG/OpenIG (All versions) for troubleshooting?

Troubleshooting AM/OpenAM and Policy Agents

Troubleshooting DS/OpenDJ

Troubleshooting IDM/OpenIDM

Troubleshooting IG/OpenIG

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2019 ForgeRock, all rights reserved.
Loading...