Product Q&As
ForgeRock Identity Platform
Does not apply to Identity Cloud

Where can I find useful logs for troubleshooting ForgeRock products?

Last updated Jan 11, 2023

The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.


AM logs

The following logs are available:

Log type Location
AM debug logs (AM 7 and later) /path/to/am/var/debug
AM audit logs (AM 7 and later) /path/to/am/var/audit
AM debug logs (AM 6.x) /path/to/am/am/debug
AM audit logs (AM 6.x) /path/to/am/am/log
ssoadm logs /path/to/am-tools/[ssoadm_install_folder]/debug
Fedlet debug logs $HOME/fedlet/debug
Container logs if deployed on Apache Tomcat™ (localhost_access_log.YYYY-MM-DD.log and catalina.out) /path/to/tomcat/logs
SSL debug logs if deployed on Apache Tomcat (catalina.out) /path/to/tomcat/logs
Note

In Kubernetes deployments, AM writes its debug logs to stdout. See Pod Descriptions and Container Logs for further information on collecting debug logs in Kubernetes.

Agents logs

The following logs are available:

Log type Location
Web agents debug.log /path/to/agent/instances/agent_n/logs/debug directory where the agent is installed.
Web agents audit.log /path/to/agent/instances/agent_n/logs/audit directory where the agent is installed.
Web agents install log (installYYYYMMDDHHMMSS.log) /path/to/agent/log directory where the agent is installed.

Web agents system information:

  • system_n.log (Agents 5.5 and later)
  • agent.log (Agents 5)
/path/to/agent/log directory where the agent is installed.
Validator log (validate_xx.log) - Agents 5.5 and later /path/to/agent/log directory where the agent is installed.

Java agents debug log:

  • debug.out (Agents 5.5 and later)
  • amAgent (Agents 5)
/path/to/agent/agent_type/agent_instance/logs/debug directory where the agent is installed.
Java agents audit logs /path/to/agent/agent_type/agent_instance/logs/audit directory where the agent is installed.
Java agents install logs /path/to/agent/installer-logs directory where the agent is installed.
Validator log (validate_xx.log) - Agents 5.5 and later /path/to/agent/log directory where the agent is installed.

DS logs

The following logs are available:

Log type Location
Embedded DS logs (access, errors and replication) /path/to/am/opends/logs
External DS logs (access, errors and replication) /path/to/ds/logs directory where DS is installed.
SSL debug logs (server.out) /path/to/ds/logs directory where DS is installed

IDM logs

The following logs are available:

Log type Location
IDM log (openidm0.log.n) /path/to/idm/logs
IDM audit logs /path/to/idm/audit
Jetty® Request logs /path/to/idm/logs
DS password sync plugin /path/to/ds/logs directory where DS is installed.
Active Directory® password sync plugin (idm.log) The location is specified in the logPath registry entry under the HKEY_LOCAL_MACHINE\SOFTWARE\ForgeRock\OpenIDM\PasswordSync registry key.

IG logs

The following logs are available:

Log type Location
IG logs $HOME/.openig/logs
SAML2 logs $HOME/.openig/SAML/debug

See Also

How do I collect all the data required for troubleshooting AM and Agents (All versions)?

How do I enable debug logging for troubleshooting Agents (All versions)?

How do I use the Support Extract tool in DS 6.5.x and 7.x to capture troubleshooting data?

How do I generate more detailed debug logs to diagnose an issue in IG (All versions)?

Troubleshooting AM and Agents

Troubleshooting DS

Troubleshooting IDM

Troubleshooting IG

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.