General
ForgeRock Identity Platform
Does not apply to Identity Cloud

Where can I find useful logs for troubleshooting ForgeRock products?

Last updated Apr 7, 2021

The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.


AM logs

The following logs are available:

Log type Location
AM debug logs (AM 7 and later) /path/to/openam/var/debug 
AM audit logs (AM 7 and later) /path/to/openam/var/audit 
AM debug logs (Pre-AM 7) /path/to/openam/openam/debug 
AM audit logs (Pre-AM 7) /path/to/openam/openam/log 
ssoadm logs /path/to/openam-tools/[ssoadm_install_folder]/debug 
Fedlet debug logs $HOME/fedlet/debug 
Container logs if deployed on Apache Tomcat™ (localhost_access_log.YYYY-MM-DD.log and catalina.out) /path/to/tomcat/logs 
SSL debug logs if deployed on Apache Tomcat (catalina.out) /path/to/tomcat/logs 

Agents logs

The following logs are available:

Log type Location
Web agents debug.log  /path/to/agent/instances/agent_n/logs/debug directory where the agent is installed.
Web agents audit.log  /path/to/agent/instances/agent_n/logs/audit directory where the agent is installed.
Web agents install log (installYYYYMMDDHHMMSS.log) /path/to/agent/log directory where the agent is installed.

Web agents system information:

  • system_n.log (Agents 5.5 and later)
  • agent.log (Agents 5)
/path/to/agent/log directory where the agent is installed.
Validator log (validate_xx.log) - Agents 5.5 and later  /path/to/agent/log directory where the agent is installed.

Java agents debug log:

  • debug.out (Agents 5.5 and later)
  • amAgent (Agents 5)
/path/to/agent/agent_type/agent_instance/logs/debug directory where the agent is installed.
Java agents audit logs /path/to/agent/agent_type/agent_instance/logs/audit directory where the agent is installed.
Java agents install logs /path/to/agent/installer-logs directory where the agent is installed.
Validator log (validate_xx.log) - Agents 5.5 and later  /path/to/agent/log directory where the agent is installed.

DS logs

The following logs are available:

Log type Location
Embedded DS logs (access, errors and replication) /path/to/openam/opends/logs 
External DS logs (access, errors and replication) /path/to/ds/logs directory where DS is installed.
SSL debug logs (server.out) /path/to/ds/logs directory where DS is installed

IDM logs

The following logs are available:

Log type Location
IDM log (openidm0.log.n) /path/to/idm/logs 
IDM audit logs /path/to/idm/audit 
Jetty® Request logs /path/to/idm/logs 
DS password sync plugin /path/to/ds/logs directory where DS is installed.
Active Directory® password sync plugin (idm.log) The location is specified in the logPath registry entry under the HKEY_LOCAL_MACHINE\SOFTWARE\ForgeRock\OpenIDM\PasswordSync registry key.

IG logs

The following logs are available:

Log type Location
IG logs $HOME/.openig/logs 
SAML logs $HOME/.openig/SAML/debug 

See Also

How do I collect all the data required for troubleshooting AM and Agents (All versions)?

How do I enable debug logging for troubleshooting Agents (All versions)?

How do I use the Support Extract tool in DS (All versions) to capture troubleshooting data?

How do I generate more detailed debug logs to diagnose an issue in IG (All versions)?

Troubleshooting AM and Agents

Troubleshooting DS

Troubleshooting IDM

Troubleshooting IG

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.
Loading...