|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle |
RSA Version/Condition: 7.0.1, 7.0.2, 7.1.x
|Issue||Debug logging is extremely useful and informative for troubleshooting RSA Identity Governance & Lifecycle AFX connectors. This article describes the steps to enable AFX connector debug logging in RSA Identity Governance & Lifecycle version 7.0.1 and higher.|
There is quite a bit of logging output into the following AFX logs but it generally does not provide the level of detail required to troubleshoot a specific AFX connector. These logs are:
The information logged to these connector-specific log files can be very useful when troubleshooting specific AFX connector issues. The amount of logging that is written to these connector-specific logs is controlled by two flags: INFO and DEBUG. By default the INFO flag is enabled. To log additional data to a connector-specific log file, the DEBUG flag can be enabled.
NOTE: The connector_name is the name of the connector which correlates to a name column in an internal database table. This name may or may not be the same as the display name seen in the RSA Identity Governance & Lifecycle user interface under AFX > Connectors.
To enable connector-specific debug logging, perform the following steps as the afx user. In this example, the display name of the connector name is Active Directory Connector and the name of the connector log file is $AFX_HOME/esb/logs/esb.AFX-CONN-Active_DirectoryConnector.log.
WARNING: Do NOT restart the AFX server or edit the AFX connector in the RSA Identity Governance & Lifecycle user interface, as these actions will override the debug settings just made.
To enable debug logging pre-7.0.1, please see RSA Knowledge Base Article 000033429 -- How to turn on debug logging for RSA Identity Governance & Lifecycle AFX connectors in 7.0.0, 6.9.1 and 6.8.1.
|Notes||Here is an example of adding an account to an AD group with debug enabled.|