How to Enable AFX Connector Debug Logging in RSA Identity Governance & Lifecycle
Originally Published: 2016-06-27
Article Number
Applies To
- Product: RSA Identity Governance & Lifecycle
- Versions: 7.x, 8.x
- Component: AFX Server, AFX Connectors
- Logging Framework: log4j (
log4j.xml) - Operating System: Linux
- Required User:
afxuser
Issue
RSA Support may ask you to enable connector-specific DEBUG logging when troubleshooting AFX connector failures or unexpected provisioning behavior. By default, AFX connectors log at the INFO level, which may not capture enough detail to diagnose connector-specific issues. Enabling DEBUG logging increases the verbosity of the connector-specific log file, providing RSA Support with the data needed to identify the root cause.
NOTE: This article applies to versions 7.x and 8.x.
Prerequisites:
- SSH access to the AFX server as the
afxuser. - The connector name as it appears in the AFX log file — this may differ from the display name shown in the RSA Identity Governance & Lifecycle UI under AFX > Connectors.
Log output for connector-specific issues is logged to a connector-specific AFX log file of the format:
Version 7.x
$AFX_HOME/mule/logs/mule.AFX-CONN-<connector_name>.log
Version 8.x
$AFX_HOME/esb/logs/mule.AFX-CONN-<connector_name>.log
NOTE: The connector_name is the name of the connector which correlates to a name column in an internal database table. This name may or may not be the same as the display name seen in the RSA Identity Governance & Lifecycle user interface under AFX > Connectors.
Resolution
In version 8.x:
Please replace "mule" with "esb", for example:
$AFX_HOME/mule/apps/AFX-CONN-Active_DirectoryConnector/classes
to be
$AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnector/classes
Please apply this to the rest of the commands in the KB if you are on 8.x
NOTE: The steps below use Active Directory Connector as an example connector name.
Replace
Active_DirectoryConnector with your actual connector name throughout.The connector log file name follows the format:
$AFX_HOME/mule/logs/mule.AFX-CONN-<connector_name>.log - Edit the $AFX_HOME/mule/apps/AFX-CONN-<connector_name>/classes/log4j.xml file to change the log level from INFO to DEBUG. In this example the filename is: $AFX_HOME/mule/apps/AFX-CONN-Active_DirectoryConnector/classes/log4j.xml.
cd $AFX_HOME/mule/apps/AFX-CONN-Active_DirectoryConnector/classes vi log4j.xml
Version 8.x
cd $AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnector/classes vi log4j.xml
- Edit the .xml using the following syntax:
<logger name="org.mule.api.processor.LoggerMessageProcessor"> <!-- <level value="INFO"/> --> <level value="DEBUG"/> </logger>
Version 8.x:
<!--Log level updated based upon connector log level from UI-->
<AsyncLogger level="INFO" name="com.aveksa"/>
<AsyncLogger level="INFO" name="org.mule.component.ComponentLifecycleManager"/>
<AsyncLogger level="DEBUG" name="org.mule.runtime.core.internal.processor.LoggerMessageProcessor"/>
- For the changes to take effect immediately, touch the file $AFX_HOME/mule/apps/AFX-CONN-<connector_name>/mule-config.xml file. In this example the file location is: $AFX_HOME/mule/apps/AFX-CONN-Active_DirectoryConnector/mule-config.xml.
cd $AFX_HOME/mule/apps/AFX-CONN-Active_DirectoryConnector touch mule-config.xml
Version 8.x:
cd $AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnector touch AFX-CONN-Active_DirectoryConnector.xml
WARNING: Do NOT restart the AFX server or edit the AFX connector in the user interface, as these actions will override the debug settings just made.
- The next time you use the connector (or test the connector capabilities), you will see the debug output in the $AFX_home/mule/logs/mule.AFX-CONN-<connector_name>.log.
For example, $AFX_HOME/mule/logs/mule.AFX-CONN-Active_DirectoryConnector.log.
Notes
- Debug Log Output Example: When DEBUG logging is enabled and the connector is triggered, you will see detailed XML payloads in the connector log file. The key DEBUG line to look for is:
2019-10-21 15:13:28.327 [DEBUG] org.mule.api.processor.LoggerMessageProcessor:121 - XML Payload from JMSThe full XML payload will contain the request verb, parameters, and response status. A successful response includes
<brief>Success</brief>. Example (sanitized):<verb name="AddAccountToGroup"> <parameters> <parameter name="Account">CN=John Doe,OU=Example Users,DC=example,DC=com</parameter> <parameter name="Group">CN=ExampleGroup,OU=Example Users,DC=example,DC=com</parameter> </parameters> </verb> <Response> <status> <code>0</code> <brief>Success</brief> </status> </Response> - Connector Name vs. Display Name: The
<connector_name>used in file paths may differ from the display name shown in the UI under AFX > Connectors. To find the correct connector name, check the existing log files in$AFX_HOME/mule/logs/for a file matching the formatmule.AFX-CONN-<connector_name>.log. - Articles for Other Versions:
- For versions 7.0.1 through 7.5.0: See How to Enable AFX Connector Debug Logging in RSA Identity Governance & Lifecycle (Versions 7.0.1–7.5.0) — covers the
$AFX_HOME/esb/path structure used in later versions. - For version 7.5.2: See How to Enable AFX Connector Debug Logging in RSA Governance & Lifecycle (Version 7.5.2) — covers debug logging in the 7.5.2 release.
- For versions 7.0.1 through 7.5.0: See How to Enable AFX Connector Debug Logging in RSA Identity Governance & Lifecycle (Versions 7.0.1–7.5.0) — covers the
- Search Keywords: AFX debug logging, AFX connector troubleshooting, log4j.xml, mule-config.xml, INFO to DEBUG, connector log, mule.AFX-CONN, $AFX_HOME, provisioning failure, AFX connector not working.
