Debug logging is extremely useful and informative for troubleshooting RSA Identity Governance & Lifecycle AFX connectors. This article describes the steps to enable AFX connector debug logging in RSA Identity Governance & Lifecycle version 7.0.1 and higher.
There is quite a bit of logging output into the following AFX logs but it generally does not provide the level of detail required to troubleshoot a specific AFX connector. These logs are:
Log output for connector-specific issues is logged to a connector-specific AFX log file of the format:
The information logged to these connector-specific log files can be very useful when troubleshooting specific AFX connector issues. The amount of logging that is written to these connector-specific logs is controlled by two flags: INFO and DEBUG. By default the INFO flag is enabled. To log additional data to a connector-specific log file, the DEBUG flag can be enabled.
NOTE: The connector_name is the name of the connector which correlates to a name column in an internal database table. This name may or may not be the same as the display name seen in the RSA Identity Governance & Lifecycle user interface under AFX > Connectors.
To enable connector-specific debug logging, perform the following steps as the afx user. In this example, the display name of the connector name is Active Directory Connector and the name of the connector log file is $AFX_HOME/esb/logs/esb.AFX-CONN-Active_DirectoryConnector.log.
Edit the $AFX_HOME/esb/apps/AFX-CONN-<connector_name>/classes/log4j.xml file to change the log level from INFO to DEBUG. In this example the filename is: $AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnector/classes/log4j.xml.
cd $AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnector/classesvi log4j.xml
For the changes to take effect immediately, touch the file $AFX_HOME/esb/apps/AFX-CONN-<connector_name>/mule-config.xml file. In this example the file location is: $AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnector/mule-config.xml.
cd $AFX_HOME/esb/apps/AFX-CONN-Active_DirectoryConnectortouch mule-config.xml
WARNING: Do NOT restart the AFX server or edit the AFX connector in the RSA Identity Governance & Lifecycle user interface, as these actions will override the debug settings just made.
The next time you use the connector (or test the connector capabilities), you will see the debug output in the $AFX_home/esb/logs/esb.AFX-CONN-<connector_name>.log. For example, $AFX_HOME/esb/logs/esb.AFX-CONN-Active_DirectoryConnector.log.