SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000068052
Applies To
SecurID Governance & Lifecycle 7.5.2
Issue
Debug logging is extremely useful and informative for troubleshooting RSA Identity Governance & Lifecycle AFX connectors. This article describes the steps to enable AFX connector debug logging in SecurID Governance & Lifecycle version 7.5.2.
There is quite a bit of logging output into the following AFX logs but it generally does not provide the level of detail required to troubleshoot a specific AFX connector. These logs are:
The information logged to these connector-specific log files can be very useful when troubleshooting specific AFX connector issues. The amount of logging that is written to these connector-specific logs is controlled by two flags: INFO and DEBUG. By default the INFO flag is enabled. To log additional data to a connector-specific log file, the DEBUG flag can be enabled.
There is quite a bit of logging output into the following AFX logs but it generally does not provide the level of detail required to troubleshoot a specific AFX connector. These logs are:
- $AFX_HOME/esb/logs/mule_ee.log
- $AFX_HOME/esb/logs/esb.AFX-MAIN.log
$AFX_HOME/esb/logs/esb.AFX-CONN-<connector_name>.log
The information logged to these connector-specific log files can be very useful when troubleshooting specific AFX connector issues. The amount of logging that is written to these connector-specific logs is controlled by two flags: INFO and DEBUG. By default the INFO flag is enabled. To log additional data to a connector-specific log file, the DEBUG flag can be enabled.
NOTE: The connector_name is the name of the connector which correlates to a name column in an internal database table. This name may or may not be the same as the display name seen in the SecurID Governance & Lifecycle user interface under AFX > Connectors.
Resolution
To enable connector-specific debug logging, perform the following steps:
- Go to AFX > Connectors
- Choose the desired connector (for example: Active Directory Connector)
- Click on Edit Log Settings
- Change the root logger from INFO to DEBUG
Image description
- Press OK.
Note: Do not forget to reset the debug logging back to INFO to avoid flooding the logs.
To enable debug logging pre-7.0.1, please see RSA Knowledge Base Article 000033429 -- How to turn on debug logging to troubleshoot AFX connectors in versions 7.0.0, 6.9.1 and 6.8.1 of RSA Identity Governance & Lifecycle .
To enable debug logging in 7.0.1 through 7.5.0, please see RSA Knowledge Base Article 000053328 -- How to turn on debug logging to troubleshoot AFX connectors in versions 7.0.1 through 7.5.0 of RSA Identity Governance & Lifecycle
Notes
Here is an example of adding an account to an AD group with debug enabled.
2019-10-21 15:13:28.327 [DEBUG] org.mule.api.processor.LoggerMessageProcessor:121 - XML Payload from JMS:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Envelope xmlns="http://aveksa.com/afx/messages/primary">;
<Header>
<version>1.0</version>
<appid>ACM</appid>
<crid>13</crid>
<type>response</type>
<callback>NA</callback>
<afxid>66132122-4890-4fa0-93f7-d9f11b7c1898</afxid>
<async-callback>false</async-callback>
<async-callback-url>http://localhost:8089/callback/66132122-4890-4fa0-93f7-d9f11b7c1898</async-callback-url>;
<testmessage>false</testmessage>
</Header>
<Body>
<Request timestamp="2019-10-21T15:13:20.674-04:00" id="1">
<epid>Active_DirectoryConnector</epid>
<verb name="AddAccountToGroup">
<parameters>
<parameter name="Account">CN=Book\, Rita,OU=SE,OU=vcloud Users,DC=2k8r2-vcloud,DC=local</parameter>
<parameter name="Group">CN=G1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local</parameter>
</parameters>
</verb>
<Response timestamp="2019-10-21T15:13:28.299-04:00">
<status>
<code>0</code>
<brief>Success</brief>
<detailed></detailed>
</status>
</Response>
</Request>
</Body>
</Envelope>In this article
