How to Restore Custom Per-Environment Log Segregation in IGA V15 (Replicating V14.5 Logging)

Products

CA Identity Manager

Issue/Introduction

This Knowledge Article details the procedure to restore a custom logging configuration that separates logs for specific custom code packages - a setup typically achieved in IGA V14.5 but blocked by the V15 architectural changes.

In Identity Governance and Administration (IGA) Version 15, a customer's prior custom logging configuration, which provided per-environment log isolation for custom Business Logic Thread (BLTH) debug information, is no longer functional.

The previous configuration relied on manually editing the `logging.properties` and `standalone-full-ha.xml` files to define custom log handlers and loggers. In V15, the new YAML configuration architecture automatically reverts any manual changes made to these traditional configuration files, preventing the custom log segregation.

Environment

Product: Identity Governance and Administration (IGA) / Identity Manager
Version: 15.0.0 Fix Pack 4 or later is required for the solution (Issue observed on 15.0.0-22 FixPack 2).
Application Server: JBOSS 8.1 / Wildfly 34
Operating System: RHEL 9

Cause

The loss of functionality stems from an architectural change in V15: the system no longer permits manual edits to core configuration files (logging.properties and standalone-full-ha.xml) as these are now managed by a YAML-based system that overwrites external changes.

In V14.5, log segregation was achieved by:

- Defining PeriodicRotatingFileHandler entries in logging.properties (e.g., handler.IMEnvironmentName1) pointing to unique log files (e.g., IMEnviroronmentName1.log).
- Declaring these handlers in standalone-full-ha.xml and associating them with specific custom logger categories (e.g., com.BLTH1_IMEnvironmentName1 using use-parent-handlers="false"` to ensure isolation.

Resolution

The Custom Logging feature, introduced in IGA V15.0.0 Fix Pack 4, can be used to replicate the V14.5 per-environment log segregation by utilizing a custom log4j.xml file. This approach defines custom Appenders and Loggers for the desired isolation.

The custom logging configuration overrides the Log Rotation setting defined under the Logging tab of the Identity Manager service configuration page in the IGA Xpress Console.

Additional Information

IMPORTANT DISCLAIMER

Broadcom Support is not responsible for customer customizations, including modifications to logging configurations. The client is responsible for creating, testing, and maintaining their own custom code, such as the modifications made to the log4j.xml file. The sample configuration provided under Additional Information is for reference only. Broadcom Support will not assist the client in creating or changing these customizations as this is not part of Broadcom Support duties.

- Reversion

To revert the custom logging configuration, remove the `log4j.xml` file from the /opt/brcm/iga/conf/idm/other directory and restart the Identity Manager service.

Implementation Steps: Configuring Custom Logging

The following steps outline how to set up the Custom Logging feature and modify the configuration to replicate the V14.5 segregated logging functionality.

1. Enable Custom Logging

a. Copy the `log4j_jboss.xml` file from:
/opt/brcm/iga/inst/idm/iam_im.ear/config/com/netegrity/config
b. Paste and rename the copied file in the custom configuration directory:
/opt/brcm/iga/conf/idm/other/log4j.xml

2. Customize the `log4j.xml` File

Edit the new `log4j.xml` file to add the custom Appenders and Loggers required for segregation.

A. Insert Custom Appenders:

Add custom <RollingFile> Appenders within the main <Appenders> section of the log4j.xml file. These definitions translate the V14.5 PeriodicRotatingFileHandler entries by specifying the log file name and rotation policy:

(Xml file stretch)

<RollingFile fileName="${LogFileDir}/IMEnvironment1RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment1RollingLogger.log.%d{yyyy-MM-dd}" name="IMEnvironmentName1RollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>
<RollingFile fileName="${LogFileDir}/IMEnvironment2RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment2RollingLogger.log.%d{yyyy-MM-dd}" name="IMEnvironmentName2RollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>
<RollingFile fileName="${LogFileDir}/IMEnvironment3RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment3RollingLogger.log.%d{yyyy-MM-dd}" name="IMEnvironmentName3RollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>
<RollingFile fileName="${LogFileDir}/IMEnvironment4RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment4RollingLogger.log.%d{yyyy-MM-dd}" name="IMEnvironmentName4RollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>
<RollingFile fileName="${LogFileDir}/IMEnvironment5RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment5RollingLogger.log.%d{yyyy-MM-dd}" name="IMEnvironmentName5RollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>
<RollingFile fileName="${LogFileDir}/IMEnvironment6RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment6RollingLogger.log.%d{yyyy-MM-dd}" name="ProviderRollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>
<RollingFile fileName="${LogFileDir}/IMEnvironment7RollingLogger.log" filePattern="${LogFileDir}/IMEnvironment7RollingLogger.log.%d{yyyy-MM-dd}" name="EmployeeRollingLogger">
<PatternLayout>
<pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %m%ex%n</pattern>
<charset>UTF-8</charset>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy interval="1" modulate="true"/>
</Policies>
</RollingFile>

B. Insert Custom Loggers

Add custom <logger> entries within the <Loggers> section of the log4j.xml file. These loggers map the custom code packages (e.g., com.myclass.BLTH.IMEnvironmentName1) to the new Appenders, using additivity="false" to ensure messages are written only to the custom log file and not inherited by the root logger.

<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH">
<AppenderRef ref="CommonRollingLogger"/>
</logger>
<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH.IMEnvironment1">
<AppenderRef ref="IMEnvironment1RollingLogger"/>
</logger>
<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH.IMEnvironment2">
<AppenderRef ref="IMEnvironment2RollingLogger"/>
</logger>
<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH.IMEnvironment3">
<AppenderRef ref="IMEnvironment3RollingLogger"/>
</logger>
<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH.IMEnvironment4">
<AppenderRef ref="IMEnvironment4RollingLogger"/>
</logger>
<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH.IMEnvironment5">
<AppenderRef ref="IMEnvironment5RollingLogger"/>
</logger>
<logger additivity="false" level="INFO" name="com.mycustomclass.IDM.BLTH.IMEnvironment6">
<AppenderRef ref="IMEnvironment6RollingLogger"/>
</logger>