Enabling debug logging
To help with troubleshooting or monitoring, you can turn on activity logging for PingFederate, the Azure AD Identity Protection IdP Adapter, or both.
About this task
This task is optional. You can use logging for troubleshooting or analytics.
Learn more about logging in Enabling debug messages and console logging in the PingFederate documentation.
Steps
-
Open the
<pf_install>/pingfederate/server/default/conf/log4j2.xml
file for editing. -
To log activity for PingFederate and all adapters:
-
Find the following section in the file.
<AsyncRoot level="INFO" includeLocation="false"> <!-- <AppenderRef ref="CONSOLE" /> --> <AppenderRef ref="FILE" /> </AsyncRoot>
-
Change
INFO
toDEBUG
.The following code snippet shows
DEBUG
in bold for visibility.<AsyncRoot level="DEBUG" includeLocation="false"> <!-- <AppenderRef ref="CONSOLE" /> --> <AppenderRef ref="FILE" /> </AsyncRoot>
-
Optional: To see the adapter activity in the console and the log file, remove the comment tags (
<!--
and-->
) that surround theCONSOLE
line.<AsyncRoot level="INFO" includeLocation="false"> <AppenderRef ref="CONSOLE" /> <AppenderRef ref="FILE" /> </AsyncRoot>
-
-
If you want to log activity relating to the Azure AD Identity Protection IdP Adapter, do one of the following:
You can use this information with a third-party log analysis tool to monitor for important events, such as when a sign-on event has a high-risk Result.
Choose from:
-
To log activity for the Azure AD Identity Protection IdP Adapter and for its HTTPS and component activity, add the following line.
<Logger name="com.pingidentity.adapters.azure.ad.identity.protection" level="DEBUG"/>
-
To log activity for the adapter’s HTTPS activity and other components, but not for the adapter itself, add the following line.
<Logger name="com.pingidentity.adapters.azure.ad.identity.protection.shade" level="DEBUG"/>
-
To log activity for the Azure AD Identity Protection IdP Adapter, but not for its HTTPS or component activity, add the following lines.
<Logger name="com.pingidentity.adapters.azure.ad.identity.protection" level="DEBUG"/> <Logger name="com.pingidentity.adapters.azure.ad.identity.protection.shade" level="INFO"/>
-
-
Save the file.