---
title: Creating an error-only server log
description: Modify your log4j2.xml file to set up a specific log to log only ERROR-level and higher notifications.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_monitoring_guide:pa_creating_an_error_only_server_log
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_monitoring_guide/pa_creating_an_error_only_server_log.html
revdate: January 12, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  example: Example:
---

# Creating an error-only server log

Modify your `log4j2.xml` file to set up a specific log to log only `ERROR`-level and higher notifications.

## About this task

Monitor the `pingaccess.log` file for `ERROR`-level messages. You can configure alerts to send notifications when events occur and to improve the monitoring of these events. Even when levels are down to a minimum, the server log generates large amounts of information in an active production environment. You can set up a specific log to log only `ERROR`-level and higher alerts, which can be sent to a security information and event management (SIEM) tool, such as Splunk, when they occur.

To change your `log4j2.xml` file to enable a separate log file:

## Steps

1. Create an appender.

   |   |                                                                                     |
   | - | ----------------------------------------------------------------------------------- |
   |   | The simplest way to create an appender is to copy an existing one to use as a base. |

   In the following example, the `RollingFile` is the same one that the `pingaccess.log` file uses. The bold text identifies items that have been changed.

   ```
   <!-- Error Only Main Log : A size based file rolling appender -->
   <RollingFile name="FILEERR"
            	fileName="${sys:pa.home}/log/pingaccess.error.log"
            	filePattern="${sys:pa.home}/log/pingaccess.error.log.%i"
            	ignoreExceptions="false">
   	<PatternLayout>
       	<!-- Uncomment this if you want to use UTF-8 encoding instead of system's default encoding. -->
       	<!--
       	<charset>UTF-8</charset>
       	-->
       	<!--
           	To Activate location information uncomment the following pattern,
           	comment out the current pattern and set "includeLocation" to true
           	in "com.pingidentity" async logger.
       	-->
       	<!--
       	<pattern>%d{ISO8601} %5p [%X{exchangeId}] %c:%L - %m%n</pattern>
       	-->
       	<pattern>%d{ISO8601} %5p [%X{exchangeId}] %c - %m%n</pattern>
   	</PatternLayout>
   	<Policies>
       	<SizeBasedTriggeringPolicy size="100000 KB"/>
   	</Policies>
   	<DefaultRolloverStrategy max="10"/>
   </RollingFile>
   ```

2. Set the appender that you created in step 1 for `AsyncRoot` at the end of your `log4j2.xml` file.

   The following example shows the necessary changes. In this example, the `level` attribute indicates the level of messages that are sent to the log file.

   ```
   <!-- Root Logger-->
   <AsyncRoot level="INFO" includeLocation="false" >
   	<AppenderRef ref="File"/>
   	<AppenderRef ref="FILEERR" level="ERROR"/>
   </AsyncRoot>
   ```

3. Remove the attribute `additivity="false"` from all other loggers that contain a reference to the `File` appender.

   ### Example:

   ```
   <AsyncLogger name="com.pingidentity" level="DEBUG" additivity="false"
             includeLocation="false">
   ```

   **Becomes:**

   ```
   <AsyncLogger name="com.pingidentity" level="DEBUG"
           includeLocation="false">
   ```

4. Restart the PingAccess server.

5. If you have a clustered environment, perform steps 1-4 on all nodes within the cluster.

   |   |                                                                                                      |
   | - | ---------------------------------------------------------------------------------------------------- |
   |   | To expedite this step, create a base file with the appropriate changes and copy it to all the nodes. |