---
title: Creating an error-only server log
description: This section describes an approach for modifying your log4j2.xml file, which can be sent to a security information and event management (SIEM) tool, such as Splunk. You can configure alerts to send notifications when such events occur, or to improve the monitoring of these events.
component: pingfederate
version: 13.0
page_id: pingfederate:pingfederate_monitoring_guide:pf_create_error_only_server_log
canonical_url: https://docs.pingidentity.com/pingfederate/13.0/pingfederate_monitoring_guide/pf_create_error_only_server_log.html
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Creating an error-only server log

This section describes an approach for modifying your `log4j2.xml` file, which can be sent to a security information and event management (SIEM) tool, such as Splunk. You can configure alerts to send notifications when such events occur, or to improve the monitoring of these events.

## About this task

We recommend using the `server.log` file for error-level messages. Even when levels are down to a minimum, the server log generates large amounts of information in an active production environment. As an alternative, you can set up a specific log to log only `ERROR` and higher.

To change your `log4j2.xml` file to enable a separate log file:

## Steps

1. Create an appender.

   The easiest way to create an appender is to copy an existing one as a base. In the following example, the `RollingFile` is the same one that the `server.log` file uses. Bold text identifies items that have been changed.

   ```
   <!-- Error Only Main Log : A size based file rolling appender -->
   <RollingFile name="FILEERR"  fileName="${sys:pf.log.dir}/server.error.log"
            	filePattern="${sys:pf.log.dir}/server.error.log.%i" ignoreExceptions="false">
   	<PatternLayout>
       	<!-- Uncomment this if you want to use UTF-8 encoding instead
           	of system's default encoding.
       	<charset>UTF-8</charset> -->
       	<pattern>%d %X{trackingid} %-5p [%c] %m%n</pattern>
   	</PatternLayout>
   	<Policies>
       	<SizeBasedTriggeringPolicy
               	size="10000 KB" />
   	</Policies>
   	<DefaultRolloverStrategy max="5" />
   </RollingFile>
   ```

2. At the end of your `log4j2.xml` file, set the appender that you created in the previous step for `AsyncRoot`.

   ```
   <AsyncRoot level="INFO" includeLocation="false">
   	<!-- <AppenderRef ref="CONSOLE" /> -->
   	<AppenderRef ref="FILE" />
   	 <AppenderRef ref="FILEERR" level="ERROR" />
   </AsyncRoot>
   ```

   In this example, the `level` attribute indicates the level of messages that are sent to the log file.

3. Remove the attribute `additivity="false"` from all other loggers that contain a reference to the `File` appender.

   ```
   Logger name="org.sourceid.saml20.util.SystemUtil" level="INFO" additivity="false">
   	<!--<AppenderRef ref="CONSOLE" /> -->
   	<AppenderRef ref="FILE" />
   ```

   Becomes:

   ```
   <Logger name="org.sourceid.saml20.util.SystemUtil" level="INFO" >
   	<!--<AppenderRef ref="CONSOLE" /> -->
   	<AppenderRef ref="FILE" />
   ```

4. Make this change on all nodes within the cluster.

   |   |                                                                                                                        |
   | - | ---------------------------------------------------------------------------------------------------------------------- |
   |   | To expedite this step, we recommend creating a base file with the appropriate changes and copying it to all the nodes. |

5. Restart PingFederate.