Starting with version 8.2, PingFederate only records messages that are tagged with log level INFO, WARN, ERROR, and FATAL to the server log (and the provisioner log). Messages that are tagged DEBUG (or TRACE) are not recorded to optimize performance. Console logging is also disabled for the same reason.

For troubleshooting purpose, you may adjust the log level to DEBUG in the log4j2.xml file and optionally re-enable console logging.
Important:

When debug messages and console logging are no longer required, ensure they are turned off.

  1. Edit the <pf_install>/pingfederate/server/default/conf/log4j2.xml file.
    1. To enable verbose messages, look for Limit categories inside the Loggers element, particularly the five logger names as illustrated in the following snippet.
      ...
      <Loggers>
      
          <!-- ================ -->
          <!-- Limit categories -->
          <!-- ================ -->
      
          ...
          <Logger name="org.sourceid" level="INFO" />
          <Logger name="org.sourceid.saml20.util.SystemUtil" level="INFO" additivity="false">
              <AppenderRef ref="CONSOLE" />
              <AppenderRef ref="FILE" />
          </Logger>
          ...
          <Logger name="com.pingidentity" level="INFO" />
          <Logger name="com.pingidentity.common.util.ErrorHandler" level="INFO" additivity="false">
              <AppenderRef ref="CONSOLE" />
              <AppenderRef ref="FILE" />
          </Logger>
          ...
          <Logger name="com.pingidentity.appserver.jetty.PingFederateInit" level="ERROR" additivity="false" includeLocation="false">
              <AppenderRef ref="CONSOLE" />
          </Logger>
          ...
      </Loggers>
      ...

      Then, update five loggers as follows.

      ...
      <Loggers>
      
          <!-- ================ -->
          <!-- Limit categories -->
          <!-- ================ -->
      
          ...
          <Logger name="org.sourceid" level="DEBUG" />
          <Logger name="org.sourceid.saml20.util.SystemUtil" level="DEBUG" additivity="false">
              <AppenderRef ref="CONSOLE" />
              <AppenderRef ref="FILE" />
          </Logger>
          ...
          <Logger name="com.pingidentity" level="DEBUG" />
          <Logger name="com.pingidentity.common.util.ErrorHandler" level="DEBUG" additivity="false">
              <AppenderRef ref="CONSOLE" />
              <AppenderRef ref="FILE" />
          </Logger>
          ...
          <Logger name="com.pingidentity.appserver.jetty.PingFederateInit" level="INFO" additivity="false" includeLocation="false">
              <AppenderRef ref="CONSOLE" />
              <AppenderRef ref="FILE" />
          </Logger>
          ...
      </Loggers>
      ...
      Note:

      In this snippet, console logging is enabled for loggers org.sourceid.saml20.util.SystemUtil, com.pingidentity.common.util.ErrorHandler, and com.pingidentity.appserver.jetty.PingFederateInit.

      It is worth noting that console logging can be resource intensive. If you do not require console logging or prefer to review the server log instead, you can comment out the <AppenderRef ref="CONSOLE" /> entry for these three loggers.

      Tip:

      As needed, you may also update the log level for other loggers.

    2. To enable console logging, look for the Set up the Root logger section; for example:
      ...
      <!-- ======================= -->
      <!-- Set up the Root logger  -->
      <!-- ======================= -->
      ...
      <AsyncRoot level="INFO" includeLocation="false">
          <!-- <AppenderRef ref="CONSOLE" /> -->
          <AppenderRef ref="FILE" />
      </AsyncRoot>

      Then, update as follows.

      ...
      <!-- ======================= -->
      <!-- Set up the Root logger  -->
      <!-- ======================= -->
      ...
      <AsyncRoot level="INFO" includeLocation="false">
          <AppenderRef ref="CONSOLE" />
          <AppenderRef ref="FILE" />
      </AsyncRoot>
      Important:

      When console logging is no longer required, comment out the <AppenderRef ref="CONSOLE" /> entry for the AsyncRoot logger.

  2. Save any changes made.
    In a clustered PingFederate environment, repeat these steps on each applicable node.

Changes, such as adding a Logger or adjusting log levels, are activated within half a minute. No restart of PingFederate is required.