Enabling debug logging - PingOne - PingOne Services - PingOne Cloud Platform

PingOne Protect Integration Kit
bundle
pingfederate-pingone-protect-ik
ft:publication_title
PingOne Protect Integration Kit
Product_Version_ce
PingOne
PingOne Services
PingOne Cloud Platform
category
Administrator
Audience
ContentType
English
Integration
Language
OtherDocs
Product
Productdocumentation
integrationdoc
p1
p1cloudplatform
p1protect
p1services
ContentType_ce
Integration
Product documentation

To help with troubleshooting or monitoring, you can turn on activity logging for PingFederate, the PingOne Protect IdP Adapter, or both.

This task is optional. You can use logging for troubleshooting or analytics.

For general information about logging, see Enabling debug messages and console logging in the PingFederate documentation.

  1. Open the <pf_install>/pingfederate/server/default/conf/log4j2.xml file for editing.
  2. To log activity for PingFederate and all adapters:
    1. Find the following section in the file: 
      <AsyncRoot level="INFO" includeLocation="false">
	<!-- <AppenderRef ref="CONSOLE" /> -->
	<AppenderRef ref="FILE" />
</AsyncRoot>
    2. Change INFO to DEBUG.

      The following code snippet shows DEBUG in bold for visibility:

      <AsyncRoot level="DEBUG" includeLocation="false">
	<!-- <AppenderRef ref="CONSOLE" /> -->
	<AppenderRef ref="FILE" />
</AsyncRoot>
    3. Optional: To see the adapter activity in the console and the log file, remove the comment tags (<!-- and -->) that surround the CONSOLE line: 
      <AsyncRoot level="INFO" includeLocation="false">
	<AppenderRef ref="CONSOLE" />
	<AppenderRef ref="FILE" />
</AsyncRoot>
  3. To log activity relating to the PingOne Protect IdP Adapter, do one of the following.
    Tip:

    You can use this information with a third-party log analysis tool to monitor for important events, such as when a sign-on event has a high-risk risk evaluation.

    • To log activity for the PingOne Protect IdP Adapter and its HTTPS and component activity, add the following line:
      <Logger name="com.pingidentity.adapters.pingone.risk" level="DEBUG"/>
    • To log activity for the adapter's HTTPS activity and other components but not the adapter itself, add the following line:
      <Logger name="com.pingidentity.adapters.pingone.risk.shade" level="DEBUG"/>
    • To log activity for the PingOne Protect IdP Adapter but not its HTTPS or component activity, add the following lines:
      <Logger name="com.pingidentity.adapters.pingone.risk" level="DEBUG"/>
<Logger name="com.pingidentity.adapters.pingone.risk.shade" level="INFO"/>
  4. Save the file.