The preferred way of changing logging settings is changing application parameters by editing the properties file instances/<instance-name>/instance.properties or using the corresponding environment variables. The logging parameters all start with "iam.log".
To get a list of all available parameters, you may run the following command:
iam default-parameters
Property | Environment Variable | Description |
|---|---|---|
iam.log.level | IAM_LOG_LEVEL | Log level used for enabled application modules. Possible values: DEBUG, INFO, WARN, ERROR |
iam.log.structured-stdout.enabled | IAM_LOG_STRUCTURED_STDOUT_ENABLED | Set to "true" or "false" to enable or disable log outputs/appenders. The default values for these are "false", but instances created with IAM 7.1 or later have the following presets in "instance.properties":
(To restore behavior to pre 7.1 defaults, set "iam.log.main.enabled=true". Previously created instances are unaffected due to configured appenders in the log4j config files.) |
iam.log.structured-stdout.* | IAM_LOG_STRUCTURED_STDOUT_* | Configuration parameters for corresponding log outputs/appenders. |
iam.log.elasticsearch.url | IAM_LOG_ELASTICSEARCH_URL | Send structured log records from the local log file in "iam.structured-file.dir" to elasticsearch. I.e. for reporting. |
Similar parameters exist to configure web server and access logs. Look for parameters beginning with "iam.web-server.log" and "iam.web-server.access-log" respectively.
The extended Log4j 2 configuration options described on the bottom of this page are not available for web server and access logs.
iam default-parameters | grep -C 2 'iam.web-server.log' iam default-parameters | grep -C 2 'iam.web-server.access-log'
By default, the audit logger uses the "IAM-AUDIT" appender to write log messages into the "medusa-audit.log" file, in addition to logging into the usual log files. See Generating Airlock IAM log output for a list of all log files.
Audit log messages can be digitally signed to ensure authenticity and integrity. To enable signing set the "iam.audit-log.signing.enabled" parameter to "true".
iam default-parameters | grep -C 2 'iam.audit-log.signing.enabled'
Enabling audit log signing can significantly reduce the parallel throughput of Airlock IAM operations, which can negatively impact performance. It is therefore recommended to run load tests before deploying IAM instances with audit log signing enabled.