Generating Airlock IAM log output

The following table shows what information is written into the corresponding log file:

Log Output




All Airlock IAM application module log output in structured JSON Lines format.

This format is ideal for machine interpretation but should also be human-readable.



Airlock IAM offers direct integration using the Elasticsearch search engine. See Processing Airlock IAM log output.

The structured log files are used as the basis of this Feature.


All log output of an Airlock IAM application module in traditional log format pattern.


User Trail

High-level information on user actions (e.g. login processes, password change, admin action on user).

  • For Airlock IAM up to 7.7, this log file is written by all IAM modules.
  • User trail logging into the medusa-usertrail.log file is outdated. New Airlock IAM installations of 8.0 and later log into a database by default. This also applies to upgraded installations where the configuration migration was successful.

See: Logging configuration example

medusa-usertrail.log / user trail database

Audit Log

Technical information on all actions required for non-repudiation. Every log line can be digitally signed. The audit log format is proprietary. Audit log signing is disabled by default. 
See: Logging configuration


Web Server Log

Web server log output; usually during start-up/shut-down.

In some cases, fatal errors can be found in this file, which is useful for troubleshooting.

Because of technical limitations, web server log files are configured separately from the application log files and log rotation may behave differently.
See: Logging configuration


Access Log

Records all incoming requests. By default, the common log format is used, which closely matches the standard log format of the Apache web server.


Parseable logs

Parseable logs are in an internal format and are used by the Adminapp to display log information. They may change without notice.


REST request logs from Exit Filter

Note that INFO level for all REST requests.

  • The log lines contain the following information:
  • Request URL (including REST resource path)
  • HTTP response status
  • Request processing time
  • Standard log attributes (log level, session ID, request ID, etc.

Example logline of password check in the Loginapp:

Exiting GET [status=200, elapsed=313ms]
Level: INFO Session: 577211487140867760 Request: 494275672497342264 IP: