Scribd
Upload
31 views30 pages

Tools, Debugging and Troubleshooting

Uploaded by

Saeed Nashar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views30 pages

Tools, Debugging and Troubleshooting

Uploaded by

Saeed Nashar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Tools, Debugging and Troubleshooting

Fundamentals of IdentityIQ Implementation


Overview
Tools, Debugging and Troubleshooting
• Factors in Successful Troubleshooting & Resolution
• IdentityIQ Tools
• Logging, Options & Configuration
• IdentityIQ Console
• Debug Page
• Administrator Console
• Java Development Kit (JDK)
• jConsole

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 2


Factors in Successful Troubleshooting
• Detail-Oriented
• Small inconsistencies can often cause large headaches.
Infamous quote “I thought I could just ignore…”
• Take detailed notes, follow documentation steps carefully
• System Familiarity
• Knowing about IdentityIQ and what is going on can make a huge difference in determining
causes of issues.
• Training and time spent with the product.
• Methodical Testing
• Repeatable testing is the only way to guarantee success.
• Don’t change more than one variable at a time when testing
• Environmental Awareness
• Keeping aware of the happenings on a larger scale (database, application server, JVM) will
help.
• It might not be related to IdentityIQ

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 3


Logging

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 4


Logging
Options
IdentityIQ AppServer
• log4j Logging
• Standard Out (App Server location)
• Email redirection
• Audit configuration
• Syslog logging configuration

IdentityIQ Database

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 5


Log4J Configuration
• Log4J 101
• Logging Levels:
• trace
• debug
• info
• warn
• error
• Configured in log4j.properties file
• Global Configuration
• log4j.rootLogger=error,file (change error to other level for global log4j changes)
• Logging Configuration per Class
• Uncomment out Class Logger names to enable.
• Disabled:
• #log4j.logger.sailpoint.api.Aggregator=debug
• Enabled:
• log4j.logger.sailpoint.api.Aggregator=debug
• Changing Logging Levels for individual classes
• Append Logging Level to end of Class Logger
• log4j.logger.sailpoint.Aggregator=<logging level>

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 6


Log4J Configuration
• Update the log4j properties file
• <install dir>/WEB-INF/classes/log4j.properties
• Reload or change log file via Debug Page – preferred method
• Multiple log4j files for different purposes
• Optionally, bounce application server
to reload
• Warning: this will stop IdentityIQ

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 7


Log4J Example
• Inside of rule
log.error(“This is an error message”);
log.warn(“This is a warn message”);
log.info(“This is an info message”);
log.debug(“This is a debug message”);
log.trace(“This is a trace message”);

• What gets printed into log file if log level is set to “info”?

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 8


Standard Out logging
• Standard Out
• Usage: System.out.println(“I’m logging this message.”);
• Standard Out logging is NOT a best practice
• Do not use in production
• Not as useful as log4J since these messages are always printed no matter what
• Useful for quick and dirty debugging
• Configuration
• App server configuration determines where to send this information

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 9


Email Logging
• Can redirect emails to file for testing, debugging, and troubleshooting

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 10


Auditing
• Configure
• Gear  Global Settings  Audit Configuration
• View
• Intelligence  Advanced Analytics  Audit Search

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 11


Auditing
Extending

• Add additional classes to AuditConfig • Enable desired option


<AuditClass displayName="Role" name="Bundle"/>
<AuditClass displayName="Certification" name="CertificationGroup"/>
<AuditClass displayName="Access Review" name="Certification"/>
<AuditClass name="Category”/>

Note: Be aware of how much data you will collect

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 12


Syslog – Incident Codes
• When errors occur, an incident code may display in the UI

• Enter incident code to retrieve details


• Intelligence  Advanced Analytics  Syslog Search

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 13


Syslog Log
Configuration
• Default = enabled, with no event deletion
• Set “Days before syslog event deletion” (best practice)
• Typically set to 30 days
• Gear  Global Settings  IdentityIQ Configuration  Miscellaneous

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 14


IdentityIQ Console and
Debug Pages

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 15


IdentityIQ Console
• Command-line driven interface
• Connects directly to database
• Can be used to troubleshoot connectivity problems
• “Quick Glance” view of what is happening
• Some commands are only available via console
• SQL query interface
• Export
• Authentication required to access console
• Exception is spadmin with the admin password

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 16


Console – Connector Debug
• Available via the IdentityIQ Console only
• Iteration Features
• Displays Application Link (Accounts) in XML
• Accounts: connectorDebug <Application> iterate account
• Groups: connectorDebug <Application> iterate group
• Connection Test Feature
• connectorDebug <Application> test
• Also displays associated Rules
• Build Map Rule
• Merge Maps Rule
• Map to Resource Object Rule
• Customization Rule
• Output shows ResourceObjects just prior to Correlation and Creation

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 17


Connector Debug Output
• Output shows final Resource Objects

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 18


Console Demonstration

Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 19
Advanced Configuration and Debugging
IdentityIQ Debug Pages
• Only available to users with System Administrator capability
• Hidden context root for debugging options.
• <IdentityIQ URL>/debug/
• For Example, http://localhost:8080/identityiq/debug/
• Provides Many Features
• Viewing of all XML Objects
• Editing of Raw XML Objects
• Creating and Deleting of Objects
• Access to Configuration
• System Configuration
• UI Configuration
• Memory Usage
• Garbage Collection Methods

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 23


Debug Pages Demonstration

Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 24
Administrator Console

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 27


Administrator Console
• Summary view of provisioning transactions
• Override to convert automated transaction to manual workitem
• Retry to force next attempt for retry-enabled applications
• System Administrator capability required to access console

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 28


Administrator Console
Configuration
• Level of events in log
• Success, Retry, Failure
• Default Log Level = Failure
• Event retention
• Set to non-zero
• Default is no purge

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 29


jConsole

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 30


jConsole
Troubleshooting Application Heap/Memory Usage
• Look for usage patterns
Examples: Increasing memory usage or a spike in CPU or threads

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 31


Knowledge Check

Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 32
Review Discussion
• Which of the following log levels will provide the most detailed information?
• Trace
• Debug
• Info
• Warn
• Error

• True or False
• It is a best practice to use Java println statements for logging.

• When a serious system error occurs, and an incident code is displayed, where would an admin user go to see
details of the error?
• Administrator Console
• Windows Event Viewer
• Advanced Analytics  Syslog Search

• True or False
• The console commands export and checkout can both be used to export IdentityIQ objects into an XML format.

Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 33


Questions?

35

You might also like