Syslog Logging

Last modified 12 Nov 2021 16:57 +01:00
Since 3.6
This functionality is available since version 3.6.

MidPoint is using LogBack library for logging. LogBack has many logging options. However only two are well supported in midPoint: logging to file and logging to syslog. File logging is the default option and it is well supported both in midPoint core and in the user interface. Syslog logging is supported since midPoint 3.6 and it is slightly more difficult to configure. This page describes the steps needed to configure syslog logging.

MidPoint logging configuration is stored in the System Configuration Object. Therefore this configuration object needs to be modified to set up syslog logging. When we need is to change the logging appender. Appender is the component that writes log data to a file, console or sends them over the network. Default midPoint configuration is set up by using file appender that writes the log data to idm.log file. This appender has to be replaced by a syslog appender that sends the data to a syslog server instead of writing them to file. To do that edit the System Configuration Object and locate logging configuration in the logging element. There is probably a lot of configured loggers (usually classLogger elements). The loggers mostly control the granularity of the logging. What we are looking for is appender element. Existing appender element should be replaced by following configuration:


        <!-- logger configuration should be here -->

        <appender xsi:type="c:SyslogAppenderConfigurationType" name="IDM_LOG"
            <suffixPattern>[%X{subsystem}] [%thread] %level \(%logger\): %msg</suffixPattern>



Make sure that the logger name (IDM_LOG) matches the definition in the rootLoggerAppender. Such configuration will send data from all the loggers to the syslog appender (unless specified otherwise).

Explanation of individual configuration properties of the syslog appender can be found on LogBack page.

When the system configuration object is saved then midPoint should start logging to the syslog server immediately. If that does not work try restarting the system, however that is usually not necessary.

This configuration will send vast majority of log entries to the syslog server. However, there is one more thing to have a really complete syslog coverage of all midPoint logging. This logging configuration is stored in system configuration object which is stored in midPoint repository (relational database). There is a period of midPoint system initialization during which the access to the database is not yet initialized. Therefore the logging configuration stored in the database cannot be applied. MidPoint is using default logging settings during this period, which means that it logs to the idm.log file. Once the system is initialized to the point that the system configuration object can be retrieved from the database then the logging setting is applied and midPoint starts logging to syslog.

However, even this early initialization logging can be reconfigured. To route even the initialization logging to the syslog server create a logback.xml file in MidPoint Home Directory. This file is supposed to be in the native LogBack format. For the simple case of syslog logging the file should look roughly like this:

<?xml version="1.0" encoding="UTF-8"?>
    <appender name="IDM_LOG" class="">
        <suffixPattern>[%X{subsystem}] [%thread] %level \(%logger\): %msg</suffixPattern>

    <logger name="ro.isdc.wro.extensions.processor.css.Less4jProcessor" level="ERROR"/>
    <logger name="org.hibernate.engine.jdbc.spi.SqlExceptionHelper" level="OFF"/>
    <logger name="org.hibernate.engine.jdbc.batch.internal.BatchingBatch" level="OFF"/>
    <logger name="PROFILING" level="INFO"/>
    <logger name="com.evolveum.midpoint" level="INFO" />

    <root level="INFO">
        <appender-ref ref="IDM_LOG"/>

After system restart midPoint should start logging to syslog and even the log entries from early system initialization should be there. In case that you are running midPoint cluster this configuration needs to be applied on all the cluster nodes.

Was this page helpful?
Thanks for your feedback