The IdP uses a logging "facade" called slf4j to allow the logging implementation to be replaced if desired. By default, logging is handled with the Logback library, which offers a lot of advanced capabilities for deployers. This page includes suggestions for how to make the logging layer more useful and we welcome additions by deployers to document the tricks they employ.

Automatic Email Alerts on Error

Logback can be configured to perform various actions when different conditions are satisfied, one of which is using SMTP to deliver log data. This example will configure Logback to send an email any time an event level of ERROR is generated. All log data will still be written to the default FILE appender also.

Even logging on only ERROR conditions can generate plenty of mail, so this trick is best employed in conjunction with additional changes not shown here, such as message filtering.

For reference:

There are two parts to configure:

When configuring data values in the appender, staying as generic as possible allows the same logback.xml to be used among dev, test, and production environments without any modifications (always a plus when you're being audited).

  1. Edit %{idp.home}/conf/logback.xml and append this new appender code block after the last existing <appender> definition:
  2. Add a reference to the new appender:
    1. Find the existing code <root level="INFO">
      1. Hooking in here allows you to configure your appender to alert on any severity
      2. Alternatively, you can create your own root level block if you don't want to modify the existing block
    2. Append a new reference after the existing references:

      <appender-ref ref="Email_Alerts"/>