How to rollover log files based on size

Version Affected:  All

Description:  
Identity Platform (IdP) log files roll over to a new log file 24 hours after the previous log file was started, this article shows us how to change this so log files roll over based on log file size

Cause:  
By default, each log file will roll over 24 hours after it was created, as IdP can fill up log files very quickly at times, this means the log files can become very large, to the point where they cannot be opened in most Text Editors

Resolution:  
IdP uses the standard Microsoft EnterpriseLibrary Logging and the RollingFlatFileTraceListenerData Datatype, this means we are limited as to what we can change in relation to the logging behaviour.

The defaults for each type of logging (Audit, Debug, Warning and Error) are set to roll the file over 24 hours after it was created and to keep 7 Archived log files in addition to the file currently being written to, for each log file type (Audit, Debug, Warning and Error), this should equate to a maximum of 8 log files for each log file type.
There are some caveats to this rule, see the 'Special Considerations' section at the bottom of this Article

The available options are:
rollInterval - Day OR Midnight
Day - Rollover 24 hours after file creation
Midnight - Rollover at midnight, ignoring the file creation time

rollSizeKB - value can be any size in KB

To alter the behaviour of logging, the below steps will need to be followed:

1) Decrypt the web.config for the Realm in question and open it in a Text Editor
2) Scroll down to the <loggingConfiguration> - <listeners> section where the entries for Audit, Debug, Warning and Error logs can be seen, see below for an example of a default entry for Audit log files

<add name="Audit Text File" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging" fileName="AuditLogs/Audit.Log" formatter="Audit Marvin Formatter" rollInterval="Day" maxArchivedFiles="7" />

3) Alter the configuration depending on your preference


Example 1 - To rollover Audit log files at midnight each day and keep 7 Archived Files

<add name="Audit Text File" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging" fileName="AuditLogs/Audit.Log" formatter="Audit Marvin Formatter" rollInterval="Midnight" maxArchivedFiles="7" />

Example 2 - To rollover Audit log files when they reach 1Gb in size and keep 7 Archived Files

<add name="Audit Text File" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging" fileName="AuditLogs/Audit.Log" formatter="Audit Marvin Formatter" rollSizeKB="1048576" maxArchivedFiles="7" />

Example 3 - To rollover Audit log files when they reach 1Gb in size OR at Midnight, if they have not reached 1Gb by that point, and keep 7 Archived Files

<add name="Audit Text File" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging" fileName="AuditLogs/Audit.Log" formatter="Audit Marvin Formatter" rollSizeKB="1048576" rollInterval="Midnight" maxArchivedFiles="7" />

4) Keep in mind, depending on the activity within the environment for the affected Realm, this could reduce the number of days the Archived files cover, be sure to adjust maxArchivedFiles to a suitable value.

Special Considerations:  
Archived log files relate to log files which start with the below names:
Audit*
Debug*
Error*
Warning*

Sometimes, if an Application Pool recycle occurs whilst there is an active session writing data to the log files, IdP will create log files with a GUID for a name rather than the expected named files. These files are NOT considered during the log rotation and therefore they will not be removed in accordance with the maxArchivedFiles limit and will need to be removed manually, see below for an example (those in green are included in the log rotation, those in blue will not be removed unless done so manually)

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.