Policy logging is expensive; it uses processing time and disk space. In a production environment, you should enable it only under the following types of conditions:
You have created a new policy and need to verify its functionality.
You are troubleshooting a policy that is not behaving as expected.
To gather troubleshooting information, you should enable the and options in the Identity Server configuration and set the for to at least . Then you must update the Identity Server configuration and restart any Access Gateway Embedded Service Providers, so that the Embedded Service Providers read the logging options. See Configuring Component Logging
in the Novell Access Manager 3.1 SP2 Identity Server Guide. When you have solved the problem, you should disable these options.
The log file on the component that executed the policy is where you should look for logging information. For example, if you have an Access Gateway: Authorization error, look at the log on the Access Gateway that executed the policy.
For additional policy troubleshooting procedures, see Section 6.0, Troubleshooting Access Manager Policies.