title: Log Analysis & Diagnostics category: Troubleshooting tags: troubleshooting, logs, diagnostics, errors, debugging priority: Normal
Log Analysis & Diagnostics
This guide explains how to use IdentityCenter's logging and diagnostic tools to identify, investigate, and resolve issues. Effective log analysis is the foundation of all troubleshooting.
The Logging Page
Navigate to /admin/logging to access the centralized log viewer. The Logging page provides:
- Real-time log entries from all application components
- Filtering by log level, date range, and source component
- Full-text search across log messages
- Export functionality for support tickets
Log Levels
IdentityCenter uses standard .NET log levels, from most verbose to least:
| Level | Purpose | When to Use | Production Default |
|---|---|---|---|
| Trace | Extremely detailed diagnostic data | Step-through debugging only | Off |
| Debug | Internal application state, variable values | Development and targeted debugging | Off |
| Information | Normal operational events (sync started, job completed) | Routine monitoring | On |
| Warning | Unexpected situations that were handled (retry succeeded, slow query) | Proactive issue detection | On |
| Error | Failures that affected a single operation (sync step failed, email failed) | Active troubleshooting | On |
| Critical | Application-wide failures (database unreachable, startup failure) | Immediate investigation | On |
Important: The default production configuration logs at the Information level and above. This provides a good balance between visibility and performance.
Filtering Logs
By Level
Select one or more log levels to display. Common filter strategies:
| Goal | Filter |
|---|---|
| Routine health check | Warning + Error + Critical |
| Investigate a specific failure | Error + Critical |
| Detailed debugging | Debug + Information + Warning + Error + Critical |
| Full diagnostic capture | All levels (Trace through Critical) |
By Date Range
- Set the Start Date and End Date to narrow results to the time window of interest
- For recent issues, use the quick-select buttons (Last Hour, Last 24 Hours, Last 7 Days)
- When investigating a specific sync run failure, use the run's start and end timestamps
By Source Component
Logs are tagged with the source component that generated them. Common components:
| Component | Generates Logs For |
|---|---|
SyncProjectOrchestrator |
Sync project execution, step routing, completion |
DirectoryQueryService |
LDAP queries, paging, connection handling |
SyncObjectRepository |
Bulk upsert operations, database writes |
DatabaseMigrationService |
Schema migrations on startup |
DatabaseOptimizationService |
Index maintenance, statistics updates |
EmailQueueProcessingJob |
Email delivery, SMTP interactions |
ContextualInsightService |
AI insight computation |
LlmService |
LLM API calls, prompt building |
ChatHub |
Chat sessions, command routing |
LifecycleExecutionService |
Lifecycle policy execution |
WorkflowTriggerService |
Workflow triggering and step execution |
Searching Log Messages
Use the search bar on the Logging page to find entries containing specific text:
- Error codes: Search for specific LDAP error codes like
LdapExceptionorCONSTRAINT_ATT_TYPE - Object identifiers: Search for a specific object's DN or GUID to trace its processing
- Method names: Search for
FastBulkUpsertObjectsAsyncto find bulk operation logs - Exception types: Search for
TimeoutException,SqlException, orLdapException
Search tips:
- Searches are case-insensitive
- Use specific terms to reduce noise (e.g.,
LDAP timeout dc01instead of justtimeout) - Combine search with level filters for best results
Common Error Patterns
Database Errors
| Pattern | Meaning | Solution |
|---|---|---|
SqlException: Timeout expired |
Query took too long | Check database performance, see Performance Tuning |
SqlException: Deadlock victim |
Two queries conflicted | Usually transient; check if sync jobs overlap |
SqlException: UNIQUE KEY violation |
Duplicate data insertion | Check sync data for duplicates |
Cannot open database |
Database unreachable | Verify SQL Server is running and connection string is correct |
LDAP Errors
| Pattern | Meaning | Solution |
|---|---|---|
LdapException: Server is unavailable |
DC unreachable | Check network, see Connection Issues |
LdapException: Invalid credentials |
Auth failed | Verify service account credentials |
LdapException: Size limit exceeded |
Too many results | Enable paging or narrow LDAP filter |
Referral was returned |
Object in another partition | Use Global Catalog or direct DC connection |
Application Errors
| Pattern | Meaning | Solution |
|---|---|---|
NullReferenceException |
Missing expected data | Check required fields, verify related records exist |
TaskCanceledException |
Operation timed out or cancelled | Check timeout settings, network stability |
CircuitException |
Blazor circuit disconnected | Client lost connection; typically user-side network issue |
OutOfMemoryException |
Insufficient memory | Increase available RAM, check for memory leaks |
Exporting Logs for Support Tickets
When contacting support, export relevant logs:
- Navigate to /admin/logging
- Filter to the relevant time window and log levels (include at least Warning, Error, and Critical)
- Click Export to download the filtered log entries
- Attach the exported file to your support ticket
What to include in a support ticket:
| Item | Description |
|---|---|
| Exported logs | Filtered to the issue time window |
| IdentityCenter version | Found on the About page |
| Steps to reproduce | What actions led to the error |
| Expected vs. actual behavior | What should have happened vs. what did |
| Environment details | OS version, SQL Server version, .NET version |
| Screenshots | If the issue is visual or UI-related |
Log Retention Policies
Log retention is configured in LoggingSettings within the Configuration Center:
| Setting | Description | Default |
|---|---|---|
| Retention Days | How long to keep log entries | 30 days |
| Max Log Size | Maximum database storage for logs | Varies by deployment |
| Auto-Purge | Automatically delete old entries | Enabled |
Recommendations by environment:
| Environment | Retention | Rationale |
|---|---|---|
| Development | 7 days | Frequent resets, high volume |
| Staging | 14 days | Enough to investigate test failures |
| Production | 30-90 days | Compliance and historical analysis |
Tip: If you need to retain logs longer for compliance, consider forwarding them to an external SIEM or log aggregation system before they are purged.
Application Logs vs. Audit Logs vs. Sync Logs
IdentityCenter maintains three distinct log types. Knowing which to check saves time:
| Log Type | Location | Contains | Check When |
|---|---|---|---|
| Application Logs | /admin/logging | Runtime errors, warnings, debug info | Application errors, performance issues, startup failures |
| Change Audit Logs | /admin/audit-logs | Who changed what and when | Investigating configuration changes, tracking admin actions |
| Sync Audit Logs | /admin/sync-project-runs | Per-run sync results, object counts, step details | Sync failures, object count discrepancies, mapping errors |
When to Check Each
- "The sync failed" -- Start with Sync Audit Logs for the specific run, then check Application Logs for detailed error messages
- "Settings changed unexpectedly" -- Check Change Audit Logs to see who modified the configuration
- "The application is slow" -- Check Application Logs for Warning-level entries about slow queries or timeouts
- "Email notifications stopped" -- Check Application Logs filtered to the EmailQueueProcessingJob component
- "A user lost access" -- Check Change Audit Logs for recent changes, then Sync Audit Logs for any sync-related modifications
Adjusting Log Verbosity for Debugging
When you need more detail to diagnose an issue:
Step 1: Increase Verbosity
- Navigate to Administration > Configuration > Logging Settings
- Set the log level for the relevant component to Debug or Trace
- Save the configuration
Step 2: Reproduce the Issue
- Perform the action that triggers the error
- Note the exact time for log filtering
Step 3: Capture the Logs
- Navigate to /admin/logging
- Filter to the time window and the Debug/Trace levels
- Export the results
Step 4: Reset Verbosity
- Return to Logging Settings
- Set the component back to Information (the production default)
- Save the configuration
Important: Do not leave Debug or Trace level enabled in production. These levels generate a high volume of log entries that can impact database performance and fill storage quickly.
The Sync Audit Logs Page
Navigate to /admin/sync-project-runs for sync-specific diagnostics:
- View all sync runs with status, duration, and object counts
- Click a run to see step-by-step execution details
- View per-object errors for failed items
- Compare successful and failed runs side by side
Key fields in sync run details:
| Field | Description |
|---|---|
| Step Name | Which sync step executed |
| Step Type | Directory Query, Lookup, Internal Processing, etc. |
| Objects In | Objects received by this step |
| Objects Out | Objects successfully processed |
| Errors | Count of objects that failed in this step |
| Duration | How long the step took |
Best Practices
- Review Error and Critical logs daily -- Set up a routine to check for new errors each morning
- Do not leave Debug level enabled in production -- It generates excessive data and impacts performance
- Use specific filters -- Broad searches through all logs are slow and produce too much noise
- Correlate timestamps -- When investigating an issue, align timestamps across Application Logs, Sync Logs, and any external system logs
- Archive before purging -- Export important logs before they reach the retention cutoff
- Set up alerts -- Configure notifications for Critical-level log entries so you are informed immediately