Log4j: Custom Logging from within Rules

  • 7011150
  • 19-Jul-2012
  • 02-Nov-2012


NetIQ Access Governance Suite


Custom log4j logging can be accomplished from within Rules by creating a logger object in each rule.  This logging can be easily turned on and off or adjusted to higher or lower logging levels without changing anything in the rule logic when the logging level is set for the rule using a log4j.properties configuration record.


  1. Set up a configuration record in the log4j.properties file.  For maximum flexibility in adjusting logging levels per rule, each rule should have its own configuration record with a distinct class name.  Configuration records follow the syntax:



    • youruniquename = a company-specific unique identifier (e.g. ACMECorp)
    • rulename = the name of the specific rule (e.g. FinanceCorrelationRule)
    • loglevel = fatal, error, warn, info, debug, trace


  2. Create a logger object in a rule by inserting a line following this syntax in the rule's code:

    Logger  mylogger = Logger.getLogger("com.youruniquename.rulename");

    Logger mylogger = Logger.getLogger("com.ACMECorp.FinanceCorrelationRule");

  3. Within the code logic, use log4j statements to print messages to the log4j log file like this:

    mylogger.error("Identity not found.");
    mylogger.warn("Warning: Identity status was already inactive.");

    Only log4j statements of a severity level that is equal to or higher than the log level specified in the log4j.properties file will be written to the log.  For example, if the log level is set to "warn", only fatal, error, and warn messages will be written.  If it is set to "trace", messages of all levels will be written to the log file.