When it comes to extracting logs from cloud rules, our usual route involves reaching out to support or ES. However, if these logs lack proper formatting, sifting through them for a specific user run can be quite challenging.
Here’s a method I employ to streamline the tracking of logs for individual runs, making it easier for you to obtain them via the support team.
Log Prefixing for Enhanced Clarity
To facilitate the process, each rule type has access to some identity data, which we utilize as a logPrefix
in every log line within the rule.
While there may be alternative approaches for various rule types, I’ve outlined my preferred methods below.
IdentityAttribute / AttributeGenerator / AttributeGeneratorFromTemplate / Generic Rule
For rules with access to the identity
object, you can create a logPrefix
attribute to append to each log line as follows:
1 2 3 |
String identityName = identity.getName(); String logPrefix = "Generate sAMAccountName - [" + identityName + "] "; |
Now, you can use this logPrefix
to append to every log statement, like so:
1 2 3 4 5 |
String firstName = StringUtils.trimToNull(identity.getAttribute("firstname")); String lastName = StringUtils.trimToNull(identity.getAttribute("lastname")); log.error(logPrefix + "firstName: " + firstName); log.error(logPrefix + "lastName: " + lastName); |
BeforeProvisioning Rule
For rules with access to the plan
object, use the following approach:
1 2 3 |
Identity identity = plan.getIdentity(); String logPrefix = "Active Directory BP Rule - [" + identity.getName() + "] "; |
Now, you can incorporate the logPrefix
in the log lines as mentioned earlier.
Correlation Rule
When dealing with the Correlation Rule and access to the account
object, fetch a primary identifier (e.g., STAFF_NUMBER
) for enhanced identification:
1 2 3 |
String staffNumber = StringUtils.trimToNull(account.getStringAttribute(STAFF_NUMBER)); String logPrefix = "HR Correlation - [" + staffNumber + "] "; |
ManagerCorrelation Rule
For the ManagerCorrelation Rule and access to the link
object, retrieve a primary key (e.g., Userid
) for better association:
1 2 3 |
String Userid = link.getAttribute("Userid"); String logPrefix = "HR ManagerCorrelation - [" + Userid + "] "; |
BuildMap Rule
Finally, for the BuildMap Rule and access to cols
and record
of the accounts, fetch an attribute (e.g., EMP_NO
) via a map for logging:
1 2 3 4 5 |
Map map = DelimitedFileConnector.defaultBuildMap(cols, record); String employeeNumber = (String) map.get("EMP_NO"); String logPrefix = "HR BuildMap - [" + employeeNumber + "] "; |
Streamlined Output Request
When requesting logs, provide the formatted logPrefix, the organization name, and the timeframe. For example:
Generate sAMAccountName - [EMP001]
The logs, once fetched, will be neatly formatted and easily identifiable, even in scenarios where the rule runs for thousands of users but you need information about just one user for troubleshooting:
1 2 |
Generate sAMAccountName - [EMP001] firstName: John Generate sAMAccountName - [EMP001] lastName: Doe |
I hope this aids you on your rule journey! If you have any questions, feel free to reach out.
0 Comments