Please have a look at the short article available here:
https://backstage.forgerock.com/knowledge/kb/article/a95827100It explains what has to be done in order to rotate debug logs for OpenAM. Right now, those logs (located in folder <EO security bundle installation directory>\conf\OpenAM\OpenAM\debug) are not rotated and it is not uncommon that in production environments they can grow to few GB. So, administrators can make their life easier if they follow the instructions present in the short article available in ForgeRock's knowledge base. I think the article explains pretty much everything. debugconfig.properties file which needs to be modified is located here:
<EO security bundle installation directory>\tmp\webapps\OpenAM\WEB-INF\classes)
We suggest to modify the file's content to be like below:
org.forgerock.openam.debug.prefix=
org.forgerock.openam.debug.suffix=-yyyy.MM.dd-HH.mm.ss
org.forgerock.openam.debug.rotation=1440
It is necessary to restart security service once the configuration is successfully modified (as suggested by ForgeRock).
All security nodes need to be altered in clustered installations.
Unfortunately, each re-installation or re-configuration will override the changes covered above. Consequently, it is necessary to alter OpenAM logging configuration again if security bundle is re-installed or re-configured.
OpenAM debug log rotation will be available out-of-the-box in the upcoming EO 4.4.SP9 and all later versions.
OpenAM audit log files rotation is enabled by default. The existing configuration can be altered from OpenAM administration console, more details on that can be found in OpenAM Administration Guide available here:
https://backstage.forgerock.com/docs/openam/13.5/admin-guide/#chap-audit-logging------------------------------
Andrzej Heller
Knowledge Community Shared Account
------------------------------