Troubleshooting

If you have unexpected errors, you may need to enable some additional logging to gain more insights into the internals of PolicyServer or its dependencies. When you contact PolicyServer support, it is helpful if you can provide detailed logs on request.

Some settings belong in logging.json and some in policyserver.json

Setting the log level

For troubleshooting and development, the default log level in logging.json can be set to Verbose, e.g.:

{
    "Serilog": {
        "MinimumLevel": {
        "Default": "Verbose",
        "Override": {
            "Microsoft": "Warning",
            "System": "Warning",
        }
    }
}

If you are looking for additional infromation, you may try removing the Override section altogether. This will result in significant logging output.

Adding a file logger

It is useful to capture the logging output in a file - and this may also help if you want to send that file to PolicyServer support if needed. The following snippet enables both console and file logging:

{
    "Serilog": {
      "Using": [
          "Serilog.Sinks.Console",
          "Serilog.Sinks.File"
        ],
        "MinimumLevel": {
            "Default": "Verbose",
            "Override": {
                "Microsoft": "Warning",
                "System": "Warning",
            }
        },
        "WriteTo": [
            {
                "Name": "Console",
                "Args": {
                "outputTemplate": "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}"
                }
            },
            {
                "Name": "File",
                "Args": {
                "path": "policyserver_log.txt",
                "fileSizeLimitBytes": "100000",
                "rollOnFileSizeLimit": true,
                "shared": true,
                "flushToDiskInterval": "00:00:01"
                }
            }
        ]
    }
}

Enabling additional logging output

The following settings are useful for troubleshooting:

Enabling startup diagnostics. This will dump the contents of the configuration system into the log file. This will include environment variables, which might contain sensitive data.
Enabling request logging. This will log all incoming HTTP requests and is very useful to troubleshoot load balancing, reverse proxy and TLS termination issues.
Logging request headers. This is an extension to request logging and to give you even more details about the incoming HTTP requests.
Enable detailed logging of access token validation. This helps troubleshooting token validation related issues. Might result in sensitive data being logged.

These settings belong in policyserver.json:

"PolicyServer": {

    "diagnostics": {
        "enableStartupDiagnostics": true,
        "enableRequestLogging": true,
        "logRequestHeader": true,
        "showMsJwtPiiDetails": true
    }
}