Logging for AppConnect apps for iOS

• Overview of logging for AppConnect apps for iOS
• Log levels
• How the log level appears in messages
• Log file details
• Enable logging for an AppConnect app
• Log level configuration impact on the device
• Activating verbose or debug logging on the device
• Emailing log files from Go

Overview of logging for AppConnect apps for iOS

You can collect detailed log data for AppConnect for iOS apps. You specify the AppConnect apps that should log detailed data. The AppConnect library contained in each specified app also logs detailed data. The log data provides information to help Ivanti Technical Support troubleshoot issues with the apps.

Depending on your configuration, the data is logged to:

• the device’s console.
• the device’s console and files on the device.

Log levels

You choose one of four log levels for an AppConnect app. The two highest levels can log sensitive data. To prohibit unauthorized users from accessing sensitive data, the two highest levels require the device user to enter a debug code that you specify.

Exactly what sensitive data is logged depends on the app, but can include, for example:

• Device user data, including document names and contents, contact lists, notes, and bookmarks
• Encryption keys, passwords, certificates, signing identities, and cookies
• Complete URLs and URL POST data
• Data that reveals the contents of encrypted data

The following table describes the log levels from lowest (least verbose) to highest (most verbose):

Table 28.   AppConnect log levels

Log level	Description	Contains sensitive data?	Requires the user to enter the debug code?
Error	Provides error, warning, and status messages. This level is the default. It is always turned on. Error messages are for events that block access to part or all of the app. Example: Corrupt or missing data Warning messages are for events that are suspicious, but not quite failures like errors. Example: Unexpected data that is ignored Status messages indicate major changes in the state of the app. Example: User successfully logged in	No	No
Info	Provides error, warning, and status messages, plus more information. Info messages indicate minor changes in the state of the app. Example: AppConnect app check-in times	No	No
Verbose	Provides error, warning, status, and info messages, plus more, possibly sensitive, information. Verbose messages provide more extensive information, possibly including sensitive details. Example: Server URLs	Yes	Yes
Debug	Provides error, warning, status, info, and verbose messages, plus further information, which is possibly sensitive. Debug messages have the most information, possibly including sensitive details. Example: URL request details	Yes	Yes

How the log level appears in messages

When you set the log level for an app, messages logged by the following components are impacted:

• the AppConnect app
• the Ivanti AppConnect library contained in the AppConnect apps
• the AppConnect wrapper (only applicable for wrapped AppConnect apps)

The messages logged by these components include the log level as shown in the following table:

Table 29.   How the log level appears in messages

Component	App name in log message	How the log level appears in messages
An AppConnect app	The app’s name	[Error] [Warning] [Status] [Info] [Verbose] [Debug] The value error for the MI_AC_LOG_LEVEL key in an app’s AppConnect app configuration, can result in messages with [Error], [Warning], and [Status].
AppConnect library contained in an AppConnect app	The app’s name	[AppConnect:Error] [AppConnect:Warning] [AppConnect:Status] [AppConnect:Info] [AppConnect:Verbose] [AppConnect:Debug] The value error for the MI_AC_LOG_LEVEL key in an app’s AppConnect app configuration, can result in messages with [AppConnect:Error], [AppConnect:Warning], and [AppConnect:Status].
The AppConnect wrapper (only applicable for wrapped AppConnect apps)	The app’s name	[AppConnectWrapper:Error] [AppConnectWrapper:Warning] [AppConnectWrapper:Status] [AppConnectWrapper:Info] [AppConnectWrapper:Verbose] [AppConnectWrapper:Debug] The value error for the MI_AC_LOG_LEVEL key in an app’s AppConnect app configuration, can result in messages with [AppConnectWrapper:Error], [AppConnectWrapper:Warning], and [AppConnectWrapper:Status].

Log file details

The following details are available in the log files for each app:

• The log files for each app are saved to the following directory:

  Apps/<app name>/Library/Application Support/AppConnectLogs

• The log file for each app is named appconnect.log.

• The log file is at most 1 MB.

• When appconnect.log exceeds 1 MB:

  1. It is renamed to appconnect.log.<timestamp>.

     Example: appconnect.log.2015-05-28 15:13:21

  2. Logging begins in a new file named appconnect.log.

  3. If 20 log files already exist, the oldest file is deleted.

Enable logging for an AppConnect app

To enable the log level and debug code for an app, and to specify that you want to log to files in addition to the device console, add the following key-value pairs in the AppConnect app configuration for the app. The key is case sensitive.

Table 30.  AppConnect for iOS key-value pairs

Key	Value
MI_AC_LOG_LEVEL	Specifies the log level for the app. Enter one of the following: error info verbose debug.
MI_AC_LOG_LEVEL_CODE	Add this key-value pair if you entered verbose or debug. Specifies the string that the device user enters to activate the verbose or debug log level. Enter a string for the value. The device user will enter this string to activate the verbose or debug log level. You can make up any string. For example, enter 37!8D. For the most security, use a code that is difficult to guess. The string is case-sensitive.
MI_AC_ENABLE_LOGGING_TO_FILE	The AppConnect app's logs are logged to files on the device. Enter Yes.

Log level configuration impact on the device

Error level logging is always on, regardless of whether you have configured the MI_AC_LOG_LEVEL key-value pair, and it requires no actions from the device user. Info level logging also does not require device user interaction. However, verbose or debug level logging do not begin until the device user activates debug mode in Go.

The status details for an AppConnect app include a Debug Mode switch only when you have configured both of the following in the app’s AppConnect app configuration:

• a log level of verbose or debug
• a debug code

In this case, the status details for an AppConnect app shows the Debug Mode switch:

The keys MI_AC_LOG_LEVEL and MI_AC_LOG_LEVEL_CODE are not included in the configuration count on an app’s detailed status display.

Activating verbose or debug logging on the device

The following describes how to activate verbose or debug logging on the device.

Procedure 

1. Open Go on the device.

2. Tap Settings.

3. Tap Check For Updates.

4. Tap Secure Apps.

5. Tap the app for which you want verbose or debug level logging.

6. Slide the toggle for Debug Mode.

   

7. Enter the debug code.

8. Tap Next.

Verbose or debug level logging is activated for 24 hours, after which it is automatically deactivated the next time that the device user launches or switches to the app. However, the device user can deactivate it any time by tapping Debug Mode again.

Emailing log files from Go

Go displays the option to send logs on the app’s status details screen, available in Go at Settings > Secure Apps > <app name>. The option is at the bottom of the screen with this text: Send <app name> Logs. However, the option is disabled if the app’s AppConnect authorization status is not authorized.

When the option is displayed and enabled, tapping it brings up the list of apps able to share the log files, such as email apps, if you included the following key-value pair for the app in its AppConnect app configuration:

• MI_AC_ENABLE_LOGGING_TO_FILE set to Yes

  For wrapped apps, you can also include the key MI_AC_WR_ENABLE_LOG_CAPTURE set to Yes. This key causes the app’s logs to be included in the log files along with the logs from the AppConnect wrapper and AppConnect library.

Once you have collected the logs from the device user, remove the MI_AC_LOG_LEVEL, MI_AC_LOG_LEVEL_CODE, and MI_AC_ENABLE_LOGGING_TO_FILE key-value pairs from the AppConnect app configuration. This best practice ensures the app does not continue logging sensitive data unnecessarily.