There are at least four different subsystems for logging in OpenAM that we are using. None of these support using notification from logrotate to allow logrotate to rotate log files without dropping log file entries. It would be ideal if OpenAM supported the interpretation of SIGUSR1 on the linux platform, so that log files could be rotated easily with the system's standard logging utilities, rather than configuring multiple vendor-specific logging system configurations.
We are using a logging service to retain old log files, but without OpenAM deleting old logs, our servers fill with log files that have not been retired. logrotate is the product we've been using for many other components in our environment. logrotate handles notification of products, but without a mechanism for telling OpenAM that rotation has been accomplished, we are forced to use either the built in openam logging functions, or 'copytruncate' in logrotate. it appears per https://bugster.forgerock.org/jira/browse/OPENIDM-3036 that OpenAM may lose some of the auditing data we are required to retain if we use this approach. logrotate also handles deletion of old log files, and automatic compression. Setting up openam's built in log rotation features results in log files with date strings in them, which are hard to configure our log retention service to look for and archive. We are currently having to monitor disk usage to prevent downtime, which requires us to react with our on-call team, rather than having logrotate handle log space management.