Logs default management, rotation and size settings in Policy Server
Article ID: 234446
Updated On:
Products
SITEMINDER
Issue/Introduction
When running a Policy Server :
- How the Logs are managed for Siteminder Policy Server ?
- What is the Log rotation mechanism/cycle ?
- What is the log file size we can anticipate on Policy Server ?
Resolution
At first glance, according to documentation, the logs are configurable
by using the Policy Server Management Console (smconsole) (1).
The log rotation and the log file size are configurable at the Logs
Tab of the Management Console (2).
Further, there's also a specific tab in which you can configure the
Policy Server Traces if you need to debug it (3).
The default configuration is :
- The Policy Server writes the logs in this file :
{home_of_policy_server}/log/smps.log
- The smps.log file is rolled each time the Policy Server is
restarted or when the smps.log reaches 10M;
- Policy Servers keeps up to 10 smps.log rolled files;
XPSConfig tool can be used to configure this section of the Policy
Server registry :
# XPSConfig
PRODUCTS MENU*************************************************************CA
CDS - CertificateDataStore 12 Parameters
EPM - Enterprise Policy Management 3 Parameters
FED - Federation 3 Parameters
SM - SiteMinder 167 Parameters
XPS - Extensible Policy Store 26 Parameters
Enter Option (id or X or Q): SM
[...]
100-LogFile Type: String Scope: Managed
Desc: The name of the SiteMinder Policy
Server log file.
Current Value:"/opt/CA/siteminder/log/smps.log"
101-LogFilesToKeep Type: Numeric Scope: Managed
Desc: The number of log files to keep
when performing a rollover.
Current Value:"10"
102-LogLastRolloverTime Type: Numeric Scope: Managed
Desc: The last time of log file
rollover.
Current Value:"0"
103-LogLocalTime Type: Logical Scope: Managed
Desc: Indicates whether the local
timezone is to be used in the log
file records, as opposed to GMT.
Current Value:"TRUE"
104-LogObj Type: Logical Scope: Managed
Desc: Indicates whether object
management attempts are audited.
Current Value:"FALSE"
105-LogRequests Type: Logical Scope: Managed
Desc: Indicates whether SiteMinder
Policy Server requests are to be
logged.
Current Value:"FALSE"
106-LogResponses Type: Logical Scope: Managed
Desc: Indicates whether SiteMinder
Policy Server responses are to be
logged.
Current Value:"FALSE"
107-LogRolloverDays Type: Numeric Scope: Managed
Desc: Indicates whether log file
rollovers are to be performed
daily.
Current Value:"0"
108-LogRolloverInterval Type: Numeric Scope: Managed
Desc: Indicates whether log file
rollovers are to be performed
hourly.
Current Value:"0"
109-LogRolloverOnStart Type: Logical Scope: Managed
Desc: Indicates whether a log file
rollover is to be performed when
SiteMinder Policy Server starts
up.
Current Value:"TRUE"
110-LogRolloverSize Type: Numeric Scope: Managed
Desc: The log file size upon reaching
which a log file rollover is to be
performed.
Current Value:"10"
111-LogRolloverTime Type: String Scope: Managed
Desc: The interval of time after which
to execute log file rollover.
Current Value:""
112-LogStatus Type: Logical Scope: Managed
Desc: The log status.
Current Value:"FALSE"
113-LogStoreNamespace Type: String Scope: Managed
Desc: The audit log store namespace.
Current Value:"TEXT:"
114-LogTrace Type: Logical Scope: Managed
Desc: Indicates whether tracing is
turned on.
Current Value:"FALSE"
115-LogTraceConfig Type: String Scope: Managed
Desc: The name of the file that stores
the trace configuration settings.
Current Value:"/opt/CA/siteminder/config/smtrace
default.txt"
116-LogTraceConsole Type: Logical Scope: Managed
Desc: Indicates whether trace messages
are shown in a console window.
Current Value:"FALSE"
117-LogTraceDelimiter Type: String Scope: Managed
Desc: The delimiter used if the
configured trace file format is
that of a delimited string.
Current Value:""
118-LogTraceFormat Type: String Scope: Managed
Desc: The trace file format can be one
of the following: sm, fixed,
delim, xml.
Current Value:"sm"
119-LogTraceMode Type: Numeric Scope: Managed
Desc: The Tracing mode of the Policy
Server.
Current Value:"0"
120-LogTraceOutput Type: String Scope: Managed
Desc: The trace file name.
Current Value:"/opt/CA/siteminder/log/smtracedef
ault.log"
Note that the XPSConfig tool has some specificities about the Profiler
traces as per the following KD (4).
Additional Information
(1)
Configure the Policy Server Log (smps.log) and Audit Log (smaccess.log)
Configure the Policy Server log and Policy Server audit log from the
Logs tab of the Policy Server Management Console. The Policy Server
Log section controls the settings for the Policy Server log,
smps.log.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-the-policy-server-log-smps-log-and-audit-log-smaccess-log.html
(2)
Management Console--Logs Tab
- (Logfile Rollover) When the server is restarted check box
- (Logfile Rollover) When logfile reaches # MB check box
- (Logfile Rollover) Time Based check box
- Retain up to # old logfile(s) field
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/using/policy-server-management-console.html
(3)
Management Console--Profiler Tab
The Profiler tab is where you set up the Policy Server Profiler to
trace internal Policy Server diagnostics and processing, which you
can use for debugging Policy Server issues.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/using/policy-server-management-console.html
(4)
XPSConfig LogTrace directive is ignored in Policy Server
https://knowledge.broadcom.com/external/article?articleId=205887
Feedback
Yes
No
Powered by
