Problem Area | Log File(s) | Ideal Log Level |
Advanced Password Services | - APS.cfg
- Webagent Logs
- Web agent trace logs ***
- Policy Server smps.log
- Policy server Smaceess.log
- Policy server trace logs **
| - "Trace" enabled
- NA
- See Web agent section
- NA
- NA
- See Policy Server Section
|
ASA - Web Logic 8.1 and above | - ASA Connection log
- ASA Providers log
- WebLogic Server log
- BEA proxy log
| - Show startup messages
- 4 providers (IA, AU, AZ, and ADJ)
- WebLogic system message
- Web server that forwards requests
|
ASA - WebSphere 6.1 and above | - ASA Connection log
- ASA Providers log
- WebSphere Server log
| - Show startup messages
- 4 providers (IA, AU, AZ, and ADJ)
- WebSphere system message
|
ERP Agent (PeopleSoft Connector) | - Front-end Agent error log ***
- Front-end Webagent Logs
- Front-end web server error/access logs
- Session Linker Log
- Session Linker Daemon Log
- ERP Agent log (from peoplecode.txt)
- Deployed 'peoplecode.txt'
- Export of relevant Realm(s)/Policy
- Policy Server error log (smps.log)
- Policy Server access log (smaccess.log)
- Policy Server Trace Logs **
| - See Web agent Logging
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- See Policy Server trace logs section
|
ERP Agent (SAP WebAS SMSSW) | - Front-end Agent Trace logs ***
- Front-end Webagent Logs
- Front-end web server error/access logs
- SmWebAsSSO.conf
- SAP authschemes.xml
- http://webserver:port/testapp/testconfig.jsp
- SAP defaultTrace.trc with SiteMinder logging enabled
- SAP security.log, if enabled
- SAP responses.trc, if enabled
- Session Linker Log
- Session Linker Daemon Log
- One of the following test pages:
- http://<machine.domain.com>/smwebasagent/webastest.asp
- http://<machine.domain.com>/smwebasagent/webastest.jsp
- http://<machine.domain.com>/smwebasagent/webastest.pl
- Policy Server error log (smps.log)
- Policy Server access log (smaccess.log)
- Policy Server Trace Logs **
| - See Web agent Logging
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- See Policy Server trace logs section
|
ERP Agent (SAP ITS SMSST) | - Front-end Agent trace logs ***
- Front-end Webagent Logs
- Front-end web server error/access logs
- Session Linker Log
- Session Linker Daemon Log
- NPSHeader2PCookie log
- SAP ITS (PAS module) logs
- ERP Agent error log
- ERP Agent 'zsmsapsso.srvc' file
- Export of relevant Realm(s)/Policy
- Policy Server error log (smps.log)
- Policy Server access log (smaccess.log)
- Policy Server Trace Logs **
| - See Web agent Logging
- NA
- NA
- NA
- NA
- Log level=3
- NA
- NA
- NA
- NA
- NA
- NA
- See Policy Server trace logs section
|
ERP Agent (Siebel Connector) | - Front-end Agent trace logs ***
- Front-end Webagent Logs
- Front-end web server error/access logs
- Siebel Web Service Extensions (SWE) logs
- Siebel Object Manager application logs
- Session Linker Log
- Session Linker Daemon Log
- SiteMinder Security Adapter log
- Export of relevant Realm(s)/Policy
- Policy Server error log (smps.log)
- Policy Server access log (smaccess.log)
- Policy Server Trace Logs**
| - See Web agent Logging
- NA
- NA
- NA
- NA
- NA
- NA
- Log Level 3
- NA
- NA
- NA
- See Policy Server trace logs section
|
6.x Policy Server** | - Smps.log
- PS Minimal Trace
- SM exec log
- SM access log
| - NA
- See Section Below
- Policy startup logs
- Admin UI access
|
12.x Policy Server** | - Smps.log
- PS Minimal Trace
- SM exec log
- SM access log
| - NA
- See Section Below
- Policy startup logs
- Admin UI access
|
R12 WAMUI | | |
R12 Report Server | - Application logs
- Tomcat Logs
- Report server installation logs
- Policy server smps.log
- Policy server trace logs **
| - Boot.log, Server.log
- NA
- NA
- NA
- See Policy server section
|
6.x & 12 X Web Agent* | - Web Agent logs
- Web Agent Trace log***
- WebAgent.conf And SmHost.conf
- Web server configuration files
- Web Server Error and Access logs
- HTTP Header trace
| - NA
- See below
- Web agent configuration files
- Examples: Magnus.conf, HTTPD.conf, obj.cof, Server.xml. Startup scripts, metabase.xml or web.confg
- We server messages
- Using either Fiddler 2 or IE Headers are preferable.
|
Password Services | - Web Agent.log
- Web agent trace logs ***
- Policy Server trace Logs **
| - NA
- See Webagent logging
- See Policy Server trace logs
|
Secure Proxy Server | - Version of SPS + platform
- SPS (Agent) error log
- SPS (Agent) trace log
- SPS (Apache) error log
- SPS (Apache) access log
- SPS (Tomcat) server.log
- SPS (Tomcat) nohup.out (if unix)
- Policy Server error log (smps.log)
- Policy Server access log (smaccess.log)
- Policy server trace logs ***
- HTTP Header trace (CRITICAL)
- Httpclient.log
- Set Proxyrules.dtd
| - NA
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- NA
- See Policy server section
- NA
- NA
- Debug =Yes
|
Identity Minder Identity Manager | - Smps.log (6.x Policy Server)
- Profiler log (6.x & 12.x Policy Server)
- Web Agent Log
- Web agent trace logs ***
| - Highest Level
Set in \identityminder.ear\config\com\netegrity\config\log4j_<AppServerType>.properties where <AppServerType> = {JBoss,WebSphere,WebLogic}.
- NA
- Default template
- NA
- See Web agent trace logs
|
Federation ** SAML 1.0 / 1.1 / 2.0 Federation Security Srvcs (SMFSS) For Non Affiliate Agent Federation (with Option Pack): From Both sides | - Policy server smps.log
- Policy server trace logs **
- Web Agent logs
- Web agent trace logs ***
- Affwebserv.log
- FWStrace.log
- Web Server Access & Error Logs
- HTTP Header trace (CRITICAL)
| - NA
- See Policy server section (make sure to include federation)
- NA
- See Web agent section ( make sure to include federation)
- NA
- NA
- NA
|
Federation ** SAML 1.0 Affiliate Agent Cases: From Portal Side (Producer): | - Policy server smps.log
- Policy server trace logs
- Web Agent logs
- Web agent trace logs
- Affwebserv.log
- FWStrace.log
- Web Server Access & Error Logs
- HTTP Header trace (CRITICAL)
| - NA
- See Policy server section (make sure to include federation)
- NA
- See Web agent section ( make sure to include federation)
- NA
- NA
- NA
- NA
|
Federation ** From Affiliate (Consumer) - SM FSS to SAML Affiliate Agent | - AffiliateConfig.xml
- Affiliateserverconf.properties
- Affiliateserver.txt
- affiliate.log (for non-IIS web servers)
- HTTP Header trace (CRITICAL)
| |
Federation Manager | - Policy Server SMPS log **
- FWSTrace.log and AffWebServ.log
- WALog.log and WATrace.log
- enable "Federation Database Objects Trace" using xpsconfig which logs to the SMPS log
- Proxy embedded Web agent trace ****
| - set to log level 5 in federation_mgr_home\secure-proxy\proxy-engine\conf\server.conf) - located federation_mgr_home/logs/ui/server.log
- NA
- located federation_mgr_home\logs\FWS - set up logs in federation_mgr_home\secure-proxy\proxy-engine\Tomcat\webapps\affwebservices\WEB-INF\classes\LoggerConfig.properties
- set in the /federation_mgr_home/secure-proxy/proxy-engine/conf/defaultagent LocalConfig.conf - trace settings here same as agents with full tracing - TraceConfigFile="federation_mgr_home\secure-proxy\proxy-engine\conf\defaultagent\SecureProxyTrace.conf")
- NA
|
Note: Communications errors indicated by 20-0003 and 20-0002 errors will also require policy server logs. Note: Policy Server hang conditions will also require a pstack against the hung process on Solaris 9 or 10 and a packaged core. |
** For PS Profiler use ps-minimal-trace.conf.txt | Components: Server/Connection_Management, Server/Policy_Server_General, IsProtected, Login_Logout/Function_Begin_End, Login_Logout/Authentication, Login_Logout/Send_Response, Login_Logout/Receive_Request, IsAuthorized, Tunnel_Service, JavaAPI, Fed_Client, Fed_Server, ODBC/Sql_Statement_Begin_End, ODBC/Connection_Management, ODBC/Sql_Errors, ODBC/Connection_Monitor, LDAP/Ldap_Call_Begin_End, LDAP/Connection_Management, LDAP/Ldap_Error_Messages
Data: Date, PreciseTime, Pid, Tid, SrcFile, Function, TransactionID, SessionID, AgentName, Resource, User, Group, Realm, Domain, Directory, Policy, AgentType, Rule, ErrorValue, ReturnValue, ErrorString, IPAddr, IPPort, Result, Returns, CallDetail, Data, Message | |
*** Web agent trace config file | Components: AgentFramework, HTTPAgent, AgentFunc, Agent_Con_Manager
Data: Date, PreciseTime, Pid, Tid, TransactionID, Function, Message, SrcFile, User, Domain, Realm, AgentName, DomainOID, IPAddr, IPPort, RequestIPAddr, CertSerial, SubjectDN, IssuerDN, SessionSpec, SessionID, UserDN, Resource, Action, RealmOID, ResponseTime | |
****Federation Manager Proxy built in web agent tracing | The proxy engine has an embedded Web Agent. You can monitor Web Agent run time activities by enabling tracing in the Agent LocalConfig.conf file. To enable Web Agent tracing - Navigate to the following directory:
/federation_mgr_home/secure-proxy/proxy-engine/conf/defaultagent - Make a backup copy of the LocalConfig.conf file
- Edit the LocalConfig.conf file by replacing the entire contents of the file with the following text:
LogFileName="federation_mgr_home\secure-proxy\Federation\log\WALog.log" LogFile="YES" TraceConfigFile="federation_mgr_home\secure-proxy\proxy-engine\conf\defaultagent\SecureProxyTrace.conf" TraceFileName="federation_mgr_home\logs\server\WATrace.log" TraceFile="YES" Note: Change the back slash character to a forward slash (/) in the paths if Federation Manager is installed on a Solaris operating environment. - Save and close the LocalConfig.conf file.
- Open the WebAgent.conf file.
- Remove the pound sign (#) to uncomment the localconfigfile line.
- Save and close the WebAgent.conf file.
- Restart the Federation Manager services according to your operating environment.
| |