Enable Directory Trace logging "on the fly" for EEM

book

Article ID: 51041

calendar_today

Updated On:

Products

DIRECTORY SECURITY MISC CODES SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

By default the Directory iTechPoz DSA which stores EEM information and authorizations does NOT have the DSA console port enabled. This normally prevents you from enabling trace unless you stop and start the DSA. But with this document you can enable the DSA Console port during a problem or outage which can be very helpful.

Solution:

By default the Directory iTechPoz DSA which stores EEM information and authorizations does NOT have the DSA console port enabled.

It is commented out in the iTechPoz-ServerNameHere.dxc file so the port is not running by default.

To enable the port and turn on tracing follow the steps below.

  • You will need to check the iTechPoz-ServerNameHere.dxc file to see if the port is commented out or uncommented.

    • Commented out = # sign in front of the console= line

    • Uncommented = NO # sign in front of the console= line

  • The iTechPoz-ServerNameHere.dxc file will have your actual Server name in the place of ServerNameHere. See the below default locations on each OS platform.

    • Unix:

    • /opt/CA/Directory/dxserver/config/knowledge/iTechPoz-ServerNameHere.dxc

    • Windows:

    • C:\Program Files\CA\Directory\dxserver\config\knowledge\iTechPoz-ServerNameHere.dxc

  • Next change the following line in the iTechPoz-ServerNameHere.dxc file.

    • #console-port = 10510

    • Change to

    • console-port = 10510

  • Save the changes to the file.

  • Login as the user who installed EEM/Directory.

  • On Unix this is the dsa user by default and you will need to su to the Directory admin user with the command below (If you used a non default user then replace that with dsa below).

    • su - dsa

  • Next run the below command from a command prompt to re-initialize the Directory configuration. This will now read in the current Directory configuration files (including the dxc file we just changed) and then open up the console port.

    • dxserver init all

    • IMPORTANT: You will have to schedule a restart of the services to turn the port back off at a later time, see steps later in this doc to complete this.

  • Now the console port should be open. You can now run the below command to connect to the Directory Command Console port to enable tracing.
    Please run the command below.

    • telnet localhost 10510

  • NOTE: If you do not have telnet client (the default setup on Win 2008) then you will need to install it or another type of telnet client application (like putty for example).
  • Once connected you will see a prompt similar to below.

    • Welcome to the DSA Management Console

    • dsa>

  • Here you will need to type in the below command followed by a semicolon and hit enter.

    • set trace=all;

  • If this returns to the dsa> command prompt it should be in effect. You will quickly see the information scrolling across the screen which is also being written to the iTechPoz-ServerNameHere_trace.log file.

  • It is assumed you are turning on TRACE level of logging to capture a problem for Support or Engineering to review. Please recreate any problem you are having while this trace level of logging is turned on. You can leave the telnet to the port open as you will need to turn this off after the data is captured to avoid running out of disk space and adding extra load on the machine when not necessary.

  • Ok, now that you re-created the problem you can copy or zip up the trace log file and attach this to the Support issue.

    • iTechPoz-ServerNameHere_trace.log

  • Now you will need to turn back the logging level to ERROR and optionally comment the console port again.

  • Go back to the DSA Management console which may still be open with data scrolling across the screen.

  • If it is not open please use the steps above to telnet to the port again.

  • Once you are connected, the high log level may have significant data scrolling across the screen.

  • You can type the below command normally and do not worry if the text seems lost in the data scrolling as it is being received.

  • My suggestion is to "use the Force" and type the information without looking at the screen. Do not worry, it is still being read as input.

  • With the above in mind please type the below command carefully and when you hit enter the data should stop scrolling if it worked correctly.

  • set trace=error;

  • If the data is still scrolling then hit enter and try the command again. Once the log level is turned down you can logout from the DSA Management console with the command below.

  • logout;

  • Optional: You may optionally set back the console line in the iTechPoz-ServerNameHere.dxc file if you are concerned about leaving the port open.

  • If you want to shut the port please follow the steps below.

  • Open the iTechPoz-ServerNameHere.dxc file in the below locations.

    • Unix:

    • /opt/CA/Directory/dxserver/config/knowledge/iTechPoz-ServerNameHere.dxc

    • Windows:

    • C:\Program Files\CA\Directory\dxserver\config\knowledge\iTechPoz-ServerNameHere.dxc

  • Change the following in the iTechPoz-ServerNameHere.dxc file.

    • console-port = 10510

    • Change to

    • #console-port = 10510

  • Save the changes to the file.

  • Complete the change by scheduling a restart of the Directory services to allow the port to be closed. The command to restart the Directory Services is as follows.

    • dxserver stop all

    • dxserver start all

  • This may be scheduled at a convenient time for your environment.

  • Note: you may need to restart other services which may depend on Directory services.

  • Tech tip: It might be advisable to schedule the Directory restart with a restart of the server to ensure all servers are restarted and initialized correctly. This might also utilize an already scheduled downtime from other system maintenance or patches.

Environment

Release:
Component: ETRDIR