ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to start SiteMinder smps trace without using SM console

book

Article ID: 53360

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

How to start SiteMinder smps trace without using SM console

Solution:

You can enable smtrace without using smconsole by changing some SiteMinder registry keys as following:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig1
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceOutput

In normal situation, you will see TraceConfig and TraceConfig1 are identical, for example: C:\siteminder\policyserver\config\smtracedefault.txt

Generally, these three registry values are equivalent to elements in Profiler tab of SM console as follow:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig -> Enable Profiling check box
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig1 -> Configuration file
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceOutput -> Output to File

Both TraceConfig and TraceConfig1 need to have same values. If they are not identical, some unexpected behaviours might occur.

TraceOutput registry refer to the physical file path of trace output file for example:
C:\siteminder\policyserver\logs\smtracedefault.log

After all three registry values have been set, the smtrace will start immediately logging to the specified output file.

To stop smtrace, customer can empty out the HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig

Optionally, customer can use "smpolicysrv -starttrace" and "smpolicysrv -stoptrace" to start and stop tracing.

The trace log will start to generate when you have those keys populated and run "smpolicysrv -starttrace".
If you decide to disable temporarily, you can run "smpolicysrv -stoptrace" to stop logging.

If you did not populate the keys, and if you run "smpolicysrv -starttrace" or "smpolicysrv -stoptrace", you will still see the command being issued in smps log (ex: Server 'starttrace' command received).

But it is just a message saying that the command was issued and does not guarantee that it will work.

Environment

Release:
Component: SMPLC