How to start SiteMinder smps trace without using SM console
search cancel

How to start SiteMinder smps trace without using SM console


Article ID: 53360


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



How to start SiteMinder smps trace without using SM console


You can enable smtrace without using smconsole by changing some SiteMinder registry keys as following:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig1
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceOutput

In normal situation, you will see TraceConfig and TraceConfig1 are identical, for example: C:\siteminder\policyserver\config\smtracedefault.txt

Generally, these three registry values are equivalent to elements in Profiler tab of SM console as follow:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig -> Enable Profiling check box
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig1 -> Configuration file
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceOutput -> Output to File

Both TraceConfig and TraceConfig1 need to have same values. If they are not identical, some unexpected behaviors might occur.

TraceOutput registry refer to the physical file path of trace output file for example:

After all three registry values have been set, the smtrace will start immediately logging to the specified output file.

To stop smtrace, customer can empty out the HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig

Optionally, customer can use "smpolicysrv -starttrace" and "smpolicysrv -stoptrace" to start and stop tracing.

The trace log will start to generate when you have those keys populated and run "smpolicysrv -starttrace".
If you decide to disable temporarily, you can run "smpolicysrv -stoptrace" to stop logging.

If you did not populate the keys, and if you run "smpolicysrv -starttrace" or "smpolicysrv -stoptrace", you will still see the command being issued in smps log (ex: Server 'starttrace' command received).

But it is just a message saying that the command was issued and does not guarantee that it will work.


Component: SMPLC


trace steps for Linux platform