How to start SiteMinder smps trace without using SM console

Document ID : KB000053360
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

How to start SiteMinder smps trace without using SM console

Solution:

You can enable smtrace without using smconsole by changing some SiteMinder registry keys as following:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig1
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceOutput

In normal situation, you will see TraceConfig and TraceConfig1 are identical, for example: C:\siteminder\policyserver\config\smtracedefault.txt

Generally, these three registry values are equivalent to elements in Profiler tab of SM console as follow:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig -> Enable Profiling check box
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig1 -> Configuration file
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceOutput -> Output to File

Both TraceConfig and TraceConfig1 need to have same values. If they are not identical, some unexpected behaviours might occur.

TraceOutput registry refer to the physical file path of trace output file for example:
C:\siteminder\policyserver\logs\smtracedefault.log

After all three registry values have been set, the smtrace will start immediately logging to the specified output file.

To stop smtrace, customer can empty out the HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceConfig

Optionally, customer can use "smpolicysrv -starttrace" and "smpolicysrv -stoptrace" to start and stop tracing.

The trace log will start to generate when you have those keys populated and run "smpolicysrv -starttrace".
If you decide to disable temporarily, you can run "smpolicysrv -stoptrace" to stop logging.

If you did not populate the keys, and if you run "smpolicysrv -starttrace" or "smpolicysrv -stoptrace", you will still see the command being issued in smps log (ex: Server 'starttrace' command received).

But it is just a message saying that the command was issued and does not guarantee that it will work.