Policy Server Logging in 6.x.

Document ID : KB000025214
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In 5.x there was a separate log for Authentication and Authorization. In 6.0 and 12.0, these are gone. How can I know what is going on as I used to?

Solution:

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create back up of the registry and ensure that you understand how to restore the registry if a problem may occur.
For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.

Basic errors are now logged to the SMPS log. For more detailed information you must use the Profiler, or trace log.
For the Policy Server, the trace is also called a profiler, and is configured via the Profiler Tab of the Policy Server Management Console. Previous to 6.0 SP5 CR19 not everything was configurable through the user interface. We strongly encourage using the user interface if possible. This profiler is a replacement of the 5.x individual logs for each process, and actually includes much more that 5.x can do. This is just a basic overview of profiling. For more information, please see Chapter 8 of the Policy Server Management Guide. To really get a feel, play with the profiler. Keep the following in mind while adjusting the profiler:

  1. Date and (Precise)Time are needed to tell when an action occurs.
  2. Pid and Tid are needed to follow relations as multiple processes and threads are being logged in an interweaved way. Often it is not possible to analyze an issue without these.
  3. Pid and Tid are needed to synch up this log with the SMPS log.
  4. The log can grow quite fast depending on how much is captured.
  5. Starting with 6.0 SP3, the log can be automatically rolled using a manually added registry key (in the sm.registry file on Unix platforms):

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig\TraceRolloverSize (REG_DWORD) that is in hex (0x### format) and has a maximum value of 0x7D0 (2 gigabytes), however it is strongly suggested to use a value of 0x64 (100 mb) or less; this was added to the interface in 6.0 SP5 CR19.
  6. Changes to this log, including enabling, are dynamic and picked up as soon as they are applied.

The Profiler can be configured via the "Profiler" Tab of the SMConsole, or you can edit the plaintext configuration file by hand (smtracedefault.txt). Following is an example of a well formatted, comprehensive configuration. Please note that Date, Time, Pid and Tid have been set as the first four columns in the 'Data' section of the configuration file making the output much more "readable".

Please note that this only has two lines, one for components and one for data. Note that you may also do message filters. For the purpose of this article we will treat them as advanced and leave coverage to the documentation. They would require more lines though.

Components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized, Directory_Access, ODBC, LDAP
Data: Date, Time, Pid, Tid, TransactionID, SessionSpec, SessionID, Function, ReturnValue, Domain, Realm, Rule, Policy, AuthStatus, AuthReason, AuthScheme,User, UserDN, Action, Resource, Directory, SearchKey, ErrorValue, ErrorString, AgentName, Message, Data, Query, CallDetail.

At a minimum you should have the following Data:
Date in order to synchronize with other logs on the server
(Precise)Time in order to synchronize with other logs on the server
Pid in order to follow the flow of information and synchronize to the SMPS, as well as parsing out transactions
Tid in order to follow the flow of information and synchronize to the SMPS, as well as parsing out transactions
TransactionID to synchronize with the SMPS log (s##/r## numbers)
AgentName to synchronize with the Web Agent Trace log
User to know which user this is in response to
Domain to know which domain is being used
Realm to know which realm is being used
Action to know which action is taken
Message in order to know what is being done at each line of the trace; works with Data field for Web Agent requests; works with Data, Query and CallDetail for Policy Server events
Data in order to know what is being done at each line of the trace; works with Message field for Web Agent requests; works with Message, Query and CallDetail for Policy Server events
Query in order to know what is being done at each line of the trace; works with Message, Data and CallDetail for Policy Server events
CallDetail in order to know what is being done at each line of the trace; works with Message, Data and Query for Policy Server events

Please note, there is a known issue with some methods of updating the profiler configuration.
This issue is fixed in the 6.0 line with 6.0 sp6 cr3, and the 12.0 line with 12.0 sp3 cr3, by tracking number 122572.
This fix is also in 12.5 CA SiteMinder