Troubleshooting CA Audit on Windows - Common debugging / tracing logs

Document ID : KB000055319
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This document lists the most common debugs requested by support.

CA Technical Support may request debug logs in order to diagnose problems with CA Audit.

Depending on the type or category of problem, technical support may request to you run specific processes in debug mode to obtain detailed debugging information.

Instructions for the following types of debug / traces are included:

  1. CA Audit's Initial / Common Diagnostic Output (using acstat)

  2. Debugging the eTrust Audit Log Router (aclogrd)

  3. Debugging the eTrust Audit Action Manager (acactmgr)

  4. Debugging the eTrust Audit Generic Recorder (acrecorderd)

  5. Debugging the eTrust Audit Collector (aclogrcd)

  6. Debugging the eTrust Audit Distribution Server (acdistsrv)

  7. Debugging the eTrust Audit Distribution Agent ( acdistagn )

  8. Debugging iGateway (using iGateway.conf)

  9. Debugging iRecorders (using <iRecorder>.conf)

More detailed information can be found in the CA Audit Reference guide.

Solution:

Important Note:

As with all traces and debug collection, please do not forget to turn off any tracing / debugging after the requested information has been collected and stored for future reference.

  1. CA Audit's Initial / Common Diagnostic Output

    Most issues require providing support with the output from the ACSTAT utility. The acstat utility is used to display the status of Audit installation on the current host.

    1. From a command prompt, change to:
      x:\Program Files\CA\eTrust Audit\bin

    2. Run the following command:
      acstat.exe > acstat.output

    3. Save the file x:\Program Files\CA\eTrust Audit\bin\acstat.output

  2. Debugging the eTrust Audit Log Router

    1. Open a command prompt and change to the following directory :
      "x:\Program Files\CA\eTrust Audit\bin"

    2. Stop the log router if it is already running:
      aclogrd -stop

    3. Start the log Router in debug as follows:
      aclogrd.exe -debug -trace -dbglvl 3 -dest1 STDOUT > x:\aclogrd.log

    4. Reproduce the problem then use CTRL-C to stop the log router and the tracing.

    5. Restart the eTrust Audit Log Router via the Control Panel Services.

    6. Save the x:\aclogrd.log

  3. Debugging the eTrust Audit Action Manager

    1. Open a command prompt and change to the following directory:
      "x:\Program Files\CA\eTrust Audit\bin"

    2. Stop the action manager if it is already running:
      acactmgr -stop

    3. Start the action manager in debug as follows:
      acactmgr.exe -debug -trace -dbglvl 3 -dest1 STDOUT > x:\acactmgr.log


    4. Reproduce the problem then use CTRL-C to stop the action manager and the tracing.

    5. Restart the eTrust Audit Action Manager via Control Panel Services.

    6. Save the x:\acactmgr.log

  4. Debugging the eTrust Audit Generic Recorder

    1. Open a command prompt and change to the following directory:
      "x:\Program Files\CA\eTrust Audit\bin"

    2. Stop the Generic Recorder if it is already running:
      acrecorderd -stop

    3. Start the Generic Recorder in debug as follows:
      acrecorderd.exe -debug -trace -dbglvl 3 -dest1 STDOUT > x:\acrecorderd.log

    4. Reproduce the problem then use CTRL-C to stop the Generic Recorder and the tracing.

    5. Restart the eTrust Audit Generic Recorder via Control Panel Services.

    6. Save the x:\acrecorderd.log

  5. Debugging the eTrust Audit Collector

    1. Open a command prompt and change to the following directory:
      "x:\Program Files\CA\eTrust Audit\bin"

    2. Stop the Collector if it is already running:
      aclogrcd -stop

    3. Start the Collector in debug as follows:
      aclogrcd.exe -debug -trace -dbglvl 3 -dest1 STDOUT > x:\aclogrcd.log

    4. Reproduce the problem then use CTRL-C to stop the Collector and the tracing.

    5. Restart the eTrust Audit Collector via the Control Panel Services.

    6. Save the x:\aclogrcd.log

  6. Debugging the eTrust Audit Distribution Server

    1. Open a command prompt and change to the following directory:
      "x:\Program Files\CA\eTrust Audit\bin"

    2. Stop the Distribution Server if it is already running:
      acdistsrv -stop

    3. Start the Distribution Server in debug as follows:
      acdistsrv.exe -debug -trace -dbglvl 3 -dest1 STDOUT > x:\acdistsrv.log

    4. Reproduce the problem then use CTRL-C to stop the Distribution Server and the tracing.

    5. Restart the eTrust Audit Distribution Server via Control Panel Services.

    6. Save the x:\acdistsrv.log

  7. Debugging the eTrust Audit Distribution Agent

    1. Open a command prompt and change to the following directory:
      "x:\Program Files\CA\eTrust Audit\bin"

    2. Stop the Distribution Agent if it is already running:
      acdistagn -stop

    3. Start the Distribution Agent in debug as follow:
      acdistagn.exe -debug -trace -dbglvl 3 -dest1 STDOUT > x:\acdistagn.log

    4. Reproduce the problem then use CTRL-C to stop the Distribution Agent and the tracing.

    5. Restart the eTrust Audit Distribution Agent via Control Panel Services.

    6. Save the x:\acdistagn.log

  8. Debugging the iTechnology iGateway service

    1. Stop the iTechnology iGateway service

    2. Edit the file x:\Program Files\CA\SharedComponents\iTechnology\ igateway.conf

    3. Add the line:
      <Debug>true</Debug>

    4. Restart the iGateway Service

    5. Save the x:\Program Files\CA\SharedComponents\iTechnology\igateway.log

  9. Debugging iRecorders

    Note:

    Most iRecorders can be debugged using the following instructions, except those iRecorders which are considered iReflect iRecorders.

    1. Stop the iTechnology iGateway service

    2. Open the <iRecorder>.conf (ex. NTEventLog.conf or MSSQLServer.conf etc.) file in the directory:
      x:\Program Files\CA\SharedComponents\iTechnology\

    3. Add the line
      <DebugLevel>ISP_FILE</DebugLevel>

    4. Restart the iGateway Service

    5. This will create a <iRecorder_name>.log (ex: NTEventLog.log or MSSQLServer.log etc ) file for the iRecorder you are trying to debug in the directory:
      x:\Program Files\CA\SharedComponents\iTechnology\

    6. Save the x:\Program Files\CA\SharedComponents\iTechnology\<iRecorder_name>.log