Monday, December 3, 2012

SiteMinder Logging Overview


SiteMinder Troubleshooting:  SiteMinder Logging Overview

Contributed by:  Joshua Perlmutter - CA Technologies: Support Engineer


1.  Log Types Defined:



Log TypeConfigurationDefault NameContainsApplicable Versions
Web Agent ErrorACO Parameters General Information, Warnings and ErrorsR6, R12, R12.5
Web Agent TraceACO Parameters Detailed Information on what is happeningR6, R12, R12.5
Policy Server AuditSM ConsoleSMAccess.logWho did what whenR6, R12, R12.5
Policy Server ErrorSM ConsoleSMPS.logGeneral Information, Warnings and ErrorsR6, R12, R12.5
Policy Server Trace (aka Profiler)SM ConsoleSMTraceDefault.logDetailed Information on what is happeningR6, R12, R12.5
WAM UI LogProperties FileServer.logWAM UI Run Time IssuesR12, R12.5
WAM UI Log Boot.logWAM UI Start Up InformationR12, R12.5

2.  Policy Server Details



Controls
      
TypeControl ParameterApplicable VersionsDefault ValueSupport RecommendationPurpose
Policy Server Audit LogSM Console>Data Tab>Audit> File NameR6, R12, R12.5\log\smaccess.log\log\smaccess.logDefines where to do audit logging
Policy Server Audit LogSM Console>Data Tab>Audit>Rollover on StartupR6, R12, R12.5enabledenabledSpecifies we make a new log on start up
Policy Server Audit LogSM Console>Data Tab>Audit>Rollover on SizeR6, R12, R12.5enabled @ 10 mbenabled @ 10 mbSpecifies we make a new log when the current hits a chosen size
Policy Server Audit LogSM Console>Data Tab>Audit>Rollover on TimeR6, R12, R12.5disableddisabledSpecifies roll over at a specific time
Policy Server Audit LogSM Console>Data Tab>Audit> RetentionR6, R12, R12.5set to 10set to 10Specifies how many old logs to keep
Policy Server Audit LogSM Console>Logs Tab>Authentication EventsR6, R12, R12.5None; Anonymous user uncheckedAll; Anonymous CheckedSpecifies auditing authentication events; including anonymous access
Policy Server Audit LogSM Console>Logs Tab>Authorization EventR6, R12, R12.5None; Anonymous user uncheckedAll; Anonymous CheckedSpecifies auditing authorization events; including anonymous access
Policy Server Audit LogSM Console>Logs Tab>Affiliate EventsR6, R12, R12.5NoneAllSpecifies auditing affiliate requests
Policy Server Audit LogSM Console>Logs Tab>Administration Access EventsR6, R12, R12.5NoneAllSpecifies auditing administrative access
Policy Server Audit LogSM Console>Logs Tab>Administrator ChangesR6, R12, R12.5NoneAllSpecifies auditing administrative changes
      
      
Policy Server Error LogSM Console>Logs Tab>LogFileR6, R12, R12.5\log\smps.log\log\smps.logDefines where to do error logging
Policy Server Error LogSM Console>Logs Tab>Rollover on StartupR6, R12, R12.5enabledenabledSpecifies we make a new log on start up
Policy Server Error LogSM Console>Logs Tab>Rollover on SizeR6, R12, R12.5enabled @ 10 mbenabled @ 10 mbSpecifies we make a new log when the current hits a chosen size
Policy Server Error LogSM Console>Logs Tab>Rollover on TimeR6, R12, R12.5disableddisabledSpecifies roll over at a specific time
Policy Server Error LogSM Console>Logs Tab>RetentionR6, R12, R12.5set to 10set to 10Specifies how many old logs to keep
      
      
Policy Server Trace LogSM Console>Profiler Tab>EnabledR6, R12, R12.5disabledon when a problem is being trackedDetermines if we trace
Policy Server Trace LogSM Console>Profiler Tab>Configuration FileR6, R12, R12.5\config\smtracedefault.txt\config\smtracedefault.txtDetermines where trace configuration is stored
Policy Server Trace LogSM Console>Profiler Tab>Console OutputR6, R12, R12.5disableddisabledSpecifies output to command prompt
Policy Server Trace LogSM Console>Profiler Tab>File OutputR6, R12, R12.5enabledenabledSpecifies output to file
Policy Server Trace LogSM Console>Profiler Tab>File LocationR6, R12, R12.5\log\smtracedefault.log\log\smtracedefault.logDetermines where we write the trace
Policy Server Trace LogSM Console>Profiler Tab>Rollover on StartupR6, R12, R12.5enabledenabledSpecifies we make a new log on start up
Policy Server Trace LogSM Console>Profiler Tab>Rollover on SizeR6, R12, R12.5enabled @ 10 mbenabled @ 10 mbSpecifies we make a new log when the current hits a chosen size
Policy Server Trace LogSM Console>Profiler Tab>Rollover on TimeR6, R12, R12.5disableddisabledSpecifies roll over at a specific time
Policy Server Trace LogSM Console>Profiler Tab>RetentionR6, R12, R12.5set to 10set to 10Specifies how many old logs to keep
Policy Server Trace LogSM Console>Profiler Tab>Format/DelimiterR6, R12, R12.5SM Default ([])SM Default ([])Specifies how to separate fields
      
      
 Profiler Components   
ComponentSubComponentInformation Captured   
AgentFunc Web Agent interaction  
 InitAgent initialization   
 Uninitun-initialization   
 IsProtectedIsProtected calls   
 LoginLogin calls   
 ChangePasswordChangePassword call  
 ValidateValidate Session spec or session ID  
 LogoutLogout calls   
 AuthorizeAuthorization calls   
 AuditAudit authorizations out of agent cache  
 FreeAttributesfree the attributes   
 UpdateAttributesUpdate response attributes when authenticating or authorizing out of agent cache 
 SGetSessionVariablesFetch Session Server Variables  
 SetSessionVariablesSet Session Server Variables  
 DeleteSessionVariablesDelete Session Server Variables  
 TunnelTunnel API   
 GetConfigGet agent configuration  
 DoManagementRequests Agent Commands from Policy Server  
 GetSingleUseCookiePolicy server retrieves session cookie stored in session store  
 SetSingleUseCookiePolicy server creates a session cookie stored in session store  
 DelSingleUseCookiePolicy server deletes session cookie stored in session store  
Server Policy Server activity  
 Connectoin_ManagementPolicy Server connection creation and termination  
 Policy_ObjectObject Store changes, including creation, update, and deletion of objects in the Policy Store; and DoManagement messages
 Policy_Object_CacheWatch the parameters of the Policy Object Cache as well as when the Cache is being updated 
 AdministrationAdministrator session activity as well as user management activity initiated from Admin UI 
 Audit_LoggingWhen a log record is created and when it is committed to a persistent storage. 
 Policy_Server_GeneralPolicy Server level general activity  
IsProtected Protection check events  
 Function_Begin_EndWhich parameters are passed to the Policy Server and what is returned to an Agent 
 Resource_ProtectionHow the resource protection decision is made  
Login_Logout Users logging in or out  
 Function_Begin_EndWhich parameters are passed to the Policy Server and what is returned to an Agent 
 AuthenticationHow the authentication decision is made  
 Policy_EvaluationDetails of authentication event processing  
 Active_ExpressionWhich parameters are passed to active expressions and what they return during the Authentication events processing 
 Password_ServiceDetails of password policy processing  
 CertificatesDetails of certifivcate verification  
 Session_ManagementWhen a user session is created, verified, and terminated as well as the details of the management of persistent sessions
 Send_RequestInspect the details of the Policy Server's request to the Agent.  
 Receive_RequestInspect the details of the Agent's request to the Policy Server  
IsAuthorized User authorization tracking  
 Function_Begin_EndWhich parameters are passed to the Policy Server and what is returned to an Agent 
 Policy_EvaluationThe details of access control policies processing  
 Active_ExpressionWhich parameters are passed to active expressions and what they return during the processing of access control policies and Authorization events
 Send_ResponseInspect the details of the Policy Server's response to the Agent  
 Receive_ResponseInspect the details of the Agent's request to the Policy Server  
 AzMappingSee details of Auth-Az directory mapping evaluation  
Tunnel_Service Details about tunnel calls from custom Web Agents  
 Function_Begin_EndWhich parameters are passed to the Policy Server and what is returned to an Agent 
 User-Management_ApiTrace the internal calls of User Management API  
JavaAPI Details java api calls   
 Function_Begin_EndWhich parameters are passed to the Policy Server and what is returned to an the clients of DMS API and Java Policy Management API
Directory_Access Access events on directories  
 Access_Begin_EndHigh-level details of the requests sent by the Policy Server to a user directory 
 Attribute_CacheUser attribute cache activity  
ODBC Details ODBC calls   
 Sql_Statement_Begin_EndEach SQL statement being sent to a directory as well as the returned results 
 Internal_OperationLow level details of the database requests handling  
 Connection_ManagementWhen and how Policy Server creates and terminates database connection and detects failed servers 
 SQl_ErrorsReport all SQL errors   
 Connection_MonitorConnection Monitor Thread and Connection State Changes  
LDAP Details LDAP calls   
 Ldap_Call_Begin_EndDetails of each request sent to an LDAP directory as well as the returned results 
 Internal_OperationLow level details of the LDAP requests handling including referrals, paging and sorting, etc 
 Connection_ManagementWhen and how Policy Server creates and terminates LDAP connection and detects failed servers 
 Performance_MeasurementCollect LDAP query performance data  
 Ldap_Error_MessageShow the detailed error messages returned on failures  
IdentityMinder Details IDM interaction  
 Function_Begin_EndWatch what methods in the extensions kit are called and the return values from those methods 
 IM_ErrorError condition in extension kit  
 IM_InfoGeneral information   
 IM_InternalGeneral IMS internal operations - Tracing  
 IM_MetaDataGeneral provider tracing of meta data  
 IM_RDB_SqlRDB provider tracing of sql  
 IM_LDAP_ProviderLdap Provider specific Tracing  
 IM_RuleParserIMS Policy Rule Parser - Tracing  
 IM_RuleEvaluationRule evaluation information  
 IM_MemberPolicyEvaluation of member policies  
 IM_AdminPolicyEvaluation of admin policies  
 IM_OwnerPolicyEvaluation of owner policies  
 IM_RoleMembershipTracing role membership  
 IM_RoleAdminsTracing role aministration  
 IM_RoleOwnersTracing role ownership  
 IM_PolicyServerRulesEvaluation of policy server rules  
 IM_LLSDK_CommandTracing LLSDK command processing  
 IM_LLSDK_MessageTraces directly sent from LLSDK  
 IM_IdentityPolicyEvaluation of Identity policies  
 IM_PasswordPolicyEvaluation of Identity policies  
 IM_VersionTracing client and server version information  
 IM_CertificationPolicyEvaluation of Certification policies  
 IM_InMemoryEvalTop level trace of in-memory evaluation processing  
 IM_InMemoryEvalDetailDebug level traces of in-memory evaluation processing  
TXM Transaction Minder action details  
 JNI"Errors and messages associated with JNI code in tmservices  
 LicenseErrors and messages associated with license check code in tmservices  
 MetaDataErrors and messages associated with metadata code in tmservices  
SharePointAgent Sharepoint 2007 and 2010 Agent Interaction  
 PlugInSharepoint agent plugin module  
 CfgModuleConfiguration UI to select the webapplication(siteminder)  
 CfgModuleNETWrapperWrapper to Config module  
 MemberShipProviderAuthentication module for user ( siteminder)  
 RoleProviderGroup information   
 NativeAgentAPIWrapperAgent API   
 UserManagementAPITunnel Calls   
 ImportProfileImporting userprofile for Sharepoint  
 UserMigrationUser migration from windows to siteminder  
 SmWebModuleHttpModule and aspx pages  
 Impersonationuser impersonation module(we authenticate the users using NTLM and convey them SharePoint) 
      
Components    
Policy Server Audit Log    
Information FieldField Purpose    
Access TypeType of access (eg: Authorization Accept (AzAccept))    
Host ComputerWhere the acess was from    
Date and TimeWhen the access was done    
IP AddressIP the access was from    
UsernameWho did the access    
Agent NameAgent the access was from    
AcrionHttp method of access (ie: get, post, put)    
ResourceWhat was accessed    
TransactionIDWeb Agent assigned transaction ID    
ReasonWhy the actoin taken was taken    
Status MessageAny message associated with the access    
      
Policy Server Error Log    
Information FieldField Purpose    
Process/Thread IDProcess and Thread ID of message    
Date and TimeDay and time of message    
Source File and LineSource file and line of message    
Message TypeType of Message; ie: Informational, Warning or Error    
MessageWhat is happening    
      
Policy Server Trace Log    
Information FieldField Purpose    
DateDay of message    
TimeTime of Message    
PreciseTimeTime of Message (with milliseconds)    
PidProcess ID    
TidThread ID    
TransactonIDTransaction ID (S##/R## number)    
AgentNameWebAgent name used    
ResourceResource of request    
UserComplete DN of the iser making the request    
SrcFileFile & line of code the request is on    
FunctionFunction that is being executed    
ReturnValueReturn value of an executed function    
GroupDisplays the type of group to which the object belongs in form of string variable. The group can be rule, response or agent group. 
DomainAssociated SiteMinder domain    
RealmAssociated SiteMinder realm    
PolicyAssociated SiteMinder policy    
RuleAssociated SiteMinder rule    
DirectoryUser directory the user is found in    
AgentTypeDisplays an agent type in form of string variable.    
ObjectClassDisplays the object classes for organizations in form of string variable. The object class defines the types of attributes that an entry can contain.  
DomainOIDOID of the associated SiteMinder domain    
RealmOIDOID of associated SiteMnder realm    
ObjectOIDOID of the associated SiteMinder object    
SearchKeyDisplays the Searchkey in the form of string variable. The Searchkey indicates the key used during any searching operation done. 
ErrorStringDisplays the error string in the form of string variable. The error message is set in the ErrorString during the occurrence of error conditions in the code. 
ErrorValueDisplays the error code returned by various functions as an integer value.   
PropertyDisplays the name of the property of an object in form of string variable.   
IPAddrIP Address request is from    
IPPortPort in use    
RequestIPAddrWeb Agent IP Address    
AuthStatusDisplays the Authenticating status can be redirection, error message  and user message in form of string variable.  
AuthReasonDisplays authreason as an integer value. Authreason are the tokencodes transferred  
AuthSchemeDisplays the authentication scheme used in form of string variable.   
CertSerialSerial Number of the certificate (CertAuth only)    
SubjectDnSubject DN of the certificate (CertAuth only)    
IssuerDNIssuer DN of the certificate (CertAuth only)    
SessionSpecDisplays the server side session spec in form of string variable. Session spec provides the specification of the whole session and is encrypted and decrypted at PS side. 
SessionIDDisplays the server side session specification identifiers in form of string variable .  
CertDistPTDisplays the distribution point of the certificate.    
UserDNDN of the user    
ActionDisplays the requested action in form of string variable. It is generally of 3 types GET,POST and PUT.  
StateDisplays the server state in form of string variable. It can be "INIT", "INACTIVE", "ACTIVE", "DISABLED", "INTER", "FAILED"  
ClusterIDDisplays the cluster identifier as an integer value. Every cluster is assigned a unique integer identifier. This id is mainly used for logging purposes. 
HandleCountDisplays the handle count as an integer value. Handle count is the connection count.  
FreeHandleCountDisplays the free handle count as an integer value. FreeHandleCount is the free connection count.  
BusyHandleCountDisplays the busy handle count as an integer value. BusyHandleCount is the busy connection count.  
ResponseTimeDisplays response time in milliseconds.    
ThroughputDisplays the throughput as an integer value. Throughput is transactions per seconds.  
MaxThroughputDisplays the maximum throughput (transactions per seconds) as an integer value.  
MinthroughputDisplays the minimum throughput (transactions per seconds) as an integer value.  
ThresholdDisplays the active servers threshold number as an integer value.   
TransactionNameDisplays the Transaction Name in form of string variable. Transaction name is extracted from the request packet.  
HexadecimalDataDisplays the hexadecimal data transferred (in response packet) in form of string variable.  
QueryDisplays the database access query, in form of string variable.   
ActiveExprDisplays the Active Expressions in form of string variable.   
CallDetailDisplays the details of the call provided in form of string variable.   
ReturnsReserved for future use (not currently used)    
ExpressionReserved for future use (not currently used)    
ResultReserved for future use (not currently used)    
CacheHitsReserved for future use (not currently used)    
CacheSizeReserved for future use (not currently used)    
RefCountReserved for future use (not currently used)    
MessageType of message    
DataDisplays the data transferred (in response packet) in form of string variable.  

3.  Web Agent Details



Controls
TypeControl ParameterApplicable VersionsDefault ValueSupport RecommendationPurpose
Web Agent Error LogLogAppendR6, R12, R12.5NoNoDetermines whether we append only logs or start a new one each LLAWP Start up
Web Agent Error LogLogFileR6, R12, R12.5NoYesDetermines If we create a log
Web Agent Error LogLogFileNameR6, R12, R12.5 Is the location of the file we create when we create a log
Web Agent Error LogLogFileSizeR6, R12, R12.5010Is the number, in MB the maximum size of the error log (0 = unlimited)
Web Agent Error LogLogFilesToKeepR6, R12, R12.5010Is the number of error logs aside form the current one that we keep (0 = unlimited)
Web Agent Error LogLogLocalTimeR6, R12, R12.5YesYesDetermines timestamps; Yes = local time; No = GMT
Web Agent Error LogLogFileName32R12 (IIS 7/7.5 only) Is the log file for the 32 bit process in the 64 bit IIS 7 and 7.5 Agents
      
      
Web Agent Trace LogTraceAppendR6, R12, R12.5NoNoDetermines whether or not we append the old trace files when tracing is reenabled
Web Agent Trace LogTraceConfigFileR6, R12, R12.5 Is the configuration file we use to determine what is traced  (not dynamic)
Web Agent Trace LogTraceDelimiterR6, R12, R12.5 Detemines the delimiter used between fields
Web Agent Trace LogTraceFileR6, R12, R12.5No Determines if we trace processes
Web Agent Trace LogTraceFileNameR6, R12, R12.5 Is the location of the file we create when we create a trace log
Web Agent Trace LogTraceFileSizeR6, R12, R12.50100Is the number, in MB the maximum size of the trace log (0 = unlimited)
Web Agent Trace LogTraceFilesToKeepR6, R12, R12.5010Is the number of trace logs aside form the current one that we keep (0 = unlimited)
Web Agent Trace LogTraceFormatR6, R12, R12.5defaultdefaultDetermines the format of the file
Web Agent Trace LogTraceConfigFile32R12 (IIS 7/7.5 only) Is the configuration file we use to determine what is traced for the 32 bit process in the 64 bit IIS 7 and 7.5 Agents (not dynamic)
Web Agent Trace LogTraceFileName32R12 (IIS 7/7.5 only) Is the trace log file for the 32 bit process in the 64 bit IIS 7 and 7.5 Agents
      
Web Agent Trace Components   
ComponentSubComponentInformation Captured   
AgentFramework All Framework Related Messages  
 AdministrationAgent administration messages  
 FilterFilter messages; The filter interfaces with the 
 HighLevelAgentHigh level request processing messages 
 LowLevelAgentLow level (more detailed) request processing messages. Details regarding the interfacing with the Agent API
 LowLevelAgentWPWorker process messages  
AffiliateAgent Web agent messages for 4.x affiliate agent 
 RequestProcessingCore Affiliate Agent request processing messages 
SAMLAgent Web agent messages for SAML affiliate support 
 RequestProcessingCore SAML request processing messages 
HTTPAgent Web agent messages for Framework Agents 
 AdvancedAuthenticationAdvanced authentication messages, such as Forms or Certificates 
 RequestProcessingCore request processing messages  
 SingleSignOnMessages related to single sign on  
WebAgent Web agent messages for all traditional agents 
 AgentCoreCore messages to the agent  
 CacheCache messages   
 AuthenticationAuthentication messages  
 ResponsesResponse messages   
 ManagementDoManagement messages  
 SSOsingle sign on messages  
 Filterfilter messages   
Agent_Functions Agent API messages   
 InitAgent initialization   
 Uninitun-initialization   
 IsProtectedIsProtected calls   
 LoginLogin calls   
 ChangePasswordChangePassword call  
 ValidateValidate Session spec or session ID  
 LogoutLogout calls   
 AuthorizeAuthorization calls   
 AuditAudit authorizations out of agent cache 
 FreeAttributesfree the attributes   
 UpdateAttributesUpdate response attributes when authenticating or authorizing out of agent cache
 GetSessionVariablesFetch Session Server Variables  
 SetSessionVariablesSet Session Server Variables  
 DeleteSessionVariablesDelete Session Server Variables  
 TunnelTunnel API   
 GetConfigGet agent configuration  
 DoManagementRequests Agent Commands from Policy Server   
Agent_Con_Manager Agent to Policy Server Connection Messages 
 RequestHandlerProcess Request, Handle HCO updates 
 ClusterTrace the ClusterId, HandleCount  
 ServerTrace the Server IP address, port, connection count 
 WaitQueueHandleCount, Free Handle count, Busy Handle count 
 ManagementConnection Service   
 StatisticsStatistics of cluster, Request handler,waitque etc 
      
      
Components    
Web Agent Error Log    
Information FieldField Purpose    
Process & Thread IDGive the Process and Thread that generated the Message  
Date and TimeGive the Date and Time of the Message   
Source File and LineNot the source file and line of the message   
Type of MessageNote the Message type: Informational, Warning or Error  
MessageWhat is Happening    
      
Web Agent Trace    
Information FieldField Purpose    
DateDay of Message    
TimeTime of Message    
PreciseTimeTime of Message (with milliseconds)   
PIDProcess ID    
TIDThread ID    
TransactionIDTransaction ID (shows in Profiler as Attribute 221)  
SrcFileSource file and line of message   
FunctionFunction containing the trace message   
UserName of the user    
UserDNDN of the user this is for    
DomainSiteMinder Domain this is in   
DomainOIDOID of Domain this is in    
RealmSiteMinder Realm this is in   
RealmOIDOID of Realm this is in    
AgentNameAgent name being used    
IPAddrIP Address of user    
IPPortPort on the user end    
RequestIPAddrIP Address of the Web Agent   
CertSerialSerial Number of the certificate (CertAuth only)  
SubjectDNSubject DN of the certificate (CertAuth only)   
IssuerDNIssuer DN of the certificate (CertAuth only)   
SessionSpecSession Spec for the user    
SessionIDSessoin ID for the user    
ResourceResource the query is on    
ActionAction taken by the Web Agent   
MessageThe actual information of what is happening   

4.  WAM UI Details



Controls
LogControl FileParameterValid ValuesControl File Location
Server.loglog4j_jboss.properties
SiteMinderLog4j.properties 		log4j.category.imsInfo, Warn, Debug\adminui\server\default\deploy\iam_siteminder.ear\config\com\netegrity\config
Server.loglog4j_jboss.properties
SiteMinderLog4j.properties 		log4j.category.im
log4j.category.com.ca.siteminder.framework
log4j.category.com.ca.siteminder.framework.action
log4j.category.com.ca.siteminder.framework.tab
log4j.category.com.ca.siteminder.framework.xps
log4j.category.com.ca.siteminder.framework.xps.security
log4j.category.com.ca.siteminder.webadmin		Info, Warn, Debug,ALL\adminui\server\default\deploy\iam_siteminder.ear\config\com\netegrity\config
However, the preferred logging settings modification method is made product specific \adminui\server\default\deploy\iam_siteminder.ear\/user-console/META-INF/SiteMinderLog4j.properties 
Boot.logJboss-log4j.xml  \adminui\server\default\conf
Posted by at

1 comment:

Post a Comment

Subscribe to: Post Comments (Atom)