32.3 Configuring Debug Trace Logging

Novell recommends that you use the tracing feature only for software debugging. Sensitivity levels do not apply to trace logging. Therefore, you would not activate this feature during production, because it impacts processing speed. This feature is filterable by Java class or package.

To enable debug trace logging:

  1. In the Administration Console, click Access Manager > Identity Server > Servers > Edit > Logging.

  2. In the File Logging section, select Enabled.

    It is assumed that you have set up the Echo To Console, Log File Path, and File Wrap options when you set up component file logging. If you need help with these options, see Step 2 in Section 32.2.1, Enabling Component Logging.

  3. In the Trace Logging section, select Enabled.

    This option enables trace logging and the Custom Content Filter link.

  4. (Optional) Click Custom Content Filter to display the Edit custom trace logging content filter text box.

    The Custom Content Filter allows you to focus trace content on a specific section of the system where you suspect a problem exists. The filter is an XML document that specifies which trace logging content to send to the trace logger. You can limit the trace logging to one or more Java class files, or to one or more Java packages, or to one or more thread identifiers defined by Novell.

    1. Click Default to insert the default XML text.

    2. To validate this XML, the Java class or package must be completed.

      Knowledge of the Java class structure of the Access Manager product is required to create a Custom Content Filter. Therefore, it is recommended that this feature be used only with help from Novell Customer Support.

      For information about using the filter, see Section E.0, Logging: Using the Custom Content Filter.

  5. To quickly trace content for specific parts of the system, select one of the following filters. The results are written to the file logger.

    Application: Logs system-wide trace content, except content that belongs to a specific protocol subsystem.

    Liberty: Logs trace content specific to the Liberty IDFF protocol and profiles.

    SAML 1: Logs trace content specific to the SAML 1.1 protocol and profiles.

    SAML 2: Logs trace content specific to the SAML 2 protocol and profiles.

    Web Service Provider: Logs trace content specific to fulfilling Web service requests from other Web service consumers.

    Web Service Consumer: Logs trace content specific to requesting Web services from a Web service provider.

    Request/Response: Logs trace content specific to sending and receiving requests on all protocols, such as Liberty, SAML 1.1, and SAML 2.

    User Stores: Logs trace content specific to accessing user stores. During a health check, the system includes all user stores in the configuration store.

    Configuration: Logs trace content specific to configuring the system.

  6. Click OK.

  7. Update the Identity Server configuration (using Update Servers on the Servers page).

  8. Restart the embedded service providers on the Access Gateways, in order to apply the changes.

    When you disable trace logging, you need to update the Identity Server configuration and restart the embedded service provides.