The page displays the location of the files that the Access Manager components use for logging system messages. There are two exceptions:
J2EE Agent:
The J2EE Agent uses the J2EE global logger, and the location of this file is customizable. For information about J2EE agent log files, see Viewing Log Files
in the Novell Access Manager 3.1 SP1 Agent Guide.
Default Auditing File: If you have configured Novell Audit to send events to the default audit file (on Linux, this is/var/opt/novell/naudit/logs/auditlog), this file does not appear in the list. (On a Windows machine that has different security restraints, the file appears in the list.)
If you want this file to appear in this list on a Linux machine, you must make this file readable by the novlwww user. It is a breach of Novell Audit security for Access Manager code to change the permissions on this file. You must decide whether changing its permissions and displaying the file in this list compromises your security.
To have it appear in the list of files for the Administration Console, configure the following:
Use commands similar to the following to grant the novlwww user executable permissions to the naudit directories:
chmod o+x /var/opt/novell/naudit chmod o+x /var/opt/novell/naudit/logs
Use a command similar to the following to grant the novlwww user read access to the auditlog file:
chmod o+r /var/opt/novell/naudit/logs/auditlog
To view or download the log file:
In the Administration Console, click > .
Select one or more log files, click , then open it or save it to disk.
You can use any text editor to view the file.
Each Access Manager Component generates multiple log files. Table 4-1 lists these files and the types of messages they contain.
Table 4-1 Access Manager Log Files
|
Component |
Filename |
Description |
|
|---|---|---|---|
|
Linux Administration Console |
|
||
|
/var/opt/novell/tomcat5/logs/catalina.out |
Contains Tomcat errors. |
|
|
/opt/novell/devman/share/logs/app_sc.0.log |
Contains events related to importing devices, device configuration changes, health status changes, statistics reporting, and communication problems. |
|
|
/opt/novell/devman/share/logs/app_cc.0.log |
Contains events related to policy configuration. |
|
|
/opt/novell/devman/share/logs/platform.0.log |
Contains XML events for configuration changes. This log file contains very little useful information for system administrators. |
|
|
Windows Administration Console |
|
||
|
/Program Files/Novell/Tomcat/logs/stderr.log |
Contains Tomcat error messages directed to stderr. |
|
|
/Program Files/Novell/Tomcat/logs/stdout.log |
Contains Tomcat error messages directed to stdout. |
|
|
/Program Files/Novell/log/app_sc.0.log |
Contains events related to importing devices, device configuration changes, health status changes, statistics reporting, and communication problems. |
|
|
/Program Files/Novell/log/app_cc.0.log |
Contains events related to policy configuration. |
|
|
/Program Files/Novell/log/platform.0.log |
Contains XML events for configuration changes. This log file contains very little useful information for system administrators. |
|
|
/Program Files/Novell/Nsure Audit/logs/auditlog |
Contains the log entries for Novell auditing. |
|
|
Linux Identity Server |
|
|
|
|
/var/opt/novell/tomcat5/logs/catalina.out |
Logging to this file only occurs if you have selected the option from the > > > page. When component logging has been set to info for Applications, it contains entries tracing user authentication and role assignments. |
|
|
/opt/novell/devman/jcc/logs/jcc-0.log.0 |
Contains the log entries for the server communications module related to interaction of the Identity Server with the Administration Console, such as imports, certificates, health checks, and configuration. |
|
|
Windows Identity Server |
|
|
|
|
/Program Files/Novell/Tomcat/logs/stderr.log |
Contains Tomcat error messages directed to stderr. |
|
|
/Program Files/Novell/Tomcat/logs/stdout.log |
Logging to this file only occurs if you have selected the option from the > > > page. When component logging has been set to info for Applications, it contains entries tracing user authentication and role assignments. |
|
|
/Program Files/Novell/devman/jcc/logs/jcc-0.log.0 |
Contains the log entries for the server communications module related to interaction of the Identity Server with the Administration Console, such as imports, certificates, health checks, and configuration. |
|
|
Linux Access Gateway Appliance |
|
||
|
/var/opt/novell/tomcat5/logs/catalina.out |
Logging to this file only occurs if you have selected the option from the > > > page. Check this file for entries tracing the evaluation of authorization, identity injection, and form fill policies. |
|
|
/var/log/novell/reverse/<name> |
If logging is enabled on one or more reverse proxies, this directory contains the log files. (To enable this type of logging, see A directory is listed for each reverse proxy on which you have enabled logging. |
|
|
/var/log/ics_dyn.log |
Contains all log entries generated by the Linux Access Gateway. Use syslog to control file rolling and log file distribution. |
|
|
/opt/novell/devman/jcc/logs/jcc-0.log.0 |
Contains the log entries for the server communications module related to interaction of the Access Gateway with the Administration Console, such as imports, certificates, health checks, and configuration. |
|
|
/var/log/lagsoapmessages |
Logs all the SOAP messages between the Linux Access Gateway and the Embedded Service Provider. |
|
|
/var/log/laghttpheaders |
Contains a log of the HTTP headers to and from the Linux Access Gateway. |
|
|
Linux Access Gateway Service |
|
||
|
/var/opt/novell/amlogging/logs/ags.log |
Contains the messages generated for configuration, device imports, health, and statistics. It also contains entries for the policy evaluation processes done by the Gateway Service Manager module. |
|
|
/var/log/novell/reverse/<name> |
If logging is enabled on one or more reverse proxies, this directory contains the log files. (To enable this type of logging, see A directory is listed for each reverse proxy on which you have enabled logging. |
|
|
/var/opt/novell/tomcat5/logs/catalina.out |
Contains the log messages generated by the embedded service provider. Logging to this file only occurs if you have selected the option from the > > > page. Check this file for entries tracing the evaluation of authorization, identity injection, and form fill policies. |
|
|
Windows Access Gateway Service |
|
||
|
/Program Files/Novell/amlogging/logs/ags.log |
Contains the messages generated for configuration, device imports, health, and statistics. It also contains entries for the policy evaluation processes done by the Gateway Service Manager module. |
|
|
/Program Files/Novell/Apache/logs/<name> |
If logging is enabled on one or more reverse proxies, this directory contains the log files. (To enable this type of logging, see A directory is listed for each reverse proxy on which you have enabled logging. |
|
|
/Program Files/Novell/Tomcat/logs/stdout.log |
Contains the log messages generated by the embedded service provider. Logging to this file only occurs if you have selected the option from the > > > page. When component logging has been set to info for Applications, it contains entries tracing user authentication and role assignments. |
|
|
SSL VPN Server |
|
|
|
|
/var/opt/novell/tomcat5/logs/catalina.out |
Logging to this file only occurs if you have selected the option from the > > > page. |
|
|
/opt/novell/devman/jcc/logs/jcc-0.log.0 |
Contains the log entries for the server communications module related to interaction of the SSL VPN with the Administration Console, such as imports, certificates, and configuration. |
|
|
/var/log/messages |
Contains the log entries for the connection manager and socks servers. |
|
|
/var/log.novell-openvpn.log |
Contains log entries for the OpenVPN server or the Enterprise mode server. |
|
|
/var/log/stunnel.log |
Contains log entries for Stunnel or the Kiosk mode server. |
|