Each Access Manager device has configuration options for logging:
Identity Server: Logging is turned off and must be enabled. When you enable Identity Server logging, you also enable logging for the embedded service providers that are configured to use the Identity Server for authentication. For configuration information, see Section 32.2, Configuring Identity Server Logging.
Embedded Service Providers: Each Access Manager device has an embedded service provider that communicates with the Identity Server. Its log level is controlled by configuring Identity Server logging.
NetWare Access Gateway: Most of the logging available for the NetWare Access Gateway is for its embedded service provider. The log level of this subcomponent is controlled with the Identity Server logging configuration. The logging specific to the NetWare Access Gateway is not configurable, and the NetWare Access Gateway messages are sent to the logger screen.
Linux Access Gateway: A log notice level of logging is enabled by default. You can change the level from the command line interface. For information, see Linux Access Gateway Logs.
This section contains the following information about the Linux Access Gateway logs:
You can use the following procedure to set the level of information logged to the ics_dyn.log file in the /var/log directory.
At the command prompt, enter the following command:
nash
At the nash shell prompt, enter the following command:
configure .current
To change the log level, enter the following command:
log-conf log-level <log level>
Replace <log level> with the new log level that you want to set.
When you run the /etc/init.d/novell-vmc start command, the default log level is set to LOG_NOTICE. You can change the log level to any level from LOG_EMERG to LOG_INFO.
To apply changes, enter the following command:
apply
To exit from the configuration mode, enter the following command:
exit
To exit from the nash shell, enter the following command:
exit
In Linux Access Gateway, the entries in the ics_dyn.log file have the following format:
<time-date-stamp> <hostname> : <AM#event-code> : <AMDEVICE#device-id> : <AMAUTHID#auth-id> : <AMEVENTID#event-id> :<supplementary log entry data and text>
A sample log message is given below:
Aug 3 14:35:41 c1h : AM#504503000: AMDEVICEID#ag-0BDF41AAC4CDCBE5 : AMAUTHID#0: AMEVENTID#74: Process request 1 'www.lag-202.com' '/AGLogout' [192.10.100.111:38091 -> 192.10.106.2:80]
The fifth and sixth digits in the <AMEVENTID#event-id> refer to the Linux Access Gateway components. The following table list the numbers and the components which they denote.
Table 42-1 Linux Access Gateway Components
For more information on the log format, see Section 42.2, Understanding Log Format.
At the command prompt, enter the following command:
nash
To enter the configuration mode, enter the following command:
configure .current
Enter one of the following commands to configure logging:
To apply changes, enter the following command:
apply
To exit from the configuration mode, enter the following command:
exit
To exit from the nash shell, enter the following command:
exit