Logging TAM security

Use this topic to enable the trace spec to indicate tracing at the required level.

The Java Authorization Contract for Containers (JACC) for TAM provider messages are logged to the configured trace output location, and messages are written to standard out SystemOut.log file. When trace is enabled, all logging, both trace and messaging, is sent to the trace.log file.


  1. The amwas.node_server.pdjlog.properties file must be updated and the isLogging attribute set to true for the required component. For example, to enable tracing for the JACC provider for TAM, set the following line to true: amwas.node_server.pdjlog.properties:baseGroup.AMWASWebTraceLogger.isLogging=true

  2. Enable tracing for the JACC provider of TAM components in the WAS admin console by completing the following steps:

    1. Click Troubleshooting > Logs and Trace > myserver.

    2. Under Logs and Trace tasks, click Diagnostic trace.

    3. Select the Enable Log option.

    4. Click Apply.

    5. Click Troubleshooting > Logs and Trace > myserver.

    6. Click Change Log Detail Levels.

    7. Click Components. Tracing for all components can be enabled using the com.tivoli.pd.as.* command. Tracing for separate components can be enabled using the following commands:

      • com.tivoli.pd.as.rbpf.* for role-based policy framework tracing

      • com.tivoli.pd.as.jacc.* for JACC provider tracing

      • com.tivoli.pd.as.pdwas.* for the authorization table

      • com.tivoli.pd.as.cfg.* for configuration

      • com.tivoli.pd.as.cache.* for caching

      See Log level settings.

    8. Click Apply.


Next steps

The trace spec now indicates that tracing is enabled at the required level. Save the configuration and restart the server for the changes to take effect.

TAM loggers


Related tasks

Enable an external JACC provider



Diagnostic trace service settings