+

Search Tips   |   Advanced Search

Tivoli Access Manager loggers

The Java Authorization Contract for Containers (JACC) provider for Tivoli Access Manager uses the JLog logging framework as does the Java runtime environment for Tivoli Access Manager. We can enable tracing and messaging selectively for specific JACC providers for Tivoli Access Manager components.

The JACC for Tivoli Access Manager provider messages are logged to the configured trace output location, and messages are written to standard out SystemOut.log file. When trace is enabled, all logging, both trace and messaging, is sent to the trace.log file.

(zos) Note: These messages are sent to CTRACE. CTRACE can write them to a CTRACE dataset, memory buffer, and/or the SYSPRINT data set for the region's started task.

This topic references one or more of the application server log files. As a recommended alternative, we can configure the server to use the High Performance Extensible Logging (HPEL) log and trace infrastructure instead of using SystemOut.log , SystemErr.log, trace.log, and activity.log files on distributed and IBM i systems. We can also use HPEL in conjunction with the native z/OS logging facilities. If we are using HPEL, we can access all of the log and trace information using the LogViewer command-line tool from the server profile bin directory. See the information about using HPEL to troubleshoot applications for more information on using HPEL.

Tracing and message logging for the JACC provider for Tivoli Access Manager are configured in the amwas.node_server.pdjlog.properties, which is located in the profile_root/etc/tam directory. This file contains logging properties from the amwas.pdjlog.template.properties template file for the specific node and server combination at the time of JACC provider for Tivoli Access Manager configuration.

The contents of this file let the user control:

The amwas.node_server.pdjlog.properties file defines several loggers, each of which is associated with one JACC provider of Tivoli Access Manager component. These loggers include:

Logger Name Description
AmasRBPFTraceLogger AmasRBPFMessageLogger Logs messages and trace for the role-based policy framework. This underlying framework is used by embedded Tivoli Access Manager to make access decisions.
AmasCacheTraceLogger AmasCacheMessageLogger Logs messages and trace for the policy caches used by the role-based policy framework.
AMWASWebTraceLogger AMWASWebMessageLogger Logs messages and trace for the WAS authorization plug-in.
AMWASConfigTraceLogger AMWASConfigMessageLogger Logs messages and trace for the configuration actions of the JACC provider for Tivoli Access Manager .
JACCTraceLogger JACCMessageLogger Logs messages and trace for the JACC provider activity of Tivoli Access Manager .

Tracing can have a significant impact on system performance. Enable tracing only when diagnosing the cause of a problem.

The implementation of these loggers routes messages to the WAS logging sub-system. All messages are written to the WAS trace.log file.

For each logger, the amwas.node_server.pdjlog.properties file defines an isLogging attribute which, when set to true, enables logging for the specific component. A value of false disables logging for that component.

The amwas.node_server.pdjlog.properties file defines the parent loggers MessageLogger and TraceLogger that also have an isLogging attribute. If the child loggers do not specify this isLogging attribute, they inherit the value of their respective parent. When the JACC provider for Tivoli Access Manager is enabled, the isLogging attribute is set to true for the MessageLogger and set to false for the TraceLogger logger. Message logging is enabled for all components and tracing is disabled for all components, by default.

To turn on tracing for a JACC provider component, see Logging Tivoli Access Manager security.


Related tasks

  • Enable an external JACC provider
  • Logging Tivoli Access Manager security