Server tracing

Server tracing

The trace facility provides methods to capture information about ISIM Server internal operations. The trace log information is designed so support personnel can trace a problem to its source and determine why an error occurred.

Configure the server trace log

Configuration properties for the server trace log are stored in the enRoleLogging.properties file.
Log on to the IBM Security Identity Manager virtual appliance console. From the Appliance Dashboard, use the Manage > System Settings > Log Retrieval and Configuration page to work with enRoleLogging.properties. See Configure logs. Changes take effect when ISIM Server checks for updates. We can specify the update interval in the properties file. The following properties values are the defaults:

logger.trace.logging=true

Turns trace logging on or off.

true

Turns on trace logging.

false

Turns off trace logging.

logger.trace.level=DEBUG_MIN

Trace logging level.

DEBUG_MIN

Records the least amount of information. (Default)

DEBUG_MID

Records a greater amount of trace information for debugging.

DEBUG_MAX

Records the maximum amount of trace information. This level has the greatest impact on server performance. Use this level only to narrow down a problem to a specific component. Then reset this parameter back to DEBUG_MIN or DEBUG_MID.

handler.file.trace.maxFiles=10

Maximum number of trace log files to keep before log records are discarded.

logger.trace.com.ibm.itim.component_name

Defines the ISIM component to trace. For information about this property, see Specifying trace contents.

Specifying trace contents

We can specify the level of trace data that is collected either during installation or at a later time. The enRoleLogging.properties file contains properties that are related to what data to collect and the level of collection.

From the Appliance Dashboard, use the Manage > System Settings > Log Retrieval and Configuration page to work with enRoleLogging.properties. See Configure logs.
The setting of these values is suggested by support personnel when debugging a problem. Under normal operating conditions, the default settings are appropriate. The more data that is collected, the greater the impact is to system performance.
Table 1 shows logging components and descriptions.

Component To troubleshoot problems related to:

logger.trace.com.ibm.itim.adhocreport.level Running operations under the Report tab. For example, synchronizing data or designing and running reports.

logger.trace.com.ibm.itim.adhocreport.changelog.level Synchronizing data incrementally.

logger.trace.com.ibm.itim.apps.level Validating business logic. For example, password synchronization and account compliance about provisioning policy.

logger.trace.com.ibm.itim.apps.ejb.adhocreport.level Synchronizing data. For example, retrieving data from Security Identity Manager LDAP and storing it in a database.

logger.trace.com.ibm.itim.authentication.level Log on to or authenticating with Security Identity Manager.

logger.trace.com.ibm.itim.authorization.level Validating and checking of ACIs for a logged-in user.

logger.trace.com.ibm.itim.common.level Validating input per defined FORM constraints or schema.

logger.com.ibm.itim.script.level Evaluating the scriptframework, which replaces FESI. For example, the workflow engine script node and service selection policy script.

logger.trace.com.ibm.itim.fesiextensions.level Evaluating a FESI script. For example, the workflow engine script node and service selection policy script.

logger.trace.com.ibm.itim.mail.level Sending mail from Security Identity Manager. For example, notifications.

logger.trace.com.ibm.itim.messaging.level Sending messages to queues.

logger.trace.com.ibm.itim.dataservices.model.level Performing LDAP Directory server operations. For example, updating a person.

logger.trace.com.ibm.itim.passworddelivery.level Clearing expired password transactions.

logger.trace.com.ibm.itim.policy.level Running and validating policies. For example, password and provisioning policies.

logger.trace.com.ibm.itim.remoteservices.level Running operations for remote resources and interpreting the response. For example, HR feed, reconciliation and account operations.

logger.trace.com.ibm.itim.report.level Not used.

logger.trace.com.ibm.itim.security.level Not used.

logger.trace.com.ibm.itim.scheduling.level Running scheduled operations such as those that the user scheduled to run at a later date.

logger.trace.com.ibm.itim.systemConfig.level Running LDAP\DB upgrade\config utilities.

logger.trace.com.ibm.itim.util.level Sharing utility classes across various components. For example, acquiring and releasing database connections from the WebSphere Application Server Java™ Database Connectivity (JDBC) connection pool.

logger.trace.com.ibm.itim.webclient.level Navigating from one page to another, input validation, or display problems.

logger.trace.com.ibm.itim.workflow.level Running workflows. This operation includes providing information about running a specific node in the workflow definition. For example, the input and output of a node and the transition from one node to the other.

logger.trace.com.ibm.daml.level Communication between ISIM Server and remote agent.

logger.trace.com.ibm.erma.level Communication between ISIM Server and remote agent by using an FTP protocol like RACF .

JLog supports a hierarchical set of named objects that inherit properties from their ancestors. A period (.) separates each level of the hierarchy. The highest level of the hierarchy is shown first. For example, the logger.trace.com.ibm.itim.workflow object in the workflow inherits properties that are not explicitly defined at the workflow level from logger.trace.com.ibm.itim, logger.trace.com.ibm, logger.trace.com, and logger.trace. Because of the inheritance characteristic, the default tracing level can be defined at the top of the hierarchy, which is logger.trace. The following definition sets a specific level of tracing for a component:
logger.trace.com.ibm.itim.component_name.level=tracing_level

where component_name is the name of the component and tracing_level is the level of tracing to use for that component.
Set a tracing level for a component overrides the inherited level of tracing. For example, logger.trace.com.ibm.tim.workflow.level=DEBUG_MAX traces the workflow component at the maximum level of detail, that is, DEBUG_MAX. This setting continues tracing all other levels at the minimum level, that is, DEBUG_MIN.
Parent topic: Traces

Component	To troubleshoot problems related to:
logger.trace.com.ibm.itim.adhocreport.level	Running operations under the Report tab. For example, synchronizing data or designing and running reports.
logger.trace.com.ibm.itim.adhocreport.changelog.level	Synchronizing data incrementally.
logger.trace.com.ibm.itim.apps.level	Validating business logic. For example, password synchronization and account compliance about provisioning policy.
logger.trace.com.ibm.itim.apps.ejb.adhocreport.level	Synchronizing data. For example, retrieving data from Security Identity Manager LDAP and storing it in a database.
logger.trace.com.ibm.itim.authentication.level	Log on to or authenticating with Security Identity Manager.
logger.trace.com.ibm.itim.authorization.level	Validating and checking of ACIs for a logged-in user.
logger.trace.com.ibm.itim.common.level	Validating input per defined FORM constraints or schema.
logger.com.ibm.itim.script.level	Evaluating the scriptframework, which replaces FESI. For example, the workflow engine script node and service selection policy script.
logger.trace.com.ibm.itim.fesiextensions.level	Evaluating a FESI script. For example, the workflow engine script node and service selection policy script.
logger.trace.com.ibm.itim.mail.level	Sending mail from Security Identity Manager. For example, notifications.
logger.trace.com.ibm.itim.messaging.level	Sending messages to queues.
logger.trace.com.ibm.itim.dataservices.model.level	Performing LDAP Directory server operations. For example, updating a person.
logger.trace.com.ibm.itim.passworddelivery.level	Clearing expired password transactions.
logger.trace.com.ibm.itim.policy.level	Running and validating policies. For example, password and provisioning policies.
logger.trace.com.ibm.itim.remoteservices.level	Running operations for remote resources and interpreting the response. For example, HR feed, reconciliation and account operations.
logger.trace.com.ibm.itim.report.level	Not used.
logger.trace.com.ibm.itim.security.level	Not used.
logger.trace.com.ibm.itim.scheduling.level	Running scheduled operations such as those that the user scheduled to run at a later date.
logger.trace.com.ibm.itim.systemConfig.level	Running LDAP\DB upgrade\config utilities.
logger.trace.com.ibm.itim.util.level	Sharing utility classes across various components. For example, acquiring and releasing database connections from the WebSphere Application Server Java™ Database Connectivity (JDBC) connection pool.
logger.trace.com.ibm.itim.webclient.level	Navigating from one page to another, input validation, or display problems.
logger.trace.com.ibm.itim.workflow.level	Running workflows. This operation includes providing information about running a specific node in the workflow definition. For example, the input and output of a node and the transition from one node to the other.
logger.trace.com.ibm.daml.level	Communication between ISIM Server and remote agent.
logger.trace.com.ibm.erma.level	Communication between ISIM Server and remote agent by using an FTP protocol like RACF .