Sun Java System Access Manager 7 2005Q4 Administration Guide

Debug Files

The debug files are not a feature of the Logging Service. They are written using different APIs which are independent of the logging APIs. Debug files are stored in /var/opt/SUNWam/debug. This location, along with the level of the debug information, is configurable in the file, located in the AccessManager-base/SUNWam/lib/ directory. For more information on the debug properties, see Appendix A, File.

Debug Levels

There are several levels of information that can be recorded to the debug files. The debug level is set using the property in

  1. Off—No debug information is recorded.

  2. Error—This level is used for production. During production, there should be no errors in the debug files.

  3. Warning—Currently, using this level is not recommended.

  4. Message—This level alerts to possible issues using code tracing. Most Access Manager modules use this level to send debug messages.

    Note –

    Warning and Message levels should not be used in production. They cause severe performance degradation and an abundance of debug messages.

Debug Output Files

A debug file does not get created until a module writes to it. Therefore, in the default error mode no debug files may be generated. The debug files that get created on a basic login with the debug level set to message include:

The most often used files are the amSDK, amProfile and all files pertaining to authentication. The information captured includes the date, time and message type (Error, Warning, Message).

Using Debug Files

The debug level, by default, is set to error. The debug files might be useful to an administrator when they are:

The debug files should go hand in hand with any troubleshooting guide we might have in the future. For example when SSL fails, someone might turn on debug to message and look in the amJSS debug file for any specific certificate errors.

Multiple Access Manager Instances And Debug Files

Access Manager contains the ammultiserverinstall script that can be used to configure numerous instances of the server. If the multiple server instances are configured to use different debug directories, each individual instance has to have both read and write permissions to the debug directories.