The debug files are not a feature of the Logging Service. They are written using different APIs which are independent of the logging APIs. Debug files are stored in /var/opt/SUNWam/debug. This location, along with the level of the debug information, is configurable in the AMConfig.properties file, located in the AccessManager-base/SUNWam/lib/ directory. For more information on the debug properties, see Appendix A, AMConfig.properties File.
There are several levels of information that can be recorded to the debug files. The debug level is set using the com.iplanet.services.debug.level property in AMConfig.properties.
Off—No debug information is recorded.
Error—This level is used for production. During production, there should be no errors in the debug files.
Warning—Currently, using this level is not recommended.
Message—This level alerts to possible issues using code tracing. Most Access Manager modules use this level to send debug messages.
Warning and Message levels should not be used in production. They cause severe performance degradation and an abundance of debug messages.
A debug file does not get created until a module writes to it. Therefore, in the default error mode no debug files may be generated. The debug files that get created on a basic login with the debug level set to message include:
amAuth
amAuthConfig
amAuthContextLocal
amAuthLDAP
amCallback
amClientDetection
amConsole
amFileLookup
amJSS
amLog
amLoginModule
amLoginViewBean
amNaming
amProfile
amSDK
amSSOProvider
amSessionEncodeURL
amThreadManager
The most often used files are the amSDK, amProfile and all files pertaining to authentication. The information captured includes the date, time and message type (Error, Warning, Message).
The debug level, by default, is set to error. The debug files might be useful to an administrator when they are:
Writing a custom authentication module.
Writing a custom application using the Access manager SDKs. The amProfile and amSDK debug files capture this information.
Troubleshooting access permissions while using the console or SDK. The amProfile and amSDK debug files also capture this information.
Troubleshooting SSL.
Troubleshooting the LDAP authentication module. The amAuthLDAP debug file captures this information.
The debug files should go hand in hand with any troubleshooting guide we might have in the future. For example when SSL fails, someone might turn on debug to message and look in the amJSS debug file for any specific certificate errors.
Access Manager contains the ammultiserverinstall script that can be used to configure numerous instances of the server. If the multiple server instances are configured to use different debug directories, each individual instance has to have both read and write permissions to the debug directories.