test

Sun Java System Access Manager 7.1 Administration Guide

Remote Logging

Access Manager supports remote logging. This allows a client application using a host where the Access Manager server is installed to create log records on an instance of Access Manager deployed on a remote machine. Remote logging can be initiated in any of the following scenarios:

  1. When the logging URL in the Naming Service of one Access Manager instance points to a remote instance and there is a trust relationship configured between the two, logs will be written to the remote Access Manager instance.

  2. When the Access Manager SDK is installed against a remote Access Manager instance and a client (or a simple Java class) running on the SDK server uses the logging APIs, the logs will be written to the remote Access Manager machine.

  3. When logging APIs are used by Access Manager agents.

ProcedureTo Enable Remote Logging with Web Containers

  1. Log into the either the Application Server or Web Server's administration console and add the following JVM options:

    • java.util.logging.manager=com.sun.identity.log.LogManager

    • java.util.logging.config.file=/AccessManager-base /SUNwam/lib/LogConfig.properties

      For more information on the Application Server administration console, see Sun Java System Application Server Enterprise Edition 8.2 Administration Guide.

      For more information on the Web Server administration console, see Sun Java System Web Server 7.0 Administrator’s Guide.

    • If the Java™ 2 Platform, Standard Edition being used is 1.4 or later, this is accomplished by invoking the following at the command line:

      java -cp /AccessManager-base /SUNWam/lib/am_logging.jar:/AccessManager-base /SUNWam/lib/xercesImpl.jar:/AccessManager-base /SUNWam/lib/xmlParserAPIs.jar:/AccessManager-base /SUNWam/lib/jaas.jar:/AccessManager-base /SUNWam/lib/xmlParserAPIs.jar:/AccessManager-base /SUNWam/lib/servlet.jar:/AccessManager-base /SUNWam/locale:/AccessManager-base/SUNWam/lib/am_services.jar:/ AccessManager-base/SUNWam/lib/am_sdk.jar:/ AccessManager-base/SUNWam/lib/jss311.jar:/ AccessManager-base/SUNWam/lib:.

      -Djava.util.logging.manager=com.sun.identity.log.LogManager

      -Djava.util.logging.config.file=/AccessManager-base /SUNwam/lib/LogConfig.properties

    • If the Java 2 Platform, Standard Edition being used is earlier than 1.4, this is accomplished by invoking the following at the command line:

      java -Xbootclasspath/a:/AccessManager-base /SUNWam/lib/jdk_logging.jar -cp /AccessManager-base /SUNWam/lib/am_logging.jar:/AccessManager-base /SUNWam/lib/xercesImpl.jar:/AccessManager-base /SUNWam/lib/xmlParserAPIs.jar:/AccessManager-base /SUNWam/lib/jaas.jar:/AccessManager-base /SUNWam/lib/xmlParserAPIs.jar:/AccessManager-base /SUNWam/lib/servlet.jar:/AccessManager-base /SUNWam/locale:/AccessManager-base/SUNWam/lib/am_services.jar:/ AccessManager-base/SUNWam/lib/am_sdk.jar:/ AccessManager-base/SUNWam/lib/jss311.jar:/ AccessManager-base/SUNWam/lib:.

      -Djava.util.logging.manager=com.sun.identity.log.LogManager

      -Djava.util.logging.config.file=/AccessManager-base /SUNwam/lib/LogConfig.properties

  2. Ensure that the following parameters are configured in LogConfig.properties located in AccessManager-base/SUNWam/lib :

    • iplanet-am-logging-remote-handler=com.sun.identity.

      log.handlers.RemoteHandler

    • iplanet-am-logging-remote-formatter=com.sun.

      identity.log.handlers.RemoteFormatter

    • iplanet-am-logging-remote-buffer-size=1

      Remote logging supports buffering on the basis of the number of log records. This value defines the log buffer size by the number of records. Once the buffer is full, all buffered records will be flushed to the server.

    • iplanet-am-logging-buffer-time-in-seconds=3600

      This value defines the time-out period in which to invoke the log buffer-cleaner thread.

    • iplanet-am-logging-time-buffering-status=OFF

      This value defines whether log buffering (and the buffer-cleaner thread) is enabled. By default this feature is turned off.

      If timer-based buffering is enabled (iplanet-am-logging-time-buffering-status=ON), then the buffer of log records is flushed (to the AM server providing the logging service) when the number of log records reaches the value specified in iplanet-am-logging-remote-buffer-size, or when the timer expires (timeout specified in iplanet-am-logging-buffer-time-in-seconds). If the timer expires before the buffer size is reached, then the records contained in the buffer are sent. If timer-base buffering of remote logging is disabled, then the buffer size determines when the buffer gets flushed. For example, if the buffer size is 10, and the application only sends 7 records, the buffer will not get flushed, nor the log records written. If the application terminates, then the records in the buffer will get flushed.

    Note –

    Whenever a log file is empty, secure logging may show "verification failure." This is because when the number of created files is equal to the archive size, secure logging will archive from this set and start again. It most instances, you can ignore this error. Once the number of records is equal to the archive size, the error will not be displayed.

  3. If using a program with the Client SDK, the following properties in the AMConfig.properties file need to be set accordingly:

    • com.iplanet.am.naming.url

    • com.sun.identityagents.app.username

    • com.iplanet.am.service.password

    • com.iplanet.am.server.protocol

    • com.iplanet.am.server.host

    • com.iplanet.am.server.port

    Refer to the Client SDK samples README.clientsdk in the /opt/SUNWam/war directory. It details how the AMConfig.properties and the make files are generated for the /opt/SUNWam/war/clientsdk-samples directory. In turn, those files are used by the samples' makefiles' compile and run entries.