Sun ONE Identity Synchronization for Windows Installation and Configuration Guide |
Chapter 9
Logs and StatusIdentity Synchronization for Windows logs information into an Audit Log and Error Log. The Audit Log provides information for day-to-day operations which include error conditions that are contained in the Error Log. The Error Log essentially acts as a filter such that only error entries are displayed.
This chapter includes the following sections:
Setting Log Levels
- Access the Console.
- In the navigation tree, expand the relevant domain, host, and server group tree nodes where Identity Synchronization for Windows has been installed.
- Select the appropriate Identity Synchronization for Windows instance and press Open.
- Enter the configuration password.
- At the console press the Configuration tab.
- In the navigation tree, select Log. The Log Files configuration window (Figure 9-1) contains the following:
- Write logs to file. Select this option to write logs to a file on the core host. After selecting this you may:
- Select the Default log directory and file.
- Specify a path and filename for the log file.
- (Solaris Only) Write logs to syslog daemon with facility. Select this option if Identity Synchronization for Windows resides on a Solaris platform. Choose from the drop down menu the method to write the log. Daemon is the default.
- Log Level. Choose from the drop down menu the level of logging for the system. The choices run from INFO to FINEST. See "Log Format" for more information.
Figure 9-1 Log Files Configuration
- If desired, select Write logs to file and then select either the default log file or specify a path and file.
- If logging on a Solaris system, check the box next to (Solaris Only) Write logs to syslog daemon with facility. Then select the facility from the drop down menu. Daemon is the default.
- Select from the Log Level drop down menu the appropriate level.
Refer to "Log Levels" for details on log level values.
- Press Save to create the log file with the selected options.
Viewing the Audit or Error File
- Access the Console.
- In the navigation tree, expand the relevant domain, host, and server group tree nodes where Identity Synchronization for Windows has been installed.
- Select the appropriate Identity Synchronization for Windows instance and press Open.
- Enter the configuration password.
- At the Identity Synchronization for Windows console press the Status tab.
- In the navigation tree, expand Log and select Audit or Error file.
The Audit file contents are displayed as shown in Figure 9-2.
Figure 9-2 The Audit Log
The Audit or Error Status tab includes the following:
- Refresh. Press refresh to load the latest audit or error information.
- Continuous. Check Continuous to constantly load the latest audit or error information.
- Log File: Log File is the full path name of the audit or error log being read; for example:
C:\Program Files\Sun\MPS\psw-hostname\logs\central\audit.log
- Lines to show: Enter the number of audit or error entries to display. The default is 25.
- Time/Date. This is the time and date of the log entry.
- Level. This is the priority of this entry.
- Thread ID. This is the Java thread ID of the function generating the event.
- Connector ID. This is the connector issuing the event.
- Host. This is the fully qualified domain name of the host generating the event.
- Message. Information associated with the event.
Understanding LogsIdentity Synchronization for Windows has several log files. The central logs are the primary logs to monitor, but each component also has local logs, which can be used to diagnose problems with the connector if it cannot log to the central logger.
Note
The number of each type of log file grows one per day indefinitely. Save or delete old logs to prevent running out of disk space.
Central Logs
Logs from all Identity Synchronization for Windows components are aggregated by the central logger. The central logs are the primary logs to monitor. As long as components can access the Sun ONE Message Queue, all error and audit messages will be logged here. These centralized logs, which include messages from all components, are located in the following directory on the machine where core is installed:
<installation-root>/isw-machine-name/logs/central/
The specific logs are
Table 9-1 Identity Synchronization for Window Log Types
Each central log also includes information on each component ID. For example,
[2003/03/14 14:48:23.296 -0600] INFO 13 "System Component Information: SysMgr_100 is the system manager (CORE); console is the Product Console User Interface; CNN100 is the connector that manages [airius.com (ldaps:// server1.airius.com:636)]; CNN101 is the connector that manages [dc=airius,dc=com (ldap:// server2.airius.com:389)];"
Local Component Logs
Each connector, the System Manager, and the Central Logger have the following local logs:
Table 9-2 Local Logs
These are located in the following subdirectories:
<installation-root>/isw-machine-name/logs/
The sysmgr and clogger100 (central logger) directories are on the machine where core is installed.
These logs are rotated daily by moving the current log to a log file that includes the date as follows:
audit_2003_03_24.log
Local Subcomponent Logs
The following subcomponents also have local logs:
These are located in the SUBC1XX (e.g. SUBC100) subdirectories of:
<installation-root>/psw-machine-name/logs/ directory.
These are limited to 1 MB in size, and the last 10 logs are kept.
Action ID
An action encompasses a single synchronization event. Log messages about the same action can be identified using the action’s unique ID in the log.
Log messages for these actions also include a sequence number, which is increased for each log message. These sequence numbers can be used to order log messages which might arrive out of order at the central logger. In the following example CNN101-F3EE4A69F5-64 is the action ID and 6 is the sequence number of this log message:
Action ID=CNN101-F3EE4A69F5-64, SN=6
Log Format
Each log message includes the following information:
Time, Log Level, Thread ID, Component ID, Machine name, Log Message, [Action ID]
For example,
[02/Oct/2003:15:30:55.609 -0600] INFO 27 CNN101 server1 "Action processed successfully." (Action ID=CNN101-F3EE4A69F5-64, SN=6)
Log Levels
Log levels, which are included in each log message, are used to indicate the severity and verbosity of a log message. The log levels used in Identity Synchronization for Windows are:
Table 9-3 Log Levels
Viewing Directory Source Status
- Access the Console.
- In the navigation tree, expand the relevant domain, host, and server group tree nodes where Identity Synchronization for Windows has been installed.
- Select the appropriate Identity Synchronization for Windows instance and press Open.
- Enter the configuration password.
- At the Identity Synchronization for Windows console press the Status tab.
- In the navigation tree, expand Directory Source and select the appropriate source.
The directory source contents are displayed as shown in Figure 9-3.
Figure 9-3 Directory Source Status
Note
When viewing the Directory Source status you are essentially viewing the status of the connector associated with that Directory Source.
The Directory Source Status tab includes the following:
- Update. Press Update to refresh the information in this window.
- State. State reflects the current state of the directory source. Valid states include:
- Uninstalled. The connector has not been installed.
- Installed. The connector has been installed, but is not ready for synchronization yet. It has not received its runtime configuration yet.
- Ready. The connector is ready for synchronization, but it is currently not synchronizing any objects yet.
- Syncing. The connector is synchronizing objects.
- Active. Active notifies whether the directory source is active or down.
- Last Communication. This is the time of the last response from this directory source’s connector.