This section describes the different kinds of logs that are available for Identity Synchronization for Windows:
As long as Identity Synchronization for Windows components can access Message Queue, all audit and error messages will be logged in the Identity Synchronization for Windows central logger. Consequently, these central logs (which include messages from all components) are the primary logs to monitor.
The centralized logs are located on the machine where Core is installed, in the following directories:
On Solaris: /var/opt/SUNWisw/logs
On Linux: /var/opt/sun/isw/logs
On Windows: installation_root/isw-machine_name /logs/central/
Log Name |
Description |
A superset of error.log that includes messages about each synchronization event. |
|
Each central log also includes information about each component ID. For example,
[2003/03/14 14:48:23.296 -0600] INFO 13 "System Component Information: SysMgr_100 is the system manager (CORE); console is the Product Console User Interface; CNN100 is the connector that manages [example.com (ldaps:// server1.example.com:636)]; CNN101 is the connector that manages [dc=example,dc=com (ldap:// server2.example.com:389)];" |
In addition to the central logger, each component has it’s own local logs. You can use these local logs to diagnose problems with the connector if it cannot log to the central logger.
Each connector, the system manager, and the central logger have the following local logs:
Table 11–2 Local Logs
These local logs are located in the following subdirectories:
On Solaris: /var/opt/SUNWisw/logs
On Linux: /var/opt/sun/isw/logs
On Windows: installation_root/isw-machine_name /logs/central/
The sysmgr and clogger100 (central logger) directories are on the machine where Core is installed.
Identity Synchronization for Windows rotates these local component logs daily by moving the current log to a log file that includes the date, as follows:
audit_2004_08_06.log
By default, Identity Synchronization for Windows deletes connector logs after ten days. You can extend this period by editing the com.sun.directory.wps.logging.maxmiumDaysToKeepOldLogs value in the Log.properties file and restarting the service daemon.
The following Windows NT subcomponents also have local logs:
Password Filter DLL
These subcomponent logs are located in the SUBC1XX (for example, SUBC100) subdirectories of the following directory:
installation_root/isw-machine_name/logs/
Identity Synchronization for Windows limits these files to 1 MB in size, and keeps only the last 10 logs.
The Directory Server Plug-in logs information through the Directory Server connector to the central log and through the Directory Server logging facility. Consequently, local Directory Server Plug-in log messages will also be saved in the Directory Server error log.
Directory Server saves information into the error log from other Directory Server Plug-ins and components. To identify messages from the Identity Synchronization for Windows Directory Server Plug-in, you can filter out lines containing the isw string.
By default, only minimal Plug-in log messages are displayed in the error log. For example:
[14/Jun/2004:17:08:36 -0500] - ERROR<38747> - isw - conn=-1 op=-1 msgId=-1 - Plug-ins unable to establish connection to DS Connector at attila:1388, will retry later
You can change the default verbosity level of the Directory Server error log through DSCC as follows:
Log in to Directory Service Control Center.
On the Directory Servers tab page, click the server whose log level you want to configure.
Select the Server Configuration tab, then the Error Logging tab.
In the General -> Additional Items to Log section, select Plug-Ins.
Click Save.
You can enable plug-in logging using the command line.
$ dsconf set-log-prop errors level:err-plugins
For more information about Directory Server logging, refer to Chapter 14, Directory Server Logging, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.