24 Managing Logging

This chapter describes logging by Oracle Internet Directory. For general information about logging in Oracle Fusion Middleware, see the Managing Log Files and Diagnostic Data chapter in the Oracle Fusion Middleware Administrator's Guide.This chapter contains these topics:

24.1 Introduction to Logging

Like other Oracle Fusion Middleware components, Oracle Internet Directory writes diagnostic log files in the Oracle Diagnostic Logging (ODL) format.

See Also:

Oracle Fusion Middleware Administrator's Guide for information about ODL.

Oracle Internet Directory tools and servers output their log and trace information to log files in the ORACLE_INSTANCE. Table 24-1 lists each component and the location of its corresponding log file.

Table 24-1 Oracle Internet Directory Log File Locations

Tool or Server Name Log File Name

Bulk Loader (bulkload)

ORACLE_INSTANCE/diagnostics/logs/OID/tools/bulkload.log

Bulk Modifier (bulkmodify)

ORACLE_INSTANCE/diagnostics/logs/OID/tools/bulkmodify.log

Bulk Delete Tool (bulkdelete

ORACLE_INSTANCE/diagnostics/logs/OID/tools/bulkdelete.log

Catalog Management Tool (catalog)

ORACLE_INSTANCE/diagnostics/logs/OID/tools/catalog.log

Data Export Tool (ldifwrite)

ORACLE_INSTANCE/diagnostics/logs/OID/tools/ldifwrite.log

Directory replication server (oidrepld)

ORACLE_INSTANCE/diagnostics/logs/OID/ componentName/oidrepld-XXXX.log where XXXX is a number from 0000 to orclmaxlogfilesconfigured.

Directory server (oidldapd)

ORACLE_INSTANCE/diagnostics/logs/OID/componentName/oidldapd01sPID-XXXX.log where:

  • 01 is the instance number, which is 01 by default

  • s stands for server

  • PID is the server process identifier

  • XXXX is a number from 0000 to orclmaxlogfilesconfigured

ORACLE_INSTANCE/diagnostics/logs/OID/componentName/oidstackInstNumberPID.log

Note: The oidstackInstNumber log files pertain to SIGSEGV/SIGBUS tracing. Also, empty files with this name are created during directory instance startup, and can be ignored.

LDAP dispatcher (oidldapd)

ORACLE_INSTANCE/diagnostics/logs/OID/componentName/oidldapd01-XXXX.log where 01 is the instance number, which defaults to 01, and XXXX is a number from 0000 to orclmaxlogfilesconfigured.

OID Monitor (OIDMON)

ORACLE_INSTANCE/diagnostics/logs/OID/componentName/oidmon-XXXX.log where XXXX is a number from 0000 to orclmaxlogfilesconfigured.


24.1.1 Features of Oracle Internet Directory Debug Logging

Oracle Internet Directory enables you to:

  • View logging information for the directory server, the directory replication server, and the directory integration server

  • Set the logging level

  • Specify one or more operations for which you want logging to occur

  • Search messages in a standard format to determine remedial action for fatal and serious errors

  • View trace messages according to their severity and order of importance

  • Diagnose Oracle Internet Directory components by examining trace messages with relevant information about, for example, entry DN, ACP evaluation, and the context of an operation

24.1.2 Interpreting Log Messages

This section discusses log messages—those associated with specified LDAP operations and those not. It provides an example of a trace log and explains how to interpret it.

Like other Oracle Fusion Middleware components, Oracle Internet Directory writes diagnostic log files in the Oracle Diagnostic Logging (ODL) format. The Oracle Fusion Middleware Administrator's Guide describes ODL format.

24.1.2.1 Log Messages for Specified LDAP Operations

Log messages for a specified operation are stored as a trace object. This object tracks the operation from start to finish across the various Oracle Internet Directory modules. It is entered in the log file when one of the following occur:

  • An LDAP operation completes

  • A high priority message is logged

  • The trace messages buffer is full

Each thread has one contiguous block of information for each operation, and that block is clearly delimited. This makes it easy, in a shared server environment, to follow the messages of different threads, operations, and connections.

If, because of an internal message buffer overflow, a single trace object cannot contain all the information about an operation, then the information is distributed among multiple trace objects. Each distributed piece of information is clearly delimited and has a common header. To track the progress of the operation, you follow the trace objects and their common header to the end, which is marked with the trace message "Operation Complete".

24.1.2.2 Log Messages Not Associated with Specified LDAP Operations

Messages not associated with any LDAP operation are represented in a simple format, which is not object-based. It is entered in the log file when either the operation completes or a high priority message is encountered.

A thread that does not perform an operation logs only trace messages. Its header contains the date, time, and the thread identifier. It does not contain the Execution Context ID (ECID) or connection and operation-related information.

A trace object starts with the keyword BEGIN and ends with the keyword END.

24.1.2.3 Example: Trace Messages in Oracle Internet Directory Server Log File

[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Starting up the OiD Server, on node srvhst.us.abccorp.com.
 
 
[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Oid Server Connected to DB store via inst1 connect string.
 
[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Loading Root DSE ...
 
[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Loading subschema subentry ...
 
[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Loading catalog entry ...
 
[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: OiD LDAP server started.
 
[2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 2] ServerDispatcher : Thread Started
 
[2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 1] ServerDispatcher : Thread Started
 
[2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 3] ServerWorker (REG): Thread Started
 
[2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 4] ServerWorker (REG): Thread Started
 
[2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 5] ServerWorker (SPW): Thread Started
 
 
[2008-11-14T15:28:47-08:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 3] [ecid: 004MuuNFY7UCknT6uBU4UH0001i30000Ee,0] ServerWorker (REG):[[
BEGIN
 ConnID:87 mesgID:2 OpID:1  OpName:bind ConnIP:170.90.11.210 ConnDN:cn=orcladmin
15:28:47-08:00 * gslfbiADoBind * Entry
15:28:47-08:00 * gslfbiGetControlInfo * Entry
15:28:47-08:00 * gslfbiGetControlInfo * Exit
15:28:47-08:00 * gslfbidbDoBind *  Version=3 BIND dn="cn=orcladmin" method=128
15:28:47-08:00 * gslsbnrNormalizeString * String to Normalize: "orcladmin"
15:28:47-08:01 * gslsbnrNormalizeString * Normalized value: "orcladmin"
15:28:47-08:01 * gslfrsBSendLdapResult * Entry
15:28:47-08:01 * gslfrsASendLdapResult2 * Entry 
15:28:47-08:01 * sgslunwWrite * Entry
15:28:47-08:01 * sgslunwWrite * Exit
15:28:47-08:01 * gslfrsASendLdapResult2 * Exit
15:28:47-08:01 * gslfrsBSendLdapResult * Exit
15:28:47-08:01 * gslfbiADoBind * Exit
TOTAL Worker time :  4402  micro sec
END
]]
 
 
[2008-11-14T15:28:56-08:01] [OID] [TRACE:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 4] [ecid: 004MuuNqbefCknT6uBU4UH0001i30000Lf,0] ServerWorker (REG):[[
BEGIN
 ConnID:126 mesgID:1 OpID:0  OpName:bind ConnIP:170.90.11.210 ConnDN:Anonymous
15:28:56-08:01 * gslfbiADoBind * Entry
15:28:56-08:01 * gslfbiGetControlInfo * Entry
15:28:56-08:01 * gslfbiGetControlInfo * Exit
15:28:56-08:01 * gslfbidbDoBind *  Version=3 BIND dn="" method=128
15:28:56-08:01 * gslfrsBSendLdapResult * Entry
15:28:56-08:01 * gslfrsASendLdapResult2 * Entry 
15:28:56-08:01 * sgslunwWrite * Entry
15:28:56-08:02 * sgslunwWrite * Exit
15:28:56-08:02 * gslfrsASendLdapResult2 * Exit
15:28:56-08:02 * gslfrsBSendLdapResult * Exit
15:28:56-08:02 * gslfbiADoBind * Exit
TOTAL Worker time :  2591  micro sec
END
]]

24.2 Managing Logging by Using Fusion Middleware Control

You can view log files and configure debug logging with Oracle Enterprise Manager Fusion Middleware Control.

24.2.1 Viewing Log Files by Using Fusion Middleware Control

Select Log Messages to view as follows:

  1. From the Oracle Internet Directory menu, select Logs, then View Log Messages. The Log Messages page appears.

  2. Select the date range for the logs you want to view. You can select Most Recent, by minutes, hours or days. Alternatively, you can select a Time Interval and specify the date and time to start and end.

  3. Select the Message Types you want to view.

  4. Specify the Maximum Rows Displayed.

  5. From the View list, select Columns to change the columns shown. Select Reorder Columns to change the order of the columns.

  6. Within each column, you can toggle between ascending and descending order by choosing the up or down arrow in the column header.

  7. From the Show list, choose whether to show all messages, a summary by message type, or a summary by message id.

  8. To perform a specific search, choose Add Fields and add fields to search on. For each field, select a criterion from the list, then enter text into the box. Choose the red X to delete a field. Choose Add Fields to add additional fields. When you have finished adding criteria, choose Search.

  9. Use the Broaden Target Scope list to view messages for the Domain.

  10. Choose Export Messages to File to export the log messages to a file as XML, text, or comma-separated list.

  11. Click Target Log Files to view information about individual log files.

  12. You can indicate when to refresh the view. Select Manual Refresh, 30-Second Refresh, or One Minute Refresh from the list on the upper right.

  13. Use the View list to change the columns listed or to reorder columns.

  14. Use the Show list to change the grouping of messages.

  15. Collapse the Search label to view only the list of log messages.

  16. To view the contents of a log file, double click the file name in the Log File column. The View Log File: filename page is displayed. You can use the up and down arrows in the Time, Message Type, and Message ID to reorder the records in the file.

24.2.2 Configuring Logging by Using Fusion Middleware Control

Table 24-2 Configuration Attributes on Server Properties Page, Logging Tab

Field or Heading Configuration Attribute

Debug Level

orcldebugflag

Operations Enabled for Debug

orcldebugop

Maximum Log File Size (MB)

orclmaxlogfilesize

Maximum Number of Log Files to Keep in Rotation

orclmaxlogfiles


To configure logging:

  1. Select Administration, then Server Properties from the Oracle Internet Directory menu, then select Logging.

  2. Under Debug Level, select the types of activity to be logged.

  3. Under Operations Enabled for Debug, enable the LDAP operations that you want logged.

  4. Under Logging, specify values for Maximum log file size (MB) and Maximum number of log files to keep in rotation. The defaults are 1 MB and 100 log files, respectively.

Note:

Values you set on the Logging tab of the Server Properties page control LDAP server debugging. To set a value for Replication server debugging, use the Replication tab of the Shared properties page as described in Section 43.2.8, "Configuring the Replication Debug Level by Using Fusion Middleware Control."

24.3 Managing Logging from the Command Line

This section contains the following topics:

24.3.1 Viewing Log Files from the Command Line

You can view Oracle Internet Directory log files in a text editor. See Section 24.1, "Oracle Internet Directory Log File Locations."

24.3.2 Setting Debug Logging Levels by Using the Command Line

You set debug logging levels by using the ldapmodify command.

Because debug levels are additive, you must add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option.

By default, debug logging is turned off. To turn it on, modify the attribute orcldebugflag in the instance-specific configuration entry to the level you want.

Note:

The DN of an instance-specific configuration entry has the form:

cn=componentname,cn=osdldapd, cn=subconfigsubentry

You can configure debug levels to one of the following levels.

Table 24-3 shows values for OrclDebugFlag.

Table 24-3 Values for OrclDebugFlag

Value Operation

1

Heavy trace debugging

128

Debug packet handling

256

Connection management

512

Search filter processing

1024

Entry parsing

2048

Configuration file processing

8192

Access control list processing

491520

Log of communication with DB

524288

Schema related operations

4194304

Replication specific ops

8388608

Log of entries, operations, and results for each connection

16777216

Trace function call arguments

67108864

Number and identity of clients connected to this server

117440511

All possible operations and data

134217728

All Java plug-in debug messages and internal server messages related to the Java plug-in framework

268435456

All messages passed by a Java plug-in using the ServerLog object.

402653184

Both of the above


For example, to trace search filter processing (512) and connection management (256), enter 768 as the debug level (512 + 256 = 768).

You can use orcldebugflag to turn logging on and off. For example, to turn logging on by setting the value of orcldebugflag to 1 for the instance oid1, use this command:

ldapmodify -p oidPort -D cn=orcladmin -w adminPasswd -f debugOn.ldif

where debugOn.ldif contains:

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orcldebugflag
orcldebugflag: 1

To turn logging off, set the value of orcldebugflag to 0 for the instance. For example, to turn debugging off for the instance oid1, use this command:

ldapmodify -p oidPort -D cn=orcladmin -w adminPasswd -f debugOff.ldif

where debugOff.ldif contains:

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orcldebugflag
orcldebugflag: 0

Note:

The value of orcldebugflag controls LDAP server debugging. To control Replication server debugging, set the value of orcldebuglevel, as described in Section 43.3.7, "Configuring Attributes of the Replication Configuration Set by Using ldapmodify."

24.3.3 Setting the Debug Operation by Using the Command Line

To make logging more focused, set the debug operations. For example, to limit logging to particular directory server operations, specify those operations. Table 24-4 shows these operations. Any subset of these values can be configured by adding the codes together. For example, to set debugging for ldapbind and ldapadd, set the value 5 because 1 + 4 = 5.

Table 24-4 Debug Operations

Debug Operation Provides Information Regarding

1

ldapbind

2

ldapunbind

4

ldapadd

8

ldapdelete

16

ldapmodify

32

ldapmodrdn

64

ldapcompare

128

ldapsearch

256

ldapabandon

511

All LDAP operations


To log more than one operation, add the values of their dimensions. For example, if you want to trace ldapbind (1), ldapadd (4) and ldapmodify (16) operations, then create an LDIF file setting the orcldebugop attribute to 21 (1 + 4 + 16 = 21). The LDIF file is as follows:

dn: cn=componentname,cn=osdldapd,cn=subconfigsubentry
changetype:modify
replace:orcldebugop
orcldebugop:21

To load this file, enter:

ldapmodify -D "cn=orcladmin" -q -h host_name -p port_number -f file_name

24.3.4 Force Flushing the Trace Information to a Log File

To minimize the performance overhead in I/O operations, debug messages are flushed to the log file periodically instead of every time a message is logged by the directory server. Writing to the log file is performed when one of the following occur:

  • An LDAP operation completes

  • A high priority message is logged

  • The trace messages buffer is full

You can, however, view the trace messages in the log file as they are logged without having to wait for the periodic flush. To do this, set the instance-specific configuration entry attribute orcldebugforceflush to 1. Do this by using ldapmodify as shown in the following example.

Example 24-1 Enabling Force Flushing

To enable force flushing by using ldapmodify:

  1. Create an LDIF file as follows:

    dn: cn=componentname,cn=osdldapd,cn=subconfigsubentry
    changetype: modify
    replace: orcldebugforceflush
    orcldebugforceflush: 1
    
  2. Load this file by entering the following:

    ldapmodify -D "cn=orcladmin" -q -h host_name -p port_number -f file_name
    

Notes:

  • When force flushing is enabled, the format of the trace message object for every operation becomes fragmented.

  • By default, force flushing is disabled. After you have flushed the necessary information to the log file, you should disable force flushing.

See Also:

"Oracle Identity Management LDAP Attribute Reference" in Oracle Fusion Middleware Reference for Oracle Identity Management for information about the orcldebugforceflush attribute