Mobile Security Access Server (MSAS) components generate log files containing messages that record all types of events. This chapter describes how to view and manage log files to assist in monitoring system activity and in diagnosing problems.
It contains the following sections:
Mobile Security Access Server (MSAS) components generate log messages that record all types of events, including startup and shutdown information, errors, warning messages, and access information on HTTP requests.
To capture log messages, loggers are provided for each MSAS component, as described in Table 9-1.
Table 9-1 Loggers for MSAS Components
| Logger Name | MSAS Component |
|---|---|
|
|
MSAS common libraries |
|
|
MSAS management client |
|
|
MSAS run-time server |
|
|
MSAS security artifacts snapshot manager |
|
|
OPSS libraries |
|
|
Oracle Web Services Manager (Oracle WSM) run-time libraries |
|
|
Jersey JAX-RS |
Table 9-2 defines the valid logging levels that you can configure for each MSAS component logger defined in the previous table.The log configuration applies to the logical MSAS instance, and is used by all physical MSAS instances to which the logical instance is bound.
Table 9-2 Logging Level Values
| Logging Level | Description |
|---|---|
|
|
Serious problem that requires immediate attention from the administrator and is not caused by a bug in the product. |
|
|
Potential problem that should be reviewed by the administrator. |
|
|
Major lifecycle event such as the activation or deactivation of a primary sub-component or feature. |
|
|
Configuration information to assist in debugging problems that may be associated with particular configurations |
|
|
Detailed tracing messages that can cause a small performance impact. You can enable this level occasionally on a production environment to debug problems. |
|
|
Fairly detailed tracing messages that can cause a high performance impact. This level should not be enabled on a production environment, except on special situations to debug problems. |
|
|
Highly detailed tracing messaged that can cause a very high performance impact. This level should not be enabled in a production environment. It is intended to be used to debug the product on a test or development environment. |
MSAS log files are stored in the following directory:
instance_root/instance_name/log
In this pathname, instance_root is the root directory you specified when you created the instance, and instance_name is the name of the instance. By default, instance_root is MW_HOME/instances, and MW_HOME is the Middleware home directory in which you installed Mobile Security Access Server.
The current MSAS log file is named as follows: instance_root/instance_name-diagnostic-0.log. For example: MSAS-123456-diagnostic-0.log. When the current log file reaches 10 MB, it will be backed up to a file using the following format: instance_root/instance_name-diagnostic-n.log, where n starts at 1 and is incremented by 1 for each additional log file that is backed up.
You can configure the message levels using MSAS Console or WLST commands, as described in the following topics:
To configure the log levels using the MSAS console pages:
From the Oracle Access Management home page, click the Mobile Security tab from the list of tabs at the top of the page.
From the Mobile Security Launch Pad, click Environments in the Mobile Security Access Server section.
The Environments page opens in a new tab.
Click Instances in the MSAS Environment section.
The MSAS Instances page opens in a new tab.
Click Configure for the MSAS instance that you want to configure.
The MSAS Instance Configuration page opens in a new tab.
Click System Settings and expand the Log Configuration section.
The list of loggers and associated logging levels are shown in the table. Optionally, use the View menu to change the display or order of the columns.
To configure the log level for a MSAS component logger:
If the logger does not exist in the table, click Add to add a new row to the table and enter the name of the logger in the Logger Name row. For a list of valid loggers, see Table 9-1.
Select a log level for the logger from the drop down list.
To delete a logger configuration, select the logger in the table and click Remove.
Click Apply to save the configuration changes or Revert to revert them.
You can use WLST commands to configure log levels for the MSAS components. Specifically, you can perform the following configuration tasks:
Get the message level for a specific logger using the getMSASLogLevel() command, as described in "Getting the Log Level Using WLST".
Set the message level for a logger using the setMSASLogLevel() command, as described in "Setting the Log Level Using WLST".
List the configured message levels for all loggers using the listMSASLoggers() command, as described in "Getting a List of Loggers".
You must connect to the Mobile Security Manager Administration Server before you can use the MSAS management commands. For more information, see "Accessing the MSAS WLST Commands".
You can view the log level for an MSAS component using the getMSASLogLevel WLST command.
For example, to view the log level for the MSAS common libraries, use the following command:
getMSASLogLevel('myMSASInstance','oracle.idm.gateway.common')
SEVERE
In this example, the log level for the oracle.idm.gateway.common logger is set to SEVERE.
In the following example, the MSAS run-time server Logger oracle.idm.gateway.grs is not configured for the MSAS instance myMSASInstance. In this case, it will inherit the configuration from parent logger (<root>).
getMSASLogLevel('myMSASInstance','oracle.idm.gateway.grs')
Logger "oracle.idm.gateway.grs" is not configured for the MSAS instance "myMSASInstance". Hence it will inherit the configuration from parent logger.
You can set the log level for an MSAS component using the setMSASLogLevel WLST command. For example, to set the log level for the MSAS run-time server, use the following command:
setMSASLogLevel('myMSASInstance', 'oracle.idm.gateway.grs', 'WARNING')
Logging configuration for the MSAS instance "myMSASInstance" updated successfully.
To get a list of loggers that have been configured for the MSAS instance myMSASInstance, use the following listMSASLoggers command, as follows:
listMSASLoggers('myMSASInstance')
-------------------------------------------------+-----------------
Logger | Level
-------------------------------------------------+-----------------
<root> | INFO
oracle.idm.gatewya.grs | FINEST
oracle.wsm | SEVERE
The MSAS access log records all requests processed by the server and is stored in the standard log directory using the name access.log:
instance_root/instance_name/log/access.log
Access logs are enabled by default, but you can disable them if desired using the following configuration property:
Category: ServerSettings
Property Name: access.log.enabled
For details about setting this property, see "Configuring Access Log Settings Using WLST".
The access log uses the format:
%h %u %t \"%r\" %{X-Original-Scheme}i %{X-Original-URL}i %s %b %D
where:
%h—Remote host
%u—Remote user
%t—Time the request was received (standard english format)
%r—First line of request
%{X-Original-Scheme}i—Value of X-Original-Scheme header (if present)
%{X-Original-URL}i—Value of X-Original-URL header (if present)
%s - Status of the request
%b - Size of response in bytes, excluding HTTP headers
%D - The time taken to serve the request, in microseconds.
Note:
The format of the access.log file is based on the Apache Module mod_log_config file format athttp://httpd.apache.org/docs/2.2/mod/mod_log_config.html.