1. Administering Oracle Access Management
  2. Logging, Auditing, Reporting and Monitoring Performance
  3. Monitoring Performance and Logs with Fusion Middleware Control

12 Monitoring Performance and Logs with Fusion Middleware Control

Live, dynamic performance metrics can be viewed in Fusion Middleware Control.

You can monitor performance and log messages for Access Manager using Oracle Fusion Middleware Control. This chapter focuses on general tasks that Administrators can perform from Fusion Middleware Control, which does not replace details in Overview of Oracle Fusion Middleware Administration Tools in Administering Oracle Fusion Middleware.

Note:

Unless explicitly stated, information in this chapter is the same for both services. There are no metrics in Oracle Fusion Middleware Control for Identity Federation.

This chapter includes the following topics.

12.1 Introduction to Fusion Middleware Control

Within Fusion Middleware Control, information is updated dynamically during live sessions of Access Manager and other products. Fusion Middleware Control organizes a wide variety of performance data and administrative functions into distinct Web-based pages. This helps Administrators easily locate the most important monitoring data and the most commonly used administrative functions from a Web browser.

Note:

Enterprise Manager Grid Control is an independently licensed product that provides additional capabilities not found in Fusion Middleware Control (primarily, the ability to collect and maintain data for historical purposes and trending).

Oracle Access Management 12c is deployed as a Java EE application in a WebLogic container. For high availability and failover, Oracle Access Management is typically deployed in a WebLogic cluster environment.

A WebLogic Server domain can have multiple clusters. To provide monitoring and performance statistics for all clustered components requires a composite target. This target provides status and rolled-up load and response performance metrics for member instances. In addition to the metrics exposed for Access Manager and Security Token Service, generic performance metrics are also available for Java EE application and composite Java EE applications.

Fusion Middleware Control must be deployed with Oracle Access Management on the WebLogic Administration Server, as illustrated in Figure 12-1 (and described in the Installing and Configuring Oracle Identity and Access Management).

Figure 12-1 Fusion Middleware Control (AS-Control) Deployment Architecture

Description of Figure 12-1 follows
Description of "Figure 12-1 Fusion Middleware Control (AS-Control) Deployment Architecture "

Using Fusion Middleware Control for targets is supported through the Oracle Dynamic Monitoring Systems instrumentation within Oracle Access Management. This instrumentation is used to provide:

  • Performance overview and drill down

  • Log message searches and dynamic log level changes

  • Routing topology overview

  • Mbean browser

  • Component- and cluster-level metrics for Access Manager with Security Token Service

12.2 Logging In to and Out of Fusion Middleware Control

The Fusion Middleware Control Login page provides the usual fields for the User Name and Password.

The bottom of the Fusion Middleware Control Login page provides topics that you can click for additional information. This section provides the following topics:

12.2.1 Logging In To Fusion Middleware Control

Only Fusion Middleware Control Administrators log in to Fusion Middleware Control.

See Also:

Oracle Fusion Middleware Administrator's Guide for details about getting started using Fusion Middleware Control

  1. In a browser window, enter the URL to Fusion Middleware Control. For example:
    http://host.example.com:8888/em/
  2. Expand a topic at the bottom of the Login page to learn about the enhanced user experience or new features.
  3. Log in as a Fusion Middleware Control Administrator.
  4. Choose the farm containing Oracle Access Management, if needed.
  5. Help: From the Farm Resource Center on the OAM Farm page, choose topics of interest (or click Help in the upper-right corner of the page) to get more information.
  6. Proceed to any topic in this chapter for viewing and configuration details.

12.2.2 Logging Out of Fusion Middleware Control

You can log out of Fusion Middleware Control.

  1. Click the Log Out link in the upper-right corner of Fusion Middleware Control.
  2. Close the browser window.

12.3 Displaying Menus and Pages in Fusion Middleware Control

Fusion Middleware Control displays OAM Farm page and associated information, summary, and cluster or server pages.

This section provides the following topics for Access Manager and Security Token Service:

See Also:

Oracle Fusion Middleware Administrator's Guide for details about getting started using Fusion Middleware Control

12.3.1 Farm Page in Fusion Middleware Control

Each OAM Farm page in Fusion Middleware Controlincludes similar information.

Figure 12-2 illustrates the OAM Farm page in Fusion Middleware Control. The Farm Resource Center provides immediate access to online information.

Figure 12-2 OAM Farm Page in Fusion Middleware Control

Description of Figure 12-2 follows
Description of "Figure 12-2 OAM Farm Page in Fusion Middleware Control"

Sections on the Farm page are described in Table 12-1.

Table 12-1 Farm Page Sections

Farm Page Sections Description

Deployments

Within the farm, this section displays the Status and Target of each Internal Application within the Application Deployment.

Clicking any link in the Deployments section (or in the navigation tree) displays a page containing more information.

Fusion Middleware

Within the farm, this section displays the status, host, and CPU usage for server instances in the:

  • WebLogic Server domain

  • Identity and Access

Clicking any link on the page (or in the navigation tree) displays a page containing a more detailed summary.

Farm Resource Center

Provides a wealth of online information in the following categories:

  • Information that is useful before you begin using Fusion Middleware Control

  • Administrator tasks using Fusion Middleware Control

  • Other resources

Clicking any link in the resource center displays information on the chosen subject. With a wealth of information online, these details are not repeated in this book.

The navigation tree on the left side of the page, like the one in Figure 12-3, enables you to choose a specific instance (target) on which to operate regardless of the page you are currently viewing. Target names in your environment will be different.

Figure 12-3 Farm Navigation Tree in Fusion Middleware Control

Description of Figure 12-3 follows
Description of "Figure 12-3 Farm Navigation Tree in Fusion Middleware Control"

For more information, see "Logging In To Fusion Middleware Control".

See Also:

"Displaying Menus and Pages in Fusion Middleware Control"

12.3.2 Context Menus and Pages in Fusion Middleware Control

For Oracle Access Management, Farm details in Fusion Middleware Control are divided into four nodes within the navigation tree.

The nodes are:

  • Application Deployments

  • Internal Applications (includes logout page and other details for the OAM AdminServer and OAM Server instances)

  • WebLogic Server domains (WebLogic Server details, including the OAM Farm)

  • Identity and Access (includes OAN Cluster or individual OAM Server instances)

Clicking a node in the navigation tree displays an information page with individual links and a description of the Target, Type, and Full Name, as shown in Figure 12-4 for Application Deployments.

Figure 12-4 Node Information Page in Fusion Middleware Control

Description of Figure 12-4 follows
Description of "Figure 12-4 Node Information Page in Fusion Middleware Control"

Clicking an instance (target) name (from either the navigation tree or a page), displays a context menu and a more detailed summary page. The Internal Application target is highlighted in the navigation tree and a page of the same name is displayed on the right. The context menu is available beneath the target name at the top of the page, as shown in Figure 12-5.

Figure 12-5 Application Deployment Summary for the Selected Internal Application

Description of Figure 12-5 follows
Description of "Figure 12-5 Application Deployment Summary for the Selected Internal Application"

The Application Deployment menu is shown in Figure 12-6.

Figure 12-6 Application Deployment Menu

Description of Figure 12-6 follows
Description of "Figure 12-6 Application Deployment Menu"

WebLogic Server domain: The WebLogic Server domain page is shown in Figure 12-7 with the corresponding menu displayed. The Oracle WebLogic Server domain Resource Center, with links to online documentation, is visible in the bottom-left corner. This page more closely resembles the Farm landing page.

Figure 12-7 WebLogic Server Domain Summary with Context Menu Exposed

Description of Figure 12-7 follows
Description of "Figure 12-7 WebLogic Server Domain Summary with Context Menu Exposed"

Selecting a target name within the WebLogic Server domain node displays a target summary page that more closely resembles the Application Deployment page in Figure 12-5.

For more information, see "Displaying Context Menus and Target Details in Fusion Middleware Control".

See Also:

"Viewing Performance in Fusion Middleware Control" for information about the Identity and Access node and related pages.

12.3.3 Displaying Context Menus and Target Details in Fusion Middleware Control

Fusion Middleware Control Administrators can view context menus and target pages.

Note:

From the Farm Resource Center on the OAM Farm page, choose topics of interest (or click Help in the upper-right corner of the page) to get more information.

See Also:

"Context Menus and Pages in Fusion Middleware Control"

  1. Log in as described in "Logging In To Fusion Middleware Control".
  2. Expand the Farm containing Oracle Access Management, if needed.
  3. Information Pages: From the navigation tree, click one of the following to display the related information page:

    • Application Deployments

    • WebLogic Server domain

    • Identity and Access

  4. Menus and Summary Pages: Click an instance name (in either the navigation tree or the related page) to display a summary page and menu (Figure 12-5 and Figure 12-6).
  5. Cluster or Server Pages: See "Viewing Performance in Fusion Middleware Control".

12.4 Viewing Performance in Fusion Middleware Control

Fusion Middleware Control provides various performance metrics for administrators.

The following sections provide more details:

12.4.1 Resulting Pages for Selected Nodes and Targets

Using Fusion Middleware Control, you can view performance metrics for live sessions in a variety of formats.

Fusion Middleware Control provides Administrators with:

  • A cluster-wide view of performance for Access Manager with Security Token Service

  • A per-server drill-down of key performance metrics

  • The ability to quickly add or remove performance metrics

Table 12-2 summarizes the pages for selected nodes and target instances.

Table 12-2 Resulting Pages for Selected Nodes and Targets

Node Target Information Summary Page Performance Overview Performance Summary w/Metrics

Application Deployment

Internal Applications

...AdminServer

oamsso_logout AdminServer

oamsso_logout oam_server

Yes

Yes

Yes

No

No

No

Yes

Yes

Yes

WebLogic Server domain

oam_bd (Cluster name)

AdminServer

oam_server

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Identity and Access

OAM (Cluster)

oam_server (Server)

No

No

Yes

Yes

Yes

Yes

Note:

Security Token Service performance is included with relevant OAM Cluster and Server pages.

12.4.2 Performance Overview Pages in Fusion Middleware Control

The Fusion Middleware Control Performance Overview can be used to reflect WebLogic cluster information down to specific performance metrics for individual Cluster and Server targets.

Cluster Page: The top node within Identity and Access leads to a page for the OAM Cluster Deployment, which includes a Performance Overview. For Figure 12-8, the Cluster is selected in the navigation tree, beneath the Identity and Access node. Figure 12-8 illustrates the Cluster Deployments and Performance Overview sections. This page includes a table for Token Issuance and Token Validations.

Figure 12-8 Cluster Page

Description of Figure 12-8 follows
Description of "Figure 12-8 Cluster Page "

OAM Server Pages: Selecting an OAM Server target name from the navigation tree (or the open page), displays a Performance Overview for the target. At the top of the OAM Server page, a summary of Key Metrics for the server instances appears instead of the Cluster Deployment section. Figure 12-9 illustrates the OAM Server instance Key Metrics, which include Token Issuance and Token Validations per second. The Token Validation success rate is included.

Figure 12-9 Key Metrics for Server Page

Description of Figure 12-9 follows
Description of "Figure 12-9 Key Metrics for Server Page "

Table 12-3 describes the elements of the Performance Overview for Clusters and OAM Server instances in Fusion Middleware Control. There are only a few differences.

Table 12-3 Summary of Performance Overviews in Fusion Middleware Control

Section or Column Name Description

Cluster Menu

Dynamic context menus provide functions related to the selected target (also available when you right-click a target in the navigation tree). This menu is available for the selected Cluster.

Description of asctrl_oam_menu21.gif follows
Description of the illustration asctrl_oam_menu21.gif

The Component Performance command enables you to choose between displaying Access Manager or Security Token Service metrics.

See Access Manager Component Pages.

Deployments, OAM Cluster pages

This section appears only on OAM Cluster pages. It describes the status of each instance in the cluster. The following information is included:

  • Instance Name

  • Status

  • Authentications

  • Authorizations

Instance Name

This column includes the name of each OAM Server instance in the cluster. For example:

OAM_server_name

Status

This column identifies the status of each OAM Server instance in the cluster with either a:

  • Green Up Arrow (running)

  • Red Down Arrow (not running)

Authentications

Authentications columns identify:

  • Authentications/sec: The number of authentications per second for each OAM Server instance in the cluster

  • Success Rate (% of Authentications Successful): A numeric value representing the percentage of successful authentications for each OAM Server instance in the cluster

Authorizations

This column identifies the number of authorizations per second for each OAM Server instance in the cluster.

Authorizations columns identify:

  • Authorizations/sec: The number of authorizations per second for each OAM Server instance in the cluster

  • Success Rate (% of Authorizations Successful): A numeric value representing the percentage of successful authorizations for each OAM Server instance in the cluster

Server Instance Menu

Dynamic context menus provide functions related to the selected target (also available when you right-click a target in the navigation tree). This menu is available for the selected server instance.

Description of asctrl_oamsvr_menu1.gif follows
Description of the illustration asctrl_oamsvr_menu1.gif

The Component Performance command enables you to choose between displaying specific Access Manager or Security Token Service metrics.

See Access Manager Component Pages .

Key Metrics, OAM Server Page

This table provides a summary of statistics for only the selected OAM Server instance. Key metrics include details for both Access Manager and Security Token Service:

  • Authentications/sec, Average Authentication Latency (ms), and Success ratio

  • Authorizations/sec, Average Authorization Latency (ms), and Success ratio

  • Token Issuances/sec, Average Issuance Latency (ms), and Success ratio

  • Token Validations/sec, Average Validation Latency (ms), and Success ratio

Performance Overview, OAM Cluster and OAM Server Pages

This section provides a graphic representations of Access Manager authentication and authorization operations and Security Token Service Token Issuance and Token Validation operations. Metrics in the Performance Overview are not configurable. The Metrics Palette is available for only the Performance Summary.

Whether you have an OAM Cluster or OAM Server instance selected, the Performance Overview includes:

  • Authentications/sec and Authorizations/sec

  • Token Issuances/sec and Token Validations/sec

Within each table:

  • Coordinates along the horizontal axis (the x axis) identify the time period.

  • Coordinates along the vertical axis (the y axis) identify the number of named transactions that occured during the time period.

Table View

Click the Table View link on the bottom-right side of the Performance Overview to display performance information in columns within a pop up window.

LDAP Servers, OAM Cluster and OAM Server Pages

This section is available when either an OAM Cluster or a single OAM Server instance is selected. It provides information for the default LDAP user identity store:

  • LDAP operations/sec

  • LDAP Latency (milliseconds)

  • LDAP Success Rate

Application Domains, OAM Cluster and OAM Server Pages

This section of the OAM Cluster and OAM Server pages provides information for all Application Domains that were used during authentication and authorization processing.

Columns in this section provide the:

  • Application Domain Name: Each Application Domain that contains the authentication and authorization policies used for a request.

  • Authentications/sec, Authentications Latency (ms), Success Ratio (%) for each Application Domain

  • Authorizations/sec, Authorization Latency (ms), Success Ratio (%) for each Application Domain
12.4.2.1 Access Manager Component Pages

The Component Performance command on both the Cluster and Server instance menus enables you to display Access Manager-specific metrics.

Description of asctrl_am_sts1.gif follows
Description of the illustration asctrl_am_sts1.gif

Cluster component-specific metrics are aggregated across the cluster, illustrated in Figure 12-10. Details follow in Table 12-4.

Figure 12-10 Aggregated Access Manager Component Metrics for the Cluster

Description of Figure 12-10 follows
Description of "Figure 12-10 Aggregated Access Manager Component Metrics for the Cluster"

Figure 12-11 illustrates the Access Manager component metrics for a single OAM Server instance.

Figure 12-11 Access Manager Component Metrics for a Single OAM Server Instance

Description of Figure 12-11 follows
Description of "Figure 12-11 Access Manager Component Metrics for a Single OAM Server Instance"

Table 12-4 describes the component-specific metrics for Access Manager.

Table 12-4 Access Manager Component Metrics

Access Manager Metrics Description

Access Manager Clients

Based on your selection (Cluster or Server instance), this page provides information for all active Access Clients in a cluster (or for the active Access Clients of an individual OAM Server). Details include:

  • Client ID

  • Type

  • Authentications

  • Authorizations

Client ID

Displays the name of the Agent, as defined in the Agent registration in the Oracle Access Management Console.

Type

Displays the Agent. type For example:

OAM Webgate

Authentications

Authentications columns identify:

  • Authentications/sec: The number of authentications per second for each OAM Server instance in the cluster

  • Latency (ms): The number of milliseconds the authentication was delayed

  • Success Rate (% ): A numeric value representing the percentage of successful authentications for each OAM Server instance in the cluster

Authorizations

Authorizations columns identify:

  • Authorizations/sec: The number of authorizations per second for each OAM Server instance in the cluster

  • Latency (ms): The number of milliseconds the authorization was delayed

  • Success Rate (%): A numeric value representing the percentage of successful authorizations for each OAM Server instance in the cluster

12.4.3 Metrics Palette and the Performance Summary Page

The Performance Summary command on the Cluster or Server menu displays metrics charts for the selected target.

Figure 12-12 Performance Summary Command

Description of Figure 12-12 follows
Description of "Figure 12-12 Performance Summary Command"

On the Performance Summary page, a chart is displayed for each selected metric. An OAM Server Performance Summary page. Figure 12-13 shows the Performance Summary page with an open Metric Palette from which you can choose metrics to chart. Stacked charts allow you to easily compare multiple metrics for the same time frame, change the time frame to go back in time, or zoom in or out.

Figure 12-13 Performance Summary Page with Metric Palette

Description of Figure 12-13 follows
Description of "Figure 12-13 Performance Summary Page with Metric Palette "

Table 12-5 describes the status and controls available on the Performance Summary page.

Table 12-5 Status and Controls on Performance Summary Pages

Status or Control Description

Past n minutes

Status is based on the specified time period, which can be adjusted using the slider.

All

n Minutes

The specified time period, which can be adjusted using the slider.

Slider

The tool you use to adjust the time period.

Description of asctrl_slider1.gif follows
Description of the illustration asctrl_slider1.gif

Chart Set

A list from which you can choose the set of saved charts to view.

View

A menu that enables you to add a grid, save a chart, and order information on the page.

Description of asctrl_view1.gif follows
Description of the illustration asctrl_view1.gif

Overlay

A menu that enables you to search for and view another instance of the same type and compare this against the instance in the summary.

Description of asctrl_overlay1.gif follows
Description of the illustration asctrl_overlay1.gif

Metric Palette

A listing from which you can select performance metrics to chart. Items unique to Access Manager and Security Token Service are shown here.

Left: Metric Palette for the Cluster

Right: Metric Palette for a Single OAM Server

Description of asctrl_metricsoam1.gif follows
Description of the illustration asctrl_metricsoam1.gif

12.4.4 Displaying Performance Metrics in Fusion Middleware Control

Fusion Middleware Control Administrators can add or change the metrics that are displayed in the Performance Summary.

See Also:

  1. Log in as described in "Logging In To Fusion Middleware Control".

  2. Performance Overview:

    1. Expand the desired node and select a target. For example: Identity and Access.

      • Identity and Access
      • oam_server

    2. Review the Performance Overview.

  3. Performance Summary:

    1. Select a target (Step 1).

    2. From the context menu, select Performance Summary.

    3. Review the Summary Page.

  4. Changing Metrics:

    1. From the Performance Summary page (Step 2), click the Show Metrics Palette button.

    2. From the Metrics Palette, expand nodes and check (or clear) boxes to add (or remove) metrics from the summary.

    3. Review the updated the Summary page.

    4. Click Hide Metrics Palette when you finish.

  5. Saving a Chart Set:

    1. From the View menu on the Performance Summary page, click Save Chart Set.

    2. In the dialog box that appears, enter a unique name for this chart set and click OK when the operation is confirmed.

    3. Click Hide Metrics Palette when you finish.

    4. Review the updated information on the Summary Page.

  6. Adding an Overlay, Access Manager:

    1. From the Overlay menu on the Performance Summary page, click Another Oracle Access Manager.

    2. In the Search and Select Targets dialog, enter the target name and host name, then click Go.

    3. In the target results table, click the name of the desired target and then Select.

    4. When finished viewing the overlay, click Remove Overlay from the Overlay menu.

  7. Adding an Overlay, Today with Yesterday:

    1. From the Overlay menu on the Performance Summary page, click Today with Yesterday.

    2. When finished viewing the overlay, click Remove Overlay from the Overlay menu.

  8. Testing:

    1. Using the Access Tester, perform several authentication and authorization tests (see Validating Connectivity and Policies Using the Access Tester).

    2. In Fusion Middleware Control, check performance metrics.

12.4.5 Displaying Component-Specific Performance Details

Fusion Middleware Control Administrators can use the following procedure to view and compare component-specific performance data.

See Also:

Access Manager Component Pages

  1. Log in as described in "Logging In To Fusion Middleware Control".

  2. Expand the desired node and select a target. For example:

    • Identity and Access
    • oam_server

  3. From the context menu, select Component Performance.

  4. Choose Access Manager (or Security Token Service).

  5. STS Partner ID: Choose a Partner ID in the Security Token Service results table for more details, if needed.

  6. Component Performance:

    1. From the context menu, select Component Performance.

    2. Choose either Access Manager (or Security Token Service).

    3. Choose an item in the results table to get more details, if available.

  7. Testing:

    1. Using the Access Tester, perform several authentication and authorization tests (see Validating Connectivity and Policies Using the Access Tester).

    2. In Fusion Middleware Control, check performance metrics.

12.5 Managing Log Level Changes in Fusion Middleware Control

Oracle Fusion Middleware components generate log files containing messages that record all types of events.

Administrators can set log levels using Fusion Middleware Control, as described in this chapter.

Note:

Alternatively, Administrators can set OAM logger levels using custom WebLogic Scripting Tool (WLST) commands, as described in Logging Component Event Messages.

Topics in this section include:

12.5.1 Dynamic Log Level Changes in Fusion Middleware Control

Using Fusion Middleware Control, Administrators can change log levels dynamically for Access Manager (or Security Token Service).

Table 12-6 outlines log availability and functions in Fusion Middleware Control.

Table 12-6 OAM Log Availability and Functions in Fusion Middleware Control

Node Target View Log Messages Log Configuration

Application Deployment

Internal Applications

...AdminServer

oamsso_logout AdminServer

oamsso_logout oam_server

Yes

Yes

Yes

Yes

Yes

Yes

WebLogic Server domain

oam_bd (Cluster name)

AdminServer

oam_server

Yes

Yes

Yes

No

Yes

Yes

Identity and Access

OAM (Cluster)

oam_server (Server)

No

Yes

No

Yes

Figure 12-14 shows the Log Levels configuration page in Fusion Middleware Control. Notice that Runtime Loggers is the selected View and oracle.oam logger names are currently displayed. With Security Token Service there is only one logger that affects the log levels for Security Token Service: oracle.security.fed.

Figure 12-14 Access Manager Log Levels on the Log Configuration Tab

Description of Figure 12-14 follows
Description of "Figure 12-14 Access Manager Log Levels on the Log Configuration Tab"

Figure 12-15 Log Levels for Security Token Service

Description of Figure 12-15 follows
Description of "Figure 12-15 Log Levels for Security Token Service "

The Log Levels tab on the Log Configuration page allows you to configure the log level for both persistent loggers and active runtime loggers:

  • Persistent loggers are saved in a configuration file and become active when the component is started.

    The log levels for these loggers are persisted across component restarts.

  • Runtime loggers are automatically created during runtime and become active when a particular feature area is exercised.

    For example, oracle.j2ee.ejb.deployment.Logger is a runtime logger that becomes active when an EJB module is deployed. Log levels for runtime loggers are not persisted across component restarts.

Table 12-7 explains the configuration status and options for log levels.

Table 12-7 Log Levels Tab on Log Configuration Page

Element Description

Apply

Submits and applies log level configuration changes, which take affect immediately.

Revert

Restores the target's previous log level configuration, which take affect immediately.

View

Use this list to view runtime loggers or loggers with a persistent log level state.

  • Runtime Loggers

  • Loggers with Persistent Log Level State

Search

Use this list to specify the categories you would like to search.

Description of asctrl_log_srch1.gif follows
Description of the illustration asctrl_log_srch1.gif

Table

Logger Name

The name of the loggers found during the search. You can expand names in the list to see any loggers beneath the top node.

Description of asctrl_root_loggr1.gif follows
Description of the illustration asctrl_root_loggr1.gif

Oracle Diagnostic Logging Level (Java Level)

Choose the logging level for the corresponding logger; c.

Description of asctrl_log_msg_menu1.gif follows
Description of the illustration asctrl_log_msg_menu1.gif

Click Apply and review confirmation messages displayed in a pop-up window:

  • Updating log levels
  • Updating the log levels of runtime loggers
  • The log levels of runtime loggers have been updated successfully
  • The log levels have been updated successfully

Log File

Clicking a name in the Log File column displays the Log Files page, which you can use to create and edit the file where log messages are logged, the format of the log messages, rotation policies, and other logging parameters.

See Also: "Managing Log File Configuration from Fusion Middleware Control".

Persistent Log Level State

Identifies the persistent state for this specific logger, which is set when you create or edit the value using the Log Files tab.

12.5.2 Setting Log Levels Dynamically Using Fusion Middleware Control

Fusion Middleware Control Administrators can set the log level dynamically.

See Also:

"Dynamic Log Level Changes in Fusion Middleware Control"

Note:

Administrators can also set logger levels using custom WLST commands as described in Logging Component Event Messages.

  1. Log in as described in "Logging In To Fusion Middleware Control".
  2. Expand the desired node, and select a target. For example:
    • Identity and Access
    • oam_server
  3. From the Access Manager context menu, select Logs and then choose Log Configuration.
  4. From the Log Levels tab, View list, choose the loggers to display. For example: Runtime Loggers.
  5. From the Search list, choose a category, enter your search criteria, and click the search button. For example: All Categories sts.
  6. In the results table, expand nodes to reveal information as needed.
  7. In the results table, choose log levels for your environment, then click Apply (or Revert).
  8. Proceed to "Managing Log File Configuration from Fusion Middleware Control"

12.6 Managing Log File Configuration from Fusion Middleware Control

Fusion Middleware Control Administrators can create, edit, or view the log file.

This section provides the following information:

12.6.1 Log File Configuration Page in Fusion Middleware Control

Use the Log Files Configuration page to create and edit where the log messages will be logged to, the format of the log messages, the rotation policies used, as well as other parameters depending on the log file configuration class.

Table 12-7 shows the Log Files Configuration.

Figure 12-16 Log Files Configuration Page

Description of Figure 12-16 follows
Description of "Figure 12-16 Log Files Configuration Page"

Table 12-8 describes the log files configuration parameters for Access Manager (or Security Token Service).

Table 12-8 Log Files Elements

Element Description

Create

Click this button to display the fresh form to create a new file for logged messages.

  • Log File is the name of the log handler (odl-handler for OAM)

  • Log Path points to the logging output file in your environment, which you can change.

  • The output logging file in your environment can have a unique file name.

Description of asctrl_create_new1.gif follows
Description of the illustration asctrl_create_new1.gif

Create Like

Click this button to display a partially filled-in form to create a new file for logged messages.

Description of asctrl_create_like1.gif follows
Description of the illustration asctrl_create_like1.gif

Edit Configuration

Click this button to display and edit the selected log file configuration.

View Configuration

Click this button to view a read-only description of the selected log file configuration.

Table

The information in this table is based on log file configuration parameters in this table.

Handler Name

The Log File name assigned during log file creation.

Log Path

The file system directory path assigned during log file creation.

Log File Format

The Log File format assigned during log file creation.

Rotation Policy

The rotation policy selected during log file creation.

12.6.2 Managing Log Files with Fusion Middleware Control

Fusion Middleware Control Administrators can create a log file, edit the configuration, or view a read-only version of the log file configuration.

See Also:

"Log File Configuration Page in Fusion Middleware Control"

  1. Log in as described in "Logging In To Fusion Middleware Control".

  2. Expand the desired node, and select a target. For example:

    • Identity and Access
    • oam_server

  3. From the Access Manager menu, select Logs and then Log Configuration.

  4. Create a Log File: From the Log Files tab (Table 12-8):

    1. Click the Create button to display a fresh Create Log File form.

    2. Enter a name and file system path for this log file. For example:

      Log File oam-odl-handler

      Log Path domains/oam_db/servers/oam-server1/log/oam.log

    3. Click the desired Log File Format. For example: ... Text

    4. Set the logging attributes. For example:

      Use Default Attributes

      Supplemental Attributes

    5. Associate a Logger. For example: Root Logger

    6. Specify the Rotation Policy. For example: Size Based

      Maximum Log File Size (MB) 10.0

      Maximum Size of All Log File Size (MB) 1000.0

    7. Click OK to submit the configuration.

  5. Create Like:

    1. From the Log Files tab, click the name of an existing log file.

    2. Click the Create Like button.

    3. On the Create Log File form, enter your own information:

      Log File name

      Log Level

      Attributes

    4. Edit any other details as needed, then click OK to submit the configuration.

  6. Edit Configuration:

    1. From the Log Files tab, click the name of an existing log file.

    2. Click the Edit Configuration button.

    3. Change configuration details as needed.

    4. Click OK to submit the changes.

  7. View Configuration:

    1. From the Log Files tab, click the name of an existing log file.

    2. Click the View Configuration button.

    3. Review the information, then click OK to dismiss the configuration page.

      Contents are greyed out when opened for viewing configuration.

  8. Proceed to "Viewing Log Messages in Fusion Middleware Control".

12.7 Viewing Log Messages in Fusion Middleware Control

Fusion Middleware Control Administrators can locate, view and export log messages for the target.

This section includes the following topics:

12.7.1 About Finding, Viewing, and Exporting Log Messages

By using the context menu for an OAM Server instance in Fusion Middleware Control, Administrators can locate, view, and export key log information.

The key log information can be managed for:

  • Application Deployment targets, including the WebLogic (and OAM) AdminServer and the OAM SSO logout pages on both AdminServer and OAM Servers

  • WebLogic Server domain targets, including the OAM Farm, AdminServer, and OAM Servers

  • Identity and Access targets, including the OAM Farm, Clusters, and individual OAM Servers

Using log files to troubleshoot common problems requires that you:

  • Get familiar with the Oracle Diagnostic Logging (ODL) format used by Oracle Fusion Middleware components. SeeAbout Diagnostic Log Files in Securing Applications with Oracle Platform Security Services

  • Configure log files to collect the appropriate level of information

  • Search, view and export key log information in the farm

  • Correlate messages in log files across components

12.7.1.1 Log Messages Page in Fusion MIddleware

Figure 12-17 shows the Log Messages page for Access Manager and Security Token Service in Fusion Middleware Control.

Figure 12-17 Typical Log Messages Page in Fusion Middleware Control

Description of Figure 12-17 follows
Description of "Figure 12-17 Typical Log Messages Page in Fusion Middleware Control"

Table 12-9 describes elements on the Log Messages page in Fusion Middleware Control, which you can use to locate and view messages.

Table 12-9 OAM Log Message Search Controls in Fusion Middleware Control

Element Description

Broaden Target Scope

Select items on this list to expand (or narrow) the targets that are used in this search:

  • Oracle WebLogic Server domain

  • OAM Cluster

  • Oracle WebLogic Server

  • Oracle Fusion Middleware Farm

Target Log Files...

Displays a list of all log files for the target scope from which you can select a specific log file to view or download.

Refresh Options

Select an item from this list to specify the refresh method:

  • Manual Refresh

  • 30 Second Refresh

  • 1 Minute Refresh

Search Options

Date Range

The period during which the desired set of messages was logged:

  • Most Recent

    Minutes

    Hours

    Days

  • Time interval

    Date Range

    Start Date

    End Date

Message Types

Check all message types that apply for this search:

  • Incident Error

  • Error

  • Warning

  • Notification

  • Trace

  • Unknown

Message

Choose an identifier from this list and add a value in the blank field beside it to refine your search criteria:

Description of asctrl_msgmenu1.gif follows
Description of the illustration asctrl_msgmenu1.gif

Add Fields

Click this button to display a list of additional search criteria you can include.

Description of asctrl_add_field1.gif follows
Description of the illustration asctrl_add_field1.gif

Search

Click this button to initiate a search using the specified criteria.

Viewing Options

View

Choose items from this menu to view or reorder columns in the search results table:

Description of asctrl_view_choice1.gif follows
Description of the illustration asctrl_view_choice1.gif

Show

Select the entity to view:

Description of asctrl_show_choice1.gif follows
Description of the illustration asctrl_show_choice1.gif

View Related Messages

This menu is available when at least one message is listed in the search results.

Description of asctrl_view_related1.gif follows
Description of the illustration asctrl_view_related1.gif

Export Messages to a File

A menu of viewing commands that are available when at least one message is listed in the search results. You can choose from the following commands:

Description of asctrl_export_msg1.gif follows
Description of the illustration asctrl_export_msg1.gif

Results Table Columns

These are based on selections in the View menu on the Log Messages page.

Description of asctrl_lob_msg_tbl1.gif follows
Description of the illustration asctrl_lob_msg_tbl1.gif

Message Area

Displays details for the selected message in the search results table.

Description of asctrl_log_msg_11.gif follows
Description of the illustration asctrl_log_msg_11.gif

12.7.2 Viewing Logged Messages With Fusion Middleware Control

Fusion Middleware Control Administrators can view and download log messages for the target.

This procedure explains how to search for messages, view messages (or view related messages), view all messages in a single log file, and export or download messages.

  1. Log in as described in "Logging In To Fusion Middleware Control".

  2. Expand the desired node and select a target. For example:

    • Identity and Access
    • oam_server

  3. From the OAM context menu, select Logs and then choose View Log Messages.

  4. Search (Table 12-9):

    1. Specify a Date Range.

    2. Check all Message Types to be included in your search.

    3. Define Message content options.

    4. Add Fields: Enter details to further refine message content.

    5. Click Search to display a list of messages that fit your search criteria.

  5. View Messages: From the table of search results, click one or more messages to view on the lower half of the page.

  6. View Related: Use one of the following methods to organize the table of search results.

    1. By Time: From the View Related menu, select by Time.

    2. By ECID: Click ECID in the message on the screen (or, from the View Related menu, select by ECID Execution Context ID).

    3. From the Scope menu, select a time period.

  7. Log File: From the table of search results, click a name in the Log File column to view all messages in the file.

  8. Export Messages

    1. Select one or more messages in the search results table.

    2. From the Export Messages menu, choose the desired export format. For example: As Oracle Diagnostic Log (.txt).

    3. In the dialog box, click Open with and then choose the desired program.

    4. From the open program, save the file to a new path.

  9. Download

    1. Select one or more messages in the search results table.

    2. Click the Download button.

    3. In the dialog box, click Open with and then choose the desired program.

    4. From the open program, save the file to a new path.

  10. Testing:

    1. Using the Access Tester, enter an invalid user name and try to authenticate (see Validating Connectivity and Policies Using the Access Tester).

    2. In Fusion Middleware Control, go to the log viewer and review the error.

    3. Using the Access Tester, enter an invalid password and try to authenticate.

    4. In the Fusion Middleware Control log viewer, check the error and then view all related log messages.

    5. Repeat this test using different log levels, as described in "Managing Log Level Changes in Fusion Middleware Control".

See Also:

"About Finding, Viewing, and Exporting Log Messages"

12.8 Displaying MBeans in Fusion Middleware Control

A Java object is a unit of code that runs the computer. Each object is an instance of a particular class or subclass that relies on the class's methods or procedures or data variables. Within the Java programming language, a Java object that represents a manageable resource (application, service, component, or device) is known as an MBean (managed bean).

Fusion Middleware Control enables you to:

  • View information on key MBean Attributes and Operations

  • Invoke methods

This section provides the following topics:

12.8.1 Fusion Middleware Control System MBean Browser

The Fusion Middleware Control System Mbean Browser can be used to view System MBean Browser for Nodes and Targets.

Table 12-10details about the System MBean Browser..

Table 12-10 System MBean Browser

Node Target System Mbean Browser

Application Deployment

Internal Applications

...AdminServer

oamsso_logout(11.1.1.3.0) AdminServer

oamsso_logout(11.1.1.3.0) oam_server

Yes

Yes

Yes

WebLogic Server domain

oam_bd (Cluster name)

AdminServer

oam_server

Yes

Yes

Yes

Identity and Access

OAM (Cluster)

oam_server (Server)

No

Yes

Note:

Security Token Service MBeans are also available as described here.

Table 12-11 describes the MBeans that Access Manager and Security Token Service deploy on the AdminServer on the domain runtime server (OAM Server).

Table 12-11 MBeans that Access Manager and Security Token Service Deploy

MBeans For Description

Configuration Service

oracle.oam:type=Config

Partner and Trust Service

oracle.oam:type=PATConfig

STS MBeans

oracle.sts:type=Config

Certificate Validation Module

These are used for CRL management.

oracle.sts:type=CertRevocationListConfig

Figure 12-18 Shows the System MBean Browser and the related Attributes tab displaying information for the Security Token Service CertRevocationListConfig: oracle.sts:Location=oam_server1,type=CertRevocationListConfig.

Figure 12-18 System MBean Browser and Attributes Tab

Description of Figure 12-18 follows
Description of "Figure 12-18 System MBean Browser and Attributes Tab"

Table 12-12 describes the System MBean Browser and associated tab in greater details.

Table 12-12 System MBean Browser

System MBean Browser Description

System MBean Browser

Expand items in this section to display Mbeans for the selected target. Under Application Defined Beans, find oracle.oam and oracle.sts.

Description of asctrl_mbean_brow1.gif follows
Description of the illustration asctrl_mbean_brow1.gif

MBean Information

Details for Attributes and Operations related to the MBean for the selected target are displayed on the right.

Description of asctrl_mbean_info1.gif follows
Description of the illustration asctrl_mbean_info1.gif

Attributes

This tab describes MBean attributes for the selected target.

Description of asctrl_mbean_attr1.gif follows
Description of the illustration asctrl_mbean_attr1.gif

Operations

This tab describes MBean operations for the selected target.

Description of asctrl_mbean_ops.gif follows
Description of the illustration asctrl_mbean_ops.gif

Notifications

This tab lists any notifications resulting from the invocation of an MBean.

Controls

The following controls are available from these pages:

  • Name Link: Clicking a name on either tab displays a full description of related MBeans.

  • Apply Button: Submits and applies the selected MBean attribute value.

  • Revert Button: Restores previous MBean attribute values following a change (and before clicking Apply.

  • Return Button: Returns you to the MBean Information page.

  • Invoke Button: Invokes the selected MBean and value

12.8.2 Managing Mbeans

Fusion Middleware Control Administrators can view, edit or invoke MBeans for Access Manager and Security Token Service. Additionally, you can apply values (or revert the change) and invoke MBeans.

  1. Log in as described in "Logging In To Fusion Middleware Control".

  2. Expand the desired node and select a target. For example:

    • Identity and Access
    • oam_server

  3. From the Access Manager context menu, select System MBean Browser.

  4. System MBean Browser: Expand classes and select an MBean target to display related attributes and operations. For example: oracle.sts or oracle.oam.

  5. Manage MBean Attributes:

    1. Click the Attributes tab.

    2. Review the name and description of MBean attributes for the selected target.

    3. Edit values for one or more attributes and click Apply to submit changes (or click Revert to cancel changes).

      Alternatively: Click a Name in the Attributes table to display a full description and the value; change the value and click Apply (or click Revert to cancel the change).

  6. Manage MBean Operations:

    1. Click the Operations tab.

    2. Review the name, description, number of parameters, and return type for each MBean operation for the selected target.

    3. Click a name in the Operations table to display the parameters and related name, description, type, and value.

    4. Edit values for the operation and click Apply to submit changes (or click Revert to cancel changes).

    5. Click Invoke to invoke the MBean and review the message that appears.