24 Managing Logging
For general information about logging in Oracle Fusion Middleware, see Managing Log Files and Diagnostic Data in Administering Oracle Fusion Middleware.
This chapter includes the following sections:
24.1 Introduction to Logging
Like other Oracle Fusion Middleware components, Oracle Internet Directory writes diagnostic log files in the Oracle Diagnostic Logging (ODL) format.
See Also:
Managing Log Files and Diagnostic Data in Administering Oracle Fusion Middleware for information about ODL.
24.1.1 Oracle Internet Directory File Locations
Oracle Internet Directory tools and servers output their log and trace information to log files in the $DOMAIN_HOME.
Table 24-1 lists each component and the location of its corresponding log file.
Table 24-1 Oracle Internet Directory Log File Locations
Tool or Server Name | Log File Name |
---|---|
Bulk Loader ( |
|
Bulk Modifier ( |
|
Bulk Delete Tool ( |
|
Catalog Management Tool ( |
|
Data Export Tool ( |
|
Directory replication server ( |
|
Directory server ( |
Note: The oidstackInstNumber log files pertain to SIGSEGV/SIGBUS tracing. Also, empty files with this name are created during directory instance startup, and can be ignored. |
LDAP dispatcher ( |
|
OID Monitor (OIDMON) |
Note: If the log file size increases over |
24.1.2 Features of Oracle Internet Directory Debug Logging
Oracle Internet Directory enables you to view logging information.
Oracle Internet Directory enables you to:
-
View logging information for the directory server, the directory replication server, and the directory integration server
-
Set the logging level
-
Specify one or more operations for which you want logging to occur
-
Search messages in a standard format to determine remedial action for fatal and serious errors
-
View trace messages according to their severity and order of importance
-
Diagnose Oracle Internet Directory components by examining trace messages with relevant information about, for example, entry DN, ACP evaluation, and the context of an operation
24.1.3 Understanding Log Messages
This section discusses log messages—those associated with specified LDAP operations and those not. It provides an example of a trace log and explains how to interpret it.
Like other Oracle Fusion Middleware components, Oracle Internet Directory writes diagnostic log files in the Oracle Diagnostic Logging (ODL) format. The Administering Oracle Fusion Middleware describes ODL format.
24.1.3.1 Log Messages for Specified LDAP Operations
Log messages for a specified operation are stored as a trace object. This object tracks the operation from start to finish across the various Oracle Internet Directory modules. It is entered in the log file when one of the following occur:
-
An LDAP operation completes
-
A high priority message is logged
-
The trace messages buffer is full
Each thread has one contiguous block of information for each operation, and that block is clearly delimited. This makes it easy, in a shared server environment, to follow the messages of different threads, operations, and connections.
If, because of an internal message buffer overflow, a single trace object cannot contain all the information about an operation, then the information is distributed among multiple trace objects. Each distributed piece of information is clearly delimited and has a common header. To track the progress of the operation, you follow the trace objects and their common header to the end, which is marked with the trace message "Operation Complete".
24.1.3.2 Log Messages Not Associated with Specified LDAP Operations
Messages not associated with any LDAP operation are represented in a simple format, which is not object-based. It is entered in the log file when either the operation completes or a high priority message is encountered.
A thread that does not perform an operation logs only trace messages. Its header contains the date, time, and the thread identifier. It does not contain the Execution Context ID (ECID) or connection and operation-related information.
A trace object starts with the keyword BEGIN
and ends with the keyword END
.
24.1.3.3 Example for Trace Messages in Oracle Internet Directory Server Log File
[2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Starting up the OiD Server, on node srvhst.us.abccorp.com. [2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Oid Server Connected to DB store via inst1 connect string. [2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Loading Root DSE ... [2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Loading subschema subentry ... [2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: Loading catalog entry ... [2008-11-14T15:28:01-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 0] Main:: OiD LDAP server started. [2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 2] ServerDispatcher : Thread Started [2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 1] ServerDispatcher : Thread Started [2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 3] ServerWorker (REG): Thread Started [2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 4] ServerWorker (REG): Thread Started [2008-11-14T15:28:02-08:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 5] ServerWorker (SPW): Thread Started [2008-11-14T15:28:47-08:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 3] [ecid: 004MuuNFY7UCknT6uBU4UH0001i30000Ee,0] ServerWorker (REG):[[ BEGIN ConnID:87 mesgID:2 OpID:1 OpName:bind ConnIP:170.90.11.210 ConnDN:cn=orcladmin 15:28:47-08:00 * gslfbiADoBind * Entry 15:28:47-08:00 * gslfbiGetControlInfo * Entry 15:28:47-08:00 * gslfbiGetControlInfo * Exit 15:28:47-08:00 * gslfbidbDoBind * Version=3 BIND dn="cn=orcladmin" method=128 15:28:47-08:00 * gslsbnrNormalizeString * String to Normalize: "orcladmin" 15:28:47-08:01 * gslsbnrNormalizeString * Normalized value: "orcladmin" 15:28:47-08:01 * gslfrsBSendLdapResult * Entry 15:28:47-08:01 * gslfrsASendLdapResult2 * Entry 15:28:47-08:01 * sgslunwWrite * Entry 15:28:47-08:01 * sgslunwWrite * Exit 15:28:47-08:01 * gslfrsASendLdapResult2 * Exit 15:28:47-08:01 * gslfrsBSendLdapResult * Exit 15:28:47-08:01 * gslfbiADoBind * Exit TOTAL Worker time : 4402 micro sec END ]] [2008-11-14T15:28:56-08:01] [OID] [TRACE:16] [] [OIDLDAPD] [host: srvhst.us.abccorp.com] [pid: 7043] [tid: 4] [ecid: 004MuuNqbefCknT6uBU4UH0001i30000Lf,0] ServerWorker (REG):[[ BEGIN ConnID:126 mesgID:1 OpID:0 OpName:bind ConnIP:170.90.11.210 ConnDN:Anonymous 15:28:56-08:01 * gslfbiADoBind * Entry 15:28:56-08:01 * gslfbiGetControlInfo * Entry 15:28:56-08:01 * gslfbiGetControlInfo * Exit 15:28:56-08:01 * gslfbidbDoBind * Version=3 BIND dn="" method=128 15:28:56-08:01 * gslfrsBSendLdapResult * Entry 15:28:56-08:01 * gslfrsASendLdapResult2 * Entry 15:28:56-08:01 * sgslunwWrite * Entry 15:28:56-08:02 * sgslunwWrite * Exit 15:28:56-08:02 * gslfrsASendLdapResult2 * Exit 15:28:56-08:02 * gslfrsBSendLdapResult * Exit 15:28:56-08:02 * gslfbiADoBind * Exit TOTAL Worker time : 2591 micro sec END ]]
24.2 Managing Logging Using Fusion Middleware Control
You can view log files and configure debug logging with Oracle Enterprise Manager Fusion Middleware Control.
For more information, refer to the following sections:
24.2.1 Viewing Log Files Using Fusion Middleware Control
You can view log files using Fusion Middleware Control.
To view the log files using the Fusion Middleware Control:
- From the Oracle Internet Directory menu, select Logs, then View Log Messages. The Log Messages page appears.
- Select the date range for the logs you want to view. You can select Most Recent, by minutes, hours or days. Alternatively, you can select a Time Interval and specify the date and time to start and end.
- Select the Message Types you want to view.
- Specify the Maximum Rows Displayed.
- From the View list, select Columns to change the columns shown. Select Reorder Columns to change the order of the columns.
- Within each column, you can toggle between ascending and descending order by choosing the up or down arrow in the column header.
- From the Show list, choose whether to show all messages, a summary by message type, or a summary by message id.
- To perform a specific search, choose Add Fields and add fields to search on. For each field, select a criterion from the list, then enter text into the box. Choose the red X to delete a field. Choose Add Fields to add additional fields. When you have finished adding criteria, choose Search.
- Use the Broaden Target Scope list to view messages for the Domain.
- Choose Export Messages to File to export the log messages to a file as XML, text, or comma-separated list.
- Click Target Log Files to view information about individual log files.
- You can indicate when to refresh the view. Select Manual Refresh, 30-Second Refresh, or One Minute Refresh from the list on the upper right.
- Use the View list to change the columns listed or to reorder columns.
- Use the Show list to change the grouping of messages.
- Collapse the Search label to view only the list of log messages.
- To view the contents of a log file, double click the file name in the Log File column. The View Log File: filename page is displayed. You can use the up and down arrows in the Time, Message Type, and Message ID to reorder the records in the file.
24.2.2 Configuring Logging Using Fusion Middleware Control
You can configure logging using Fusion Middleware Control.
Table 24-2 Configuration Attributes on Server Properties Page, Logging Tab
Field or Heading | Configuration Attribute |
---|---|
Debug Level |
|
Operations Enabled for Debug |
|
Maximum Log File Size (MB) |
|
Maximum Number of Log Files to Keep in Rotation |
|
To configure logging:
- Select Administration, then Server Properties from the Oracle Internet Directory menu, then select Logging.
- Under Debug Level, select the types of activity to be logged.
- Under Operations Enabled for Debug, enable the LDAP operations that you want logged.
- Under Logging, specify values for Maximum log file size (MB) and Maximum number of log files to keep in rotation. The defaults are 1 MB and 100 log files, respectively.
Note:
Values you set on the Logging tab of the Server Properties page control LDAP server debugging.
24.3 Managing Logging from the Command Line
You can also manage the logging related tasks from the command line.
For more information, refer to the following sections:
24.3.1 Viewing Log Files from the Command Line
You can view Oracle Internet Directory log files in a text editor.
See Table 24-1.
24.3.2 Setting Debug Logging Levels Using the Command Line
You set debug logging levels by using the ldapmodify
command.
Because debug levels are additive, you must add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option.
By default, debug logging is turned off. To turn it on, modify the attribute orcldebugflag
in the instance-specific configuration entry to the level you want.
Note:
The DN of an instance-specific configuration entry has the form:
cn=componentname,cn=osdldapd, cn=subconfigsubentry
You can configure debug levels to one of the following levels.
Table 24-3 shows values for OrclDebugFlag.
Table 24-3 Values for OrclDebugFlag
Value | Operation |
---|---|
|
Heavy trace debugging |
|
Debug packet handling |
|
Connection management |
|
Search filter processing |
|
Entry parsing |
|
Configuration file processing |
|
Access control list processing |
|
Log of communication with DB |
|
Schema related operations |
|
Replication specific ops |
|
Log of entries, operations, and results for each connection |
|
Trace function call arguments |
|
Number and identity of clients connected to this server |
|
All possible operations and data |
|
All Java plug-in debug messages and internal server messages related to the Java plug-in framework |
|
All messages passed by a Java plug-in using the ServerLog object. |
|
Both of the above |
For example, to trace search filter processing (512
) and connection management (256
), enter 768
as the debug level (512
+
256
=
768
).
You can use orcldebugflag
to turn logging on and off. For example, to turn logging on by setting the value of orcldebugflag
to 1 for the instance oid1, use this command:
ldapmodify -p oidPort -D cn=orcladmin -w adminPasswd -f debugOn.ldif
where debugOn.ldif contains:
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify replace: orcldebugflag orcldebugflag: 1
To turn logging off, set the value of orcldebugflag
to 0 for the instance. For example, to turn debugging off for the instance oid1, use this command:
ldapmodify -p oidPort -D cn=orcladmin -w adminPasswd -f debugOff.ldif
where debugOff.ldif contains:
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify replace: orcldebugflag orcldebugflag: 0
Note:
The value of orcldebugflag
controls LDAP server debugging. To control Replication server debugging, set the value of orcldebuglevel
, as described in Overview of Configuring Attributes of the Replication Configuration Set by Using ldapmodify.
24.3.3 Setting the Debug Operation Using the Command Line
To make logging more focused by limiting logging to specific directory server operations, specify the debug operations you want logged using the orcldebugop
attribute.
You can configure a subset of the values in Table 24-4 by adding the codes together. For example, to set debugging for ldapbind
and ldapadd
operations, set orcldebugop
to 5 (1 + 4 = 5).
Table 24-4 Debug Operations for Setting the orcldebugop
Attribute
Debug Operation | Provides Information Regarding |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
All LDAP operations |
To log more than one operation, add the values of their dimensions. For example, if you want to trace ldapbind (1), ldapadd (4) and ldapmodify (16) operations, then create an LDIF file setting the orcldebugop
attribute to 21 (1 + 4 + 16 = 21). The LDIF file is as follows:
dn: cn=componentname,cn=osdldapd,cn=subconfigsubentry
changetype:modify
replace:orcldebugop
orcldebugop:21
To load this file, enter:
ldapmodify -D "cn=orcladmin" -q -h host_name -p port_number -f file_name
24.3.4 Force Flushing the Trace Information to a Log File
To minimize the performance overhead in I/O operations, debug messages are flushed to the log file periodically instead of every time a message is logged by the directory server.
Writing to the log file is performed when one of the following occur:
-
An LDAP operation completes
-
A high priority message is logged
-
The trace messages buffer is full
You can, however, view the trace messages in the log file as they are logged without having to wait for the periodic flush. To do this, set the instance-specific configuration entry attribute orcldebugforceflush
to 1
. Do this by using ldapmodify as shown in the following example.
To enable force flushing by using ldapmodify
:
Note:
-
When force flushing is enabled, the format of the trace message object for every operation becomes fragmented.
-
By default, force flushing is disabled. After you have flushed the necessary information to the log file, you should disable force flushing.
See Also:
Oracle Identity Management LDAP Attribute Reference in Reference for Oracle Identity Management for information about the orcldebugforceflush
attribute