There are several log files that you can view to examine driver operation:
The System log is used by the Blackboard REST driver shim to record urgent, informational and debug messages. Examining these should be foremost in your troubleshooting efforts. For detailed message documentation, see Section C.0, System and Error Messages.
The location for the system log varies from system to system and is generally configured through /etc/syslog.conf. The amount of information that is logged by the driver can also be configured through this system log configuration file. The following is a sample fragment of /etc/syslog.conf:
# sample /etc/syslog.conf
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert rootThe options in the first column determine which messages are logged. The options in the second column specify the destination file or user to send the log output to. For example, specifying *.err logs all messages with a priority of err or above. For more information about syslog priorities, view your system documentation using the man syslog command. Messages from the driver shim and messages from the scripts are logged with various priorities as shown in Table 6-1. The information that is recorded depends on your syslog configuration.
Table 6-1
|
Message Topic |
Priority |
|---|---|
|
Script being called |
DEBUG |
|
Successful Linux command execution |
INFO |
|
Publication events |
INFO |
|
Failures |
ERR |
The default trace file exists on the connected system as trace.log in the logs directory under the installation folder. A large amount of debug information can be written to this file. Use the trace level setting in your driver shim configuration file to control what is written to the file. For details about the driver shim configuration file, see Section The Driver Shim Configuration File.
Table 6-2
|
Trace Level |
Description |
|---|---|
|
0 |
No debugging |
|
1-3 |
Identity Manager messages. Higher trace levels provide more detail. |
|
4 |
Previous levels plus Remote Loader, driver, driver shim and connection messages. |
|
5-7 |
Previous level plus change log and loopback messages. Higher levels provide more detail. |
|
8 |
Previous level plus driver status log, driver parameters, driver command-line, driver security, driver Web Services, driver schema, driver encryption, driver PAM, driver SOAP API and driver include/exclude file messages. |
|
9 |
Previous level plus low-level networking and operating system messages. |
|
10 |
Previous level plus maximum low-level program details (all options). |
The following is an example configuration line to set the trace level:
-trace 9To view the trace file:
Use a web browser to access the driver shim at https://driver-address:8091. Substitute the DNS name or IP address of your driver shim for driver-address.
Authenticate by using any username and the password that you specified as the Remote Loader password.
Click Trace.
Identity Manager information using the DSTRACE facility on the Metadirectory server. Use iManager to set the tracing level. For example, trace level 2 shows Identity Vault events in XML documents, and trace level 5 shows the results of policy execution. Because a high volume of trace output is produced, we recommend that you capture the trace output to a file. For details about using DSTRACE, see the Identity Manager Administration Guide
The status log is a condensed summary of the events that have been recorded on the Subscriber and Publisher channels. This file exists on the connected system as dirxml.log in the logs directory under the driver installation directory. You can also view the status log in iManager on the Driver Overview page. You can change the log level to specify what types of events to log. For details about using the status log, see the Identity Manager Administration Guide
To view the status log:
Use a web browser to access the driver shim at https://driver-address:8091. Substitute the DNS or IP address of your driver shim for driver-address.
Authenticate by using any username and the password that you specified as the Remote Loader password.
Click Status.