This section contains the following topics:
Configure the Policy Server Profiler
Manually Roll Over the Profiler Trace Log File
The Policy Server Profiler allows you to trace internal Policy Server diagnostics and processing functions.
Follow these steps:
Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.
Note: For more information about the settings and controls on this tab, click Help, Management Console Help.
Notes:
Changes to the Profiler settings take effect automatically. However, if you restart the Policy Server, a new output file (if the Profiler is configured for file output) is created. The existing Profiler output file is automatically saved with a version number. For example:
smtracedefault.log.1
If changes to the Logging or Tracing facility settings are not related to the Profiler output file, for example, enabling/disabling the console logging on Windows, the existing file is appended with new output without saving a version of the file.
By default The Policy Server retains up to ten output files (the current file and nine backup files). Older files are replaced automatically with newer files when the ten file limit is reached. You can change the number of files to retain by configuring the TraceFilesToKeep DWORD registry setting to the required decimal value. The TraceFilesToKeep registry setting must be created in the following registry location:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\ LogConfig\TraceFilesToKeep
You can specify which components and data fields must be included in Policy Server tracing. You can then apply the filters to tracing output so that the profiler only captures specific values for a given component or data field.
Follow these steps:
Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.
Note: For more information about the settings and controls on this tab, click Help, Management Console Help.
Note: This button is only active when you select the Enable Profiling check box.
The Policy Server Profiler dialog opens.
Provides the options for general, broad scope tracing.
Provides the options for tracing user authentications.
Provides the options for tracing user authorizations.
Provides the options for tracing the SAML Identity Provider assertions.
Provides the options for tracing SAML Service Provider Authentication.
You can use the Profiler templates as a starting point for the Profiler configuration. Once a template has been loaded, you can manually modify the components and data fields that it specifies and apply the data filters.
On Windows Policy Servers, you should disable QuickEdit Mode and Insert Mode to avoid problems when you enable console debugging. QuickEdit Mode and Insert Mode are features that you can enable from a Windows command prompt window.
To Disable QuickEdit Mode and Insert Mode
By default the Policy Server retains up to ten output files (the current file and nine backup files). Older files are replaced automatically with newer files when the ten file limit is reached. You can change the number of files to retain by configuring the TraceFilesToKeep DWORD registry setting to the required decimal value. The TraceFilesToKeep registry setting should be created in the following registry location:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\LogConfig\ TraceFilesToKeep
The Policy Server allows you to manually rollover the Policy Server Profiler trace log file using the smpolicysrv command.
Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.
To start trace logging to a file, run the following command:
smpolicysrv -starttrace
This command starts logging to a trace file and does not affect trace logging to the console. It issues an error if the Policy Server is not running.
If the Policy Server is already logging trace data, running the –starttrace command causes the Policy server to rename the current trace file with a time stamp appended to the name in the form: file_name.YYYYMMDD_HHmmss.extension and create a new trace file with the original name. For example, if the trace file name in Policy Server Management Console’s Profiler tab is C:\temp\smtrace.log, the Policy Server generates a new file and saves the old one as c:\temp\smtrace.20051007_121807.log. The time stamp indicates that the Policy Server created the file on October 7, 2005 at 12:18 pm.
If you have not enabled the tracing of a file feature using the Policy Server Management Console’s Profiler tab, running this command does not do anything.
To stop trace logging to a file, run the following command:
smpolicysrv -stoptrace
This command stops logging to a file and does not affect trace logging to the console. It issues an error if the Policy Server is not running.
Note: On Windows systems, do not run the smpolicysrv command from a remote desktop or Terminal Services window. The smpolicysrv command depends on inter-process communications that do not work if you run the smpolicysrv process from a remote desktop or Terminal Services window.
You can also write a script to cause a trace file to be rolled over at a specified time interval. For example, to create a new trace file every hour, write a script similar to the following:
smpolicysrv -starttrace repeat forever wait 1 hour smpolicysrv -starttrace end repeat
This is similar to the time-based rollover option on the Policy Server Management Console’s Logs tab.
Copyright © 2013 CA.
All rights reserved.
|
|