Log file size in Sun Access Manager

Similar Messages

• Log file size in Sun Directory Server

  Does anyone have an idea about the how the Sun Directory Server's log file size will increase in size with respective to the actions performed?
  Can someone give a data regarding this? If someone has a better scenario and the supportive data w.r.t log file size it will be helpful.
  Thanks,

  AFAIK No its based on time "At a certain time, or after a specified interval, the server rotates your access logs. "
  More info in Archiving Log Files in [http://docs.sun.com/app/docs/doc/820-7985/gczxv?l=en&a=vie]
  It should be easy to write such a script to be run as a daemon in logs directory. Here is the pseudo code :
  while [1]
  do
  get size of the access/error log file
  If size of file > max_size
  <ws-install-dir>/https-<instance>/bin/rotate
  sleep for sometime
  done

• Enterprise manager log file sizes

  Hi,
  I was wondering if there is a way of managing the size of the emdb.nohup file in Enterprise Manager. Looking at the documentation, it looks as though you can control the emoms trace and log file sizes, but I can't find anything about the nohup log.
  Ideally I would like to be able to purge the log file.
  Thanks very much!

  Hi again,
  I found the emdb.nohup file in my log directory at the location you noted. It is apparently created when I stopped and restarted my dbconsole (emctl start dbconsole) and is updated each time I make a connection to that database (for which you are connecting), and for every time the page refreshes.
  I think the name of the file using a suffix of nohup is probably intentional on Oracle's part to indicate that this is a log file that is 'active', but in reality, it is not a true nohup file as in the sense of using the unix nohup command. (at least that is what I'm thinking)
  Sorry I'm not knowledgeable enough on this to be sure of my theory, but that is what I basically theorize.
  According to man pages on nohup, it states nohup is "a utility immune to hangups".
  "nohup - run a command immune to hangups, with output to a non-tty"
  To answer your question, there is no problem purging or pruning this file.
  I just cleared it out by sending a date to the file which effectively clears it out except for a new entry in the file with the current date/timestamp.
  e.g., $ date > emdb.nohup
  Then, I reconnected to my OEM console for this database and it updated the file with new entries for the new connection. No problem....
  Wed Aug 6 09:46:53 EDT 2008
  08/08/06 09:47:07 ## oracle.sysman.db.adm.inst.SitemapController: event="doLoad"
  08/08/06 09:47:07 ## 1. newPage = /database/instance/sitemap/sitemap
  08/08/06 09:47:07 ## 2. newPage = /database/instance/sitemap/sitemap
  Ji Li

• How to check amsilent file in Sun Access manager patch or redeploying WAR's

  h1. How to check amsilent file in Sun Access manager patch or redeploying WAR's
  I had a hard time getting all the passwords correct, so I wrote a shell (bash) script that uses most passwords and other parameters in searches and queries. It let's you know before you start if a value is wrong. It does not change anything, only queries.
  h2. One pitfall I found ...
  during the postinstall of patch 05. I told Sun about it, but I suspect it was too late and is also an issue with patch 06:
  Look at the documentation regarding amconfig and the amsilent file:
  http://docs.sun.com/app/docs/doc/819-2137/adsav?l=en&q=amconfig&a=view
  Two problems that are clear to me now:
  1. ADMINPASSWD in practice, this password is used for cn=puser, not amadmin as it says. Perhaps there is something that makes them the same. It was the same for me, so it probably does not matter.
  2. AS81_ADMINPASSWD is not the same as ADMINPASSWD using either my definition or the document's definition. However, in the amsilent template, it is set like this, which I found is incorrect and the cause of my recent hair loss:
  <blockquote>AS81_ADMINPASSWD="$ADMINPASSWD"</blockquote>
  Also, this one if you use the web server:
  <blockquote>WL8_PASSWORD="$ADMINPASSWD"</blockquote>
  Delete the $ADMINPASSWD and replace it with the password for the app/web server.
  h2. The Script.
  It tests for the above problem, but I just realized it does not check $ADMINPASSWD. If that is set incorrectly in your amsilent, you'll get errors immediately from amconfig, so no big deal. If you make improvements, please post a reply!
  Paste this into a file named checkamsilent. LDAP and appserver must be running. It reads /opt/SUNWam/amsilent. Run it as root or use sudo:
  sudo ./checkamsilent
  #!/usr/bin/bash
          echo "This will test several important parameters of the amsilent file "
          echo "run this as root."
          echo "### read in the amsilent parameters"
          echo "source /opt/SUNWam/amsilent  "
  source /opt/SUNWam/amsilent
          echo "### look for the *server port* with LISTNER, otherwise it's not listening. "
          echo "netstat -a | grep $SERVER_PORT    "
          echo "--------------"
  netstat -a | grep $SERVER_PORT  
          echo "--------------"
          echo "."
          echo "### *admin port* with LISTNER, otherwise it's not listening. "
          echo "netstat -a | grep $ADMIN_PORT   "
          echo "--------------"
  netstat -a | grep $ADMIN_PORT 
          echo "--------------"
          echo "."
          echo "### Expect to see a line of XML, otherwise the SERVER_PORT is incorrect in the amsilent file."
          echo "grep $SERVER_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml  "
          echo "--------------"
  grep $SERVER_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml
          echo "--------------"
          echo "."
          echo "### Expect to see a line of XML, otherwise the ADMIN_PORT is incorrect in the amsilent file."
          echo "grep $ADMIN_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml "
          echo "--------------"
  grep $ADMIN_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml
          echo "--------------"
          echo "."
          echo "### bind as the directory manager "
          echo "ldapsearch -v -h $DS_HOST -p 3892  -L -s sub -D \"$DS_DIRMGRDN\" -w \"$DS_DIRMGRPASSWD\" -b 'dc=nsf, dc=gov' \"cn=amldapuser\"" 
  ldapsearch -v -h $DS_HOST -p 3892  -L -s sub -D "$DS_DIRMGRDN" -w "$DS_DIRMGRPASSWD" -b 'dc=nsf, dc=gov' "cn=amldapuser" 
          echo "."
          echo "### check the amldapuser password. "
          echo "ldapsearch -w $AMLDAPUSERPASSWD -v -h $DS_HOST -p 3892  -L -s sub -D cn=amldapuser,ou=DSAME Users,dc=nsf,dc=gov -b ou=DSAME Users,dc=nsf,dc=gov cn=* cn  "
  ldapsearch -w "$AMLDAPUSERPASSWD" -v -h $DS_HOST -p 3892  -L -s sub -D "cn=amldapuser,ou=DSAME Users,dc=nsf,dc=gov" -b "ou=DSAME Users,dc=nsf,dc=gov" cn=* cn
          echo "."
          echo "### check the app server admin: AS81_ADMIN password: AS81_ADMINPASSWD  and port: ADMIN_PORT "
       echo "### That's actually a bug in the template.  "
       echo "### Do not use AS81_ADMINPASSWD=\$ADMINPASSWD  Make sure they are  different passwords! Don\'t use the default!"
       echo "Expect to see a WARNING about --password option. "
          echo "/opt/SUNWappserver/appserver/bin/asadmin  list-http-listeners --user $AS81_ADMIN --port $ADMIN_PORT  -w $AS81_ADMINPASSWD  "
  /opt/SUNWappserver/appserver/bin/asadmin  list-http-listeners --user $AS81_ADMIN --port $ADMIN_PORT  -w "$AS81_ADMINPASSWD"
          echo "done!"

  I change the product machine from LG optimus to Samsung Galaxy but the file writing is not working, too.
  I copied the source code from Adobe website about FileStream  but it is needless too.
  -----------------program code------------------------
  import flash.filesystem.*;
  import flash.filesystem.FileStream;
  import flash.events.Event;
  //txtFld is a standard textField component
  txtFld.text = "Start";var file:File = new File();
  //btnSaveFile is a standard button component
  btnSaveFile.addEventListener(MouseEvent.CLICK,handlerBtnSaveFile);
  function handlerBtnSaveFile(e:Event){
  txtFld.text = "Pressed";
  file = File.documentsDirectory;
  file = file.resolvePath("test.txt");
  var fileStream:FileStream = new FileStream();
  fileStream.openAsync(file, FileMode.WRITE);
  fileStream.writeUTFBytes("Hello");
  txtFld.text = file.nativePath.toString();
  //fileStream.addEventListener(Event.CLOSE, fileClosed);
  fileStream.close();
  fcnFileName();
  function fcnFileName(){
  txtFld.text = file.name.toString();
  function fileClosed(event:Event):void {
      trace("closed");
  txtFld.text = "FileClosed";

• Getting error while opening Sun access manager console

  We are facing problem while accessing console of Sun Access Manager. We got No Page Found error whenever we try to access the Sun Access Manager console. We have tried restarting the directory server and web server but even that doesn�t help us. Following are the error that gets recorded in log files:-
  ERROR: AuthD init() com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
  ERROR: Error creating service session java.lang.NullPointerException

  The ns-slapd.exe process belongs to the Directory Server. You should therefore check if your DS instance is set up properly.
  Michael

• Sun Access Manager  - Authentication Error

  Hello everyone,
  I'm trying to configure Sun Access Manager 7.0 with sun web server 6.1 and directory server 5.2 on windows xp.
  I'm getting the following error when I try to login with uid=amAdmin
  "Permission to perform the read operation denied to uid=amAdmin,ou=People,dc=example,dc=com"
  I do not see any errors from the debug files. Could anyone help me in fixing this problem.
  Thanks in advance,
  -krishna

  Is your AM log level set to message? If not, set to message and retest. You should get output in your debug logs.
  On the agent side, set your logging to all:5

• Sun Access Manager 2005Q1 session failover is not working

  Hi All
  I m using Sun access manager 2005Q1,message queue 2005Q1, Sun Directory server 5.2 ,BerkelyDb 4.2.52 and radware hardware load balancer with sticky session.
  I m have configured message queue and BerkeleyDB and both are running with any error.
  I m using http://docs.sun.com/source/817-7644/ch5_scenarios.html#wp41008 doc for session failover.
  Simple failover is working fine but the Session failover is not working.
  Any body has done session failover with Sun Access manager 2005 Q1 I m trying to resolve this issue last two month.
  Please it is urgent.

  It works fine in 2005Q4, after applying a patch 120954 if I am not mistaken. But 2005Q4 and 2005Q1 are probably different in terms of session failover (site configuration etc.)
  1. Stop both AM servers
  2. Set logging to debug mode in AMConfig.properties.
  3. Delete / move everything in /var/opt/SUNWam/debug
  4. tail -f /var/opt/SUNWam/debug/amSession
  5. Post that file here... you should be able to see if session failover is enabled etc....
  hope this helps.

• Access manager policyagent 2.1 fro webspher5.0  with sun access manager in

  Help It is very urgent
  I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Access manager url is
  http://lhostname:80/amconsole or https://hostname:443/amconsole and
  http://host:80/amserver/UI/Login or https://host:443/amserver/UI/Login.it is displaying access manager login page.It is working properly standalone.
  But when i configure it with policyagent2.1 for WebSphere5.0 .WebSphere installed on windows2000 server.when i type the application URL that is running on WebSphere it does not show access manager login page.It show u r not authurised to view this page.WebSphere running on Http.
  and amService log detail is*****************************************************
  03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  Naming service URL list: [https://my.domain.com:443/amserver/namingservice]
  03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  Only one naming service URL specified. NamingServiceMonitor will be disabled.
  03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  getServiceURL for service: auth protocol: https host: my.domain.com port: 443
  03/02/2006 05:57:32:112 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  ERROR: Naming service connection failed
  com.iplanet.services.comm.client.SendRequestException: com.ibm.ws.orbimpl.transport.protocol.https.HttpsURLConnection
       at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:141)
       at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:73)
       at com.iplanet.services.naming.WebtopNaming.getNamingResponse(WebtopNaming.java:360)
       at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:421)
       at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:353)
       at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:187)
       at com.sun.identity.authentication.AuthContext.setLocalFlag(AuthContext.java:1159)
       at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1100)
       at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1071)
       at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:142)
       at com.sun.identity.policy.client.AuthService.getAppSSOToken(AuthService.java:103)
       at com.sun.identity.policy.client.AuthService.getApplicationSSOToken(AuthService.java:79)
       at com.sun.identity.policy.client.PolicyEvaluator.getAppSSOToken(PolicyEvaluator.java:499)
       at com.sun.identity.policy.client.PolicyEvaluator.init(PolicyEvaluator.java:193)
       at com.sun.identity.policy.client.PolicyEvaluator.<init>(PolicyEvaluator.java:172)
       at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:118)
       at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:87)
       at com.sun.identity.agents.policy.AmWebPolicy.<init>(Unknown Source)
       at com.sun.identity.agents.policy.AmWebPolicyManager.<init>(Unknown Source)
       at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(Unknown Source)
       at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
       at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
       at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
       at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
       at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
       at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:132)
       at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:71)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:863)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:491)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:173)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:79)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:199)
       at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
       at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
       at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:331)
       at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
       at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:432)
       at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:343)
       at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:592)
  Thanks & Regards
  Saini

  This is an SSL handshake problem of Websphere - has nothing to do with AM.
  Websphere�s JDK does not trust the Signer / Cert of AM�s deployment container.
  Either configure a truststore (or use an existing webshpere truststore) where you import the Cert of the Signing CA of your AM DC�s cert.
  Other option - import the mentioned cert in cacert file of IBM JDK - but be aware that this might get lost when applying an Websphere fixpack/refreshpack.
  BTW what have you configured for server.port,server.host and server.protocol in your AMConfig.properties?
  If you have not changed that settings agent will use the port/protocol specified to communicate with AM.
  -Bernhard

• Login to Sun access manager admin console failed.

  we are using Sun access manager 2003Q4. Today i am not able to login to the amconsole itself.it says authentication failed. i tried with all the admin users we have and also with the amadmin same error.
  The ldap is up and running.
  can any one suggest me the probable problem and solution.
  or the log files i need to look at which can help in trouble shooting.
  thanks in advance

  Check your AppServer to see it up and running or not.

• Policy Agent doesn't reset Sun  Access Manager session time idle value

  Hi,
  We have the following setup in our environment:
  - apache web server/web and policy agent 2.2 for apache 2.0.54
  - webmethods portal server (jetty)
  -Sun Access Manager (with Sun Directory Server)
  We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
  Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
  Thanks a lot for the help.

  Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
  We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
  Thanks for all your help,

• How to set up PopProxy* log file size ?

  Dear All,
  Does anybody know how to set up MMP PopProxy* log file size and rollovertime ?
  ./imsimta version
  Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)
  libimta.so 7.0-3.01 64bit (built 09:24:13, Dec 9 2008)
  Steve

  SteveHibox wrote:
  Does anybody know how to set up MMP PopProxy* log file size and rollovertime ?Details on these settings are available here:
  http://wikis.sun.com/display/CommSuite6U1/Communications+Suite+6+Update+1+What%27s+New#CommunicationsSuite6Update1What%27sNew-MMPLogging
  Regards,
  Shane.

• Username and password for Sun Access Manager 7.1

  Hi
  Thank you for reading my post
  I ge the new Java Application Platform SDK Update 2 which has access manager and portlet management inside it.
  Can you tell me what is username and password for Sun access Manager 7.1 administration cosole?
  thanks

  with me it was amadmin : admin123
  in the readme file in the addons directory:
  Done! Access the AM server URL and see if the Access Manager is working or not -
  <amserver_protocol>://<amserver_host>:<amserver_port>/amserver
  user : 'amadmin', password : <admin password>
  in a config file i found the password was admin123

• Sun Access Manager Event Sequence

  I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
  If I don't use the policy agent, here is the sequence of events as I understand them:
  1) Browser hits Black Box (BB) for protected information.
  2) BB redirects the browser to me.
  3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
  4) The AM throws an invalid id exception because the user has never logged in.
  5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
  6) ... ?
  Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.

  Okay, never mind then.

• Sun Access manager

  Hi all,
  i am developing a sample application using sun access manager.it would be very helpful if anyone could help me out in giving some code examples and help me out in developing a sample web app.I have to use the oracle database to get the users and roles.If anyine could post me some sample code for the same it would be really great of u..
  Thanx in advance,
  Sidharth

  ya thats right.....i tried the purejaasexample given in that...and it worked...but my problem is that....supppose i create an user in my db and then when his authntication is suceeded then can i know from the console who has logged in and all...tell me what is the best example i can try from the samples directory....
  basically i want to create a smaple application using sun access manager and implement it in one of our companys big app

• Sun Access Manager login problem

  Hi,
  This is a very basic problem. I have installed Sun Access Manager 7 using JES installer. It is configured to authenticate against a LDAP datastore. I am able to login into the amconsole application using the amAdmin DN but I am not able to login with any other user that I create through Sun Access Manager.Any help will be highly appreciated.
  TIA.

  Hello,
  When you create any user through SUN Access Manager, is that user is created in LDAP
  datastore, or is it created in SAM flat file repository ?