|
| Problem | How do I perform security, SAS and ORB tracing on the WebSphereŽ Application Server administrative and application servers? | | | | Solution | This technote explains what steps must be taken to perform different combinations of security, SAS and ORB tracing required by the support organization to analyze a WebSphere Application Server security related problem with the administrative server and the application server.Table of ContentsSECTION AND DESCRIPTION:Administrative server only - Security trace:I. Security trace on the administrative server for WebSphere Application Server 3.5.x AE or SEII. Security trace on the administrative server for WebSphere Application Server 4.0.x AEIII. Security trace on the administrative/application server for WebSphere Application Server 4.0.x AEs and AEd (note: for AEs and AEd it is a single server)Administrative server only - Security and SAS trace:IV. Security and SAS trace on the administrative server for WebSphere Application Server 3.5 to 3.5.4 AE or SEV. Security and SAS trace on the administrative server for WebSphere Application Server 3.5.5 to higher 3.5.x AE or SEVI. Security and SAS trace on the administrative server for WebSphere Application Server 4.0.x AEVII. Security and SAS trace on the administrative/application server for WebSphere Application Server 4.0.x AEs and AEd (note: for AEs and AEd it is a single server)Administrative server and application server - Security trace:VIII. Security trace on the administrative and application servers for WebSphere Application Server 3.5.x AE or SEIX. Security trace on the administrative and application servers for WebSphere Application Server 4.0.x AEAdministrative server and application server - Security and SAS trace:X. Security and SAS trace on the administrative and application servers for WebSphere Application Server 3.5 to 3.5.4 AE or SEXI. Security and SAS trace on the administrative and application servers for WebSphere Application Server 3.5.5 to higher 3.5.x AE or SEXII. Security and SAS trace on the administrative and application servers for WebSphere Application Server 4.0.x AEAdministrative server only - Security, SAS, and ORB trace:XIII. Security, SAS and ORB trace on the administrative server for WebSphere Application Server 3.5 to 3.5.4 AE or SEXIV. Security, SAS and ORB trace on the administrative server for WebSphere Application Server 3.5.5 to higher 3.5.x AE or SEXV. Security, SAS and ORB trace on the administrative server for WebSphere Application Server 4.0.x AEXVI. Security, SAS and ORB trace on the administrative/application server for WebSphere Application Server 4.0.x AEs and AEd (note: for AEs and AEd it is a single server)Administrative server and application server - Security, SAS, and ORB trace:XVII. Security, SAS and ORB trace on the administrative and application servers for WebSphere Application Server 3.5 to 3.5.4 AE or SEXVIII. Security, SAS and ORB trace on the administrative and application servers for WebSphere Application Server 3.5.5 to higher 3.5.x AE or SEXIX. Security, SAS and ORB trace on the administrative and application servers for WebSphere Application Server 4.0.x AE================================================================Administrative server only - Security trace sections I - III When a security problem affects only the administrative server, usually just a security trace is performed on the administrative server only. I. To perform only a security trace on the administrative server for WebSphere Application Server 3.5.x AE or SE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output file, if it exists, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output file, tracefile, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props
- Revert to the original settings by copying the admin.config file from the backupcopy that you created in Step 1 and restarting WebSphere application server
II. To perform only a security trace on the administrative server for WebSphere Application Server 4.0.x AE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output file, if it exists, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output file, tracefile, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 1 and restart the application server
III. To perform only a security trace on the administrative/application server for WebSphere Application Server 4.0.x AEs and AEd, follow these steps:- Stop the application server.
- Make a backup copy of the WSAS root/config/server-cfg.xml file, edit the original, and make the following changes:
<traceService xmi:id="TraceServiceConfig_1" enable="true" traceSpecification="com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled" traceOutputFilename="<fully qualified filename>" diagThreadPort="7000"/>
- Delete or rename the output file, if it exists, the WSAS root/logs/default_server_stderr.log, the WSAS root/logs/default_server_stdout.log, and the WSAS root/logs/activity.log
- Start WebSphere Application Server and recreate the problem.
- Return the output file, default_server_stderr.log, default_server_stdout.log, activity.log, server-cfg.xml, and WSAS root/properties/sas.server.props.
- Revert to the original settings by stopping WebSphere Application Server and copying the server-cfg.xml file from the backup copy that you created in Step 2; then restart the application server.
Administrative server only - Security and SAS trace sections IV - VII When there is a problem with authentication in the administrative server, usually both a security and SAS trace are performed on the administrative server only.
IV. To perform a security and SAS trace on the administrative server for WebSphere Application Server 3.5 to 3.5.4 AE or SE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following four lines:
com.ibm.CORBA.securityDebug=console
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output file, if it exists, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log
- Start the application server and recreate the problem.
- Return the output file, tracefile, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 1, then restart the application server.
V. To perform a security and SAS trace on the administrative server for WebSphere Application Server 3.5.5 or higher 3.5.x AE or SE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(e.g., com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by stopping the application server and copying the admin.config and sas.server.props files from the backup copies that you created in Steps 1 and 3; then restart the application server.
VI. To perform a security and SAS trace on the administrative server for WebSphere Application Server 4.0.x AE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(e.g., com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, adminserver_stderr.log, activity.log, admin.config, and as.server.props.
- Revert to the original settings by stopping the application server and copying the admin.config and sas.server.props files from the backup copies created in Steps 1 and 3; then restart the application server.
VII. To perform a security and SAS trace on the administrative/application server for WebSphere Application Server 4.0.x AEs and AEd, follow these steps:- Stop the application server.
- Make a backup copy of the WSAS root/config/server-cfg.xml file, edit the original, and make the following changes:
<traceService xmi:id="TraceServiceConfig_1" enable="true" traceSpecification="com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled" traceOutputFilename="<fully qualified filename>" diagThreadPort="7000"/>
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, if they exist, the WSAS root/logs/default_server_stderr.log, the WSAS root/logs/default_server_stdout.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, default_server_stderr.log, default_server_stdout.log, activity.log, server-cfg.xml, and sas.server.props.
- Revert to the original settings by stopping the application server and copying the server-cfg.xml and sas.server.props files from the backup copies that you created in Steps 2 and 3, then restart the application server.
Administrative server and application server - Security trace sections VIII & IX When a security problem affects the application server, usually a security trace is performed on both the application and administrative servers. VIII. To perform a security trace on the application and administrative servers for WebSphere Application Server 3.5.x AE or SE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that is going to be traced.
- Click the Advanced tab if the application server's advanced properties are not already displayed.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(e.g., com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output files, (if they exist, the WSAS root/logs/tracefile, the application server's stderr and stdout files, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output file, tracefile, the application server's stderr and stdout files, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 5, restarting the application server, stopping the application server, undoing the changes to its trace properties, and starting the application server.
IX. To perform a security trace on the application and administrative servers for WebSphere Application Server 4.0.x AE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click the Services tab, click the Trace Service, then click Edit Properties.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click OK. Click Apply in the main administrative console window, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(e.g., com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the application server's stderr and stdout files, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, the application server's stderr and stdout files, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 5, restarting the application server, stopping the application server, undoing the changes to its trace properties, and starting the Application Server.
Administrative server and application server - Security and SAS trace sections X - XII When there is a problem with authentication in the application server, usually both a security and SAS trace are performed on the administrative and application servers.
X. To perform a security and SAS trace on the application and administrative servers for WebSphere Application Server 3.5 to 3.5.4 AE or SE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click the General tab if the application server's general properties aren't already displayed.
- Add the following in the Command Line Arguments field, separated by a space between parameters:
-Dcom.ibm.CORBA.securityDebug=console -Dcom.ibm.CORBA.securityTraceLevel=advanced
- Click Apply to accept this change
- Click the Advanced tab to display the application server's advanced properties.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following four lines:
com.ibm.CORBA.securityDebug=console
com.ibm.CORBA.securityTraceLevel=advanced com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the application server's stderr and stdout files, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, the application server's stderr and stdout files, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 8, restarting WebSphere application server, stopping the application server, undoing the changes to its command line and trace properties, and starting the application server.
XI. To perform a security and SAS trace on the application and administrative servers for WebSphere Application Server 3.5.5 and higher 3.5.x AE or SE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click on the Advanced tab if the application server's advanced properties aren't already being displayed.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled
- Put a fully qualified hostname in the Trace Output field (for example, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as,, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the application server's stderr and stdout files, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start WebSphere application server and recreate the problem.
- Return the output files, tracefile, the application server's stderr and stdout files, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by stopping the application server, copying the admin.config and sas.server.props files from the backup copies that you created in Steps 5 and 7, starting the application server, stopping the application server, undoing the changes to its trace properties, and starting the application server.
XII. To perform a security and SAS trace on the application and administrative servers for WebSphere Application Server 4.0.x AE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click the Services tab, click the Trace Service in the services table, then click Edit Properties.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click OK. Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following two lines:
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled
com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as,, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (e.g., C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, (if they exist, the WSAS root/logs/tracefile, the application server's stderr and stdout files, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, the application server's stderr and stdout files, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by stopping the application server, copying the admin.config and sas.server.props files from the backup copies that you created in Steps 5 and 7, starting WebSphere application server, stopping the application server, undoing the changes to its trace properties, and starting the application server.
Administrative server only - Security, SAS, and ORB trace sections XIII - XVI When there is a problem at the network communications level in the administrative server, usually a security, SAS and ORB trace is performed on the administrative server. XIII. To perform a security, SAS and ORB trace on the administrative server for WebSphere Application Server 3.5 to 3.5.4 AE or SE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following six lines:
com.ibm.CORBA.securityDebug=console com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:ORBRas=all=enabled com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output file, if it exists, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output file, tracefile, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 1; then restart the application server.
XIV. To perform a security, SAS and ORB trace on the administrative server for WebSphere Application Server 3.5.5 or higher 3.5.x AE or SE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following four lines:
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:ORBRas=all=enabledcom.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, adminserver_stderr.log, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by stopping the application server, copying the admin.config and sas.server.props files from the backup copies that you created in Step 1 and 3, and restarting the application server.
XV. To perform a security, SAS and ORB trace on the administrative server for WebSphere Application Server 4.0.x AE, follow these steps:- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following four lines:
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled:ORBRas=all=enabledcom.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (e.g., C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, if they exist, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, adminserver_stderr.log, activity.log, admin.config, and as.server.props.
- Revert to the original settings by stopping the application server, copying the admin.config and sas.server.props files from the backup copies that you created in Steps 1 and 3, and restarting the application server.
XVI. To perform a security, SAS and ORB trace on the administrative/application server for WebSphere Application Server 4.0.x AEs and AEd, follow these steps:- Stop the application server.
- Make a backup copy of the WSAS root/config/server-cfg.xml file, edit the original, and make the following changes:
<traceService xmi:id="TraceServiceConfig_1" enable="true" traceSpecification="com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled:ORBRas=all=enabled" traceOutputFilename="<fully qualified filename>" diagThreadPort="7000"/>
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, (if they exist, the WSAS root/logs/default_server_stderr.log, the WSAS root/logs/default_server_stdout.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, default_server_stderr.log, default_server_stdout.log, activity.log, server-cfg.xml, and sas.server.props.
- Revert to the original settings by stopping the application server, copying the server-cfg.xml and sas.server.props files from the backup copies that you created in Step 2 and 3, and restarting the application server
Administrative server and application server - Security, SAS, and ORB traceXVII - XIX When there is a problem at the network communications level in the application server, usually a security, SAS and ORB trace is performed on the administrative and application servers. XVII. To perform a security, SAS and ORB trace on the administrative and application servers for WebSphere Application Server 3.5 to 3.5.4 AE or SE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click the General tab if the application server's general properties aren't already displayed.
- Add the following in the Command Line Arguments field (separated by a space between parameters):
-Dcom.ibm.CORBA.securityDebug=console
-Dcom.ibm.CORBA.securityTraceLevel=advanced
-Dcom.ibm.CORBA.Debug=true
-Dcom.ibm.CORBA.CommTrace=true
- Click Apply to accept this change.
- Click the Advanced tab to display the application server's advanced properties.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled:ORBRas=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following six lines:
com.ibm.CORBA.securityDebug=console
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:ORBRas=all=enabled com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Delete or rename the output file, if it exists, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output file, tracefile, adminserver_stderr.log, the application server's stderr and stdout files, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by copying the admin.config file from the backup copy that you created in Step 8, restarting the application server, stopping the application server, undoing the changes to its command line and trace properties, and starting the application server.
XVIII. To perform a security, SAS and ORB trace on the administrative and application servers for WebSphere Application Server 3.5.5 or higher 3.5.x AE or SE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click the General tab if the application server's general properties are not already displayed.
- Add the following in the Command Line Arguments field (separated by a space between parameters):
Dcom.ibm.CORBA.Debug=true -Dcom.ibm.CORBA.CommTrace=true
- Click Apply to accept this change.
- Click the Advanced tab to display the application server's advanced properties.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled:ORBRas=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace).
- Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following four lines:
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true
com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:ORBRas=all=enabled com.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, (if they exist, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, adminserver_stderr.log, the application server's stderr and stdout files, activity.log, admin.config, and WSAS root/properties/sas.server.props.
- Revert to the original settings by stopping the application server, copying the admin.config and sas.server.props files from the backup copies that you created in Steps 8 and 10, starting the application server, stopping the application server, undoing the changes to its command line and trace properties, and starting the application server.
XIX. To perform a security, SAS and ORB trace on the administrative and application servers for WebSphere Application Server 4.0.x AE, follow these steps:- Run the administrative console, expand the topology frame, and highlight the application server that will be traced.
- Click the JVM Settings tab.
- Next to the System Properties table, click Add, and add the following names and corresponding values:
com.ibm.CORBA.Debug with a value of true
com.ibm.CORBA.CommTrace with a value of true
- Click Apply.
- Click the Services tab, click the Trace Service in the services table, and click Edit Properties.
- Put the following in the Trace Specification field:
com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled:ORBRas=all=enabled
- Put a fully qualified hostname in the Trace Output field (such as, C:\WebSphere\AppServer\logs\appsecuritytrace)
- Click OK. Click Apply, and make sure that the application server is started.
- Make a backup copy of the WSAS root/bin/admin.config file, edit the original, and add the following four lines:
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true com.ibm.ejs.sm.adminServer.traceString=com.ibm.ejs.security.*=all=enabled:com.ibm.ws.security.*=all=enabled:ORBRas=all=enabledcom.ibm.ejs.sm.adminServer.traceOutput=<fully qualified filename>
(such as, com.ibm.ejs.sm.adminServer.traceOutput= /usr/WebSphere/AppServer/logs/adminsecuritytrace)
- Stop the application server.
- Make a backup copy of the WSAS root/properties/sas.server.props file, edit the original, and make the following changes or additions:
com.ibm.CORBA.securityDebug=true
com.ibm.CORBA.securityTraceLevel=advanced
com.ibm.CORBA.securityOutputMode=file
com.ibm.CORBA.securityActivityOutputMode=file
com.ibm.CORBA.securityErrorsOutputMode=file
com.ibm.CORBA.securityExceptionsOutputMode=file
com.ibm.CORBA.securityTraceOutputMode=file
com.ibm.CORBA.securityTraceOutput=<fully qualified filename> (such as, C:\:/WebSphere/AppServer/logs/sastrace)
- Delete or rename the output files, (if they exist, the WSAS root/logs/tracefile, the WSAS root/logs/adminserver_stderr.log, and the WSAS root/logs/activity.log.
- Start the application server and recreate the problem.
- Return the output files, tracefile, adminserver_stderr.log, the application server's stderr and stdout files, activity.log, admin.config, and sas.server.props.
- Revert to the original settings by stopping the application server, copying the admin.config and sas.server.props files from the backup copies that you created in Steps 8 and 10, starting the application server, stopping the application server, undoing the changes to its command line and trace properties, and starting the application server.
| | | |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security Operating system(s): Multi-Platform Software version: 3.5, 4.0 Software edition: Edition Independent Reference #: 1051565 IBM Group: Software Group Modified date: 2004-12-14
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|