Skip to Content
Information
Out of support This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using JEE agents for logging

JEE agents are embedded within web applications to provide authentication. The agents are as varied as the JEE containers. The log file locations are also variable. However, the gathering of support information has been normalized regardless of the container.

Support utility location

The support utility is located at:

<container>/atssoAgents/bin

In this case, container is the base directory of the JEE container where the agent has been installed. For example, for the Tomcat server, the location is the CATALINA_HOME directory, and for IBM WebSphere, the location is the AppServer directory. For information on running the support utility, see Support utility.

To change the logging level

With BMC Atrium Single Sign-On, the configuration of the JEE agents are centralized. To change the logging level, you update the specific J2EE agent.

  1. Navigate to Access Control > Top-level Realm > Agents > J2EE > <agentLink> > Global > General
     In this case, the agentLink is the name of the agent based on the host and port of the server where the agent is installed. For example:

    BMCJEEAgent@sample.bmc.com:8080 or /arsys@sample.bmc.com:8080
    Within this section is a series of radio buttons. These buttons are used to specify the logging level for the agent.

  2. Click the radio button for the logging level.
    • Error (default) The logging level is typically kept at this default.
    • Message generates the most verbose logs but severely impacts server performance. The message level should only be used when an issue is being worked on.

To turn on auditing at the agent level

By default, the audit logs for agents are not used.

  1. Navigate to the Audit section: Access Control > Top-level Realm link > Agents > J2EE > AgentLink > Global > Audit

  2. Modify the following audit attributes as needed:
    • Type of access that is logged (allow, deny, and so on).
    • Size of the audit logs
    • Rotation of the audit logs

    • Location of the logging (agent or server). 

      Warning

      Note

      If server logging is selected (remote), performance degrades because the logging information is transported through the network to BMC Atrium Single Sign-On.

WebSphere log file locations

  • <installationDirectory>/AppServer/atssoAgents/installer-logs
  • <installationDirectory>/AppServer/atssoAgents/Agents_001
  • <installationDirectory>/AppServer/profiles/<AppSrv>/logs

The Agents_001 might increment when BMC Atrium Single Sign-On integration is enabled or disabled.

Tomcat log file locations

  • <catalinaHome>/logs
  • <catalinaHome>/temp
  • <catalinaHome>/atssoAgents/installer-logs (optional)
  • <catalinaHome>/atssoAgents/Agents_001 (optional)

Log file rotation

Audit logs size and whether the audit logs are rotated are modified by editing the web agent Rotate Local Audit Log properties:

  • com.sun.identity.agents.config.local.log.rotate
  • com.sun.identity.agents.config.local.log.size

The local logs are rotated automatically since by default, the Rotate Local Audit Log property is enabled. When this property is not enabled, the local log file is not rotated.

Debug log file location

The following web agent property, specified in the OpenSSOAgentBootstrap.properties file, indicates the location of the debug file:
com.sun.identity.agents.config.local.logfile

Warning

Note

This agent property might not be available with all agent deployments.


This property is not available through the OpenSSO Enterprise console. Because a local audit file is created during agent installation, the location of that file is assigned to this bootstrap file property.

Local audit log rotation size

The Local Audit Log Rotation Size property value for a web agent indicates the maximum number of bytes the debug file can hold. This agent property can be set through the OpenSSO Enterprise console. The Local Audit Log Rotation Size property value, com.sun.identity.agents.config.local.log.size, is located on the Global tab.

Warning

Note

This agent property may not be available with all agent deployments.


This property controls the log file size. A new log file is created when the current log file reaches a specific size. The file size should be a minimum of 3000 bytes. The default size is 10 megabytes.

Log file index

When a new log file is created, an index number is appended to the name of the log file. The appended number indicates the chronological order in which information of a given size was filed to its respective log file. There is no limit to the number of log files that can be rotated.

  • <amAgent>-1
  • <amAgent>-2

In this case, amAgent represents the fully qualified path name to the log files excluding the appended number. The numbers 1 and 2 represent appended numbers.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Atrium Single Sign-On 8.0.00