Symantec Access Management

Expand all | Collapse all

CA Directory Logging - Closing Log Files

  • 1.  CA Directory Logging - Closing Log Files

    Posted 09-05-2017 03:56 PM



    You may wish to limit the CA Directory logging for additional performance gain or limit disk impact for ongoing use.


    An example to focus DSA logging to the primary value logs:  trace, alarm, warn; but close the other logs that are enabled by default.





    # DSA trace log - Used for debugging

    set trace-log = "logs/$s_trace.log";

    set trace = error;

    set rollover-trace-log = true;

    # DSA alarm log

    set rollover-alarm-log = true;

    set alarm-log = "logs/$s_alarm.log";

    # DSA Query Log - Disabled

    set query-log-advanced = none;

    # DSA Update Log - Disabled

    set update-log-show-values = false;

    # DSA Time Log - Disabled

    set time-log-search-threshold = none;

    set time-log-update-threshold = none;

    # DSA Alert Log

    set alert-log = "logs/$s_alert.log";


    # Daily warning, statistics, diagnostic & summary logs

    set warn-log = "logs/$s_warn.log";

    #set stats-log = "logs/$s_stats.log";

    #set diag-log = "logs/$s_diag.log";

    #set summary-log = "logs/$s_summary.log";


    # Disable logs via close command, re-enable when debugging performance of CA Directory

    close summary-log;

    close diag-log;

    close stats-log;






    ### Reference data ###


    Other examples of additional switches for CA Directory logging:

    Steps to Turn on Directory time and query logging… 



    Close log command:

    close log Command -- Stop Output Being Sent to a Log File - CA Directory - 12.0.14 - CA Technologies Documentation… 



    Size limits for logs

    CA Directory 12.0.18 Latest Cumulative Release Download - CA Technologies 







  • 2.  Re: CA Directory Logging - Closing Log Files

    Broadcom Employee
    Posted 01-24-2018 02:07 PM

    I would like to disable the three logs you have suggested for a SessionStore that is controlled via the DXserver Management UI... no joy.  I have tried the following to stop the logs:

    • Edit the SessionStore DSA via the UI.  Go to the Raw Settings tab and add the 3 'close' commands on separate lines with a trailing semicolon.  Click Next and agreee to Init running DSA.
    • Same as above, but put all 3 'close' commands on a single line.
    • Manually exit config/servers/SessionStore.dxi and add the 'close' commands.
      • Run 'dxserver init SessionStore'.
      • Run 'dxserver stop SessionStore; dxserver start SessionStore'

    I have only checked the stats-log.  It continued to log messages after trying each of the above methods to stop it.


  • 3.  Re: CA Directory Logging - Closing Log Files

    Former Employee
    Posted 09-08-2017 03:28 PM

    Thank you for sharing this with the community Alan!

    CA Directory Logging - Closing Log Files 

  • 4.  Re: CA Directory Logging - Closing Log Files

    Posted 01-24-2018 06:21 PM

    Hi Rich,


    Depending on "where" in the DXI file you added these lines will have influence.

    - I will have to validate with the new DX Mgmt UI to confirm no issues.


    If you do not have access to the ../logging/<name_here>.dxc"  file used for logging, you can place your close statements after this line in the DXI file or near the bottom of this file.


    You can validate that these commands closed the file, if you set a trace on the DSA as well.

    set trace=dsa;





    #### ####  #########



    [dsa@vapp0001 servers]$ cat UserStore_userstore-01.dxi


    # logging and tracing
    source "../logging/default.dxc";

    set trace=dsa;


    close summary-log;

    close diag-log;

    close stats-log;


    set trace=error;

    # schema
    clear schema;
    source "../schema/im.dxg";
    # knowledge
    clear dsas;
    source "../knowledge/im.dxg";
    # operational setting
    source "../settings/default.dxc";
    # service limits
    source "../limits/default.dxc";
    # access controls
    clear access;
    source "../access/default.dxc";
    # multiwrite DISP recovery
    set multi-write-disp-recovery = true;
    # grid configuration
    set dxgrid-db-location = "data";
    set dxgrid-db-size = 3000;
    set dxgrid-backup-location = "/opt/CA/Directory/dxserver/backup/";
    dump dxgrid-db period 0 86400;
    set cache-index-all-except = imPasswordData, imPasswordQandA, imEncryptedShadowPassword,imJpeg00, imJpeg01, imJpeg02, imJp
    eg03, imJpeg04, imCertificate00, imCertificate01, imBinary00, imBinary01, jpegPhoto;
    set lookup-cache = true;
    set mimic-netscape-for-siteminder = true;
    ##set concurrent-bind-user = DN;
    set hold-ldap-connections = true;



    ######## ######




  • 5.  Re: CA Directory Logging - Closing Log Files

    Posted 01-24-2018 03:43 PM

    Rich Rich_Faust


    Did we try the "CLOSE" command in dxconsole ? The console runs on +1 port than the port that the instance is running. 

    Login to dxserver.

    If the instances is running on 7771, then console can be accessed on 7772.

    Type "telnet localhost 7772".

    This will connect to console.

    Execute the commands in the console.


    Let know if this works.

  • 6.  Re: CA Directory Logging - Closing Log Files

    Broadcom Employee
    Posted 01-25-2018 10:51 AM

    I may have been cross-eyed yesterday, because I repeated my test and the 'close *log;' lines I manually added to config/servers/SessionStore.dxi are in fact working.  New log files are created upon restart of the SessionStore, but they are empty.  Sorry for the false alarm.


    I would like to point out that as soon as DX Management UI r12.6.03 starts managing a DSA it places ALL of the configuration commands in a single, monolothic version of the config/servers/DSA.dxi file.  The individual configuration files in limits/, logging/, schema/ etc. are not deleted (and also not referenced by the sole configuration file), and that can fool you into thinking those files are still relevant.