Logging debug information for SecureLogin.

  • 7001124
  • 07-Aug-2008
  • 01-May-2018

Environment

Novell SecureLogin version 3.5
Novell SecureLogin  v 6.x
Novell SecureLogin  v 7.x
NetIQ SecureLogin   v 8.x

Situation

How to configure SecureLogin to capture debug logs.

Logging debug information for SecureLogin.


Resolution

With logging enabled, NSL will create a file called ssodebug.txt  in the following directories:

- on XP workstations:   C:\Documents and Settings\<USERNAME>\Application Data\SecureLogin\Logs,"  where USERNAME is the name of the local user on the workstation. 

- on Windows 7 workstations: C:\Users\<USERNAME>\AppData\Roaming\SecureLogin\Logs   where USERNAME is the name of the local user on the workstation. 
 
There are two ways to capture NSL debug logs.  Both require that SecureLogin be stopped and restarted for changes to take effect.
 
 
Method 1. Through the utility SLLoggingManager.exe included with the NSL distriubtion package and found in the directory SecureLogin\Tools\Unsupported.  This is a graphical utility that allows you to configure logging with a few mouse clicks.  After launching the utility, just click in the "logging level" field for the desired modules, hit the down arrow and select the desired logging level.  If Novell Support has asked you for a NSL log, you will need to select "debug" level.

Method 2. By manually editing the registry to specify the modules to log .  Edit the following registry key: 

[HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin]

First create the key "Logging,"  then create the dword entries from the information below.  (Remember to turn the diagnostics log file off once you have finished or the log file will continue to grow and may cause SecureLogin to run slowly.)   For example the edited registry will look like this if you select to log for everything:
 
 
 

 

To instruct SecureLogin to output advanced debug information to the log file, create one or more of the following dword registry entries.   Create the registry entry for the specific area in which you want SecureLogin to perform a debug trace.

 

Each dword entry relates closely to the files of the same or similar name;

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\Logging]


"All" =dword:00000000

"Allint"=dword:00000000

"Broker"=dword:00000000

"BrokerInt"=dword:00000000

"Launcher"=dword:00000000

"MadMan"=dword:00000000

"SLCredMan"=dword:00000000

"WinLib"=dword:00000000

"NetscapeSSO"=dword:00000000

"WebSSO"=dword:00000000

"WinSSO"=dword:00000000

"Wizard"=dword:00000000

"LotusSSO"=dword:00000000

"Parser"=dword:00000000

"JavaSSO"=dword:00000000

"JavaSSOBHO"=dword:00000000

"AWS"=dword:00000000

"IESSO"=dword:00000000

"XMLConv"=dword:00000000

"TLaunch"=dword:00000000

 

The values can be set from 0 to 3.

 

0 means log all messages and 3 logs critical issues only.

 

The following explains the type of information that each option will log.

 

"Broker"=dword:00000000

 

Logs high level information relating to SLBroker.Exe, such as communications and synchronization of SecureLogin data (such as the user's secrets) with the Directory.

 

"BrokerInt"=dword:00000000

 

Logs low level information relating to SLBroker.Exe, including coding symbols and functions.

 

"Launcher"=dword:00000000

 

Logs information relating to SLLauncher.Exe, including published applications in a Citrix environment.

 

"MadMan"=dword:00000000

 

Logs information relating to MadMan.DLL, including binding user defaults, and setting preferences in a Microsoft Active Directory environment.

 

"SLCredMan"=dword:00000000

 

Logs information relating to whether SecureLogin is able to retrieve the user’s ADS username and password in a Microsoft ADS environment.

 

"WinLib"=dword:00000000

 

Logs information on SecureLogin’s interaction with the common windows library.

 

"NetscapeSSO"=dword:00000000

 

Logs information relating to Single Sign-on to Netscape applications.

 

"WebSSO"=dword:00000000

 

Logs information relating to WebSSO.DLL for Web Single Sign-on (WebSSO.DLL only exists in older versions of SecureLogin).

 

"WinSSO"=dword:00000000

 

Logs information relating to Single Sign-on to Windows applications.

 

"Wizard"=dword:00000000

 

Logs information relating to the Wizard.

 

"LotusSSO"=dword:00000000

 

Logs information relating to Lotus Notes, if using ProNotes.DLL (doesn't affect Notes installation that use a script for Lotus Notes).

 

"Parser"=dword:00000000

 

Logs information relating to the script parser.

 

"JavaSSO"=dword:00000000

 

Logs information relating to Single Sign-on to Java applications.

 

"JavaSSOBHO"=dword:00000000

 

Logs information relating to the Java Single Sign-on browser helper object (for SSO to web based Java applications).

 

"AWS"=dword:00000000

 

Logs information relating to advanced windows scripting features.

 

"IESSO"=dword:00000000

 

Logs information relating to Single Sign-on to Internet Explorer web based applications.

 

"XMLConv"=dword:00000000

 

Logs information relating to the XML converter that is able to export and import Directory data.

 

"TLaunch"=dword:00000000

 

Logs information relating to the terminal launcher application.

 

To enable debug log for SLNMAS create a registry key at HKLM\SOFTWARE\Protocom\SecureLogin\Virtual Channel\slnmas and then create a string value called debug and set it to 1.

.

Additional Information

Warning:  The NSL Diagnostic log file should only be enabled if you have been instructed to by Novell Support to do so, and should be deactivated when you are finished.  With NSL3.51 and later, the NSL debug log file becomes part of the Windows roaming profile (if roaming profiles have been activated).  If left on for long periods of time the log file can become quite large and cause problems with the roaming profile. 

Additionally, the file can cause some confusion for those unfamiliar with its contents in that it generates a lot of information that may appear to capture error messages that in fact records expected conditions.  


There is an option to “Activate the diagnostics log file” in the NSL client settings, or in the SecureLogin settings under properties of the user object in your directory management tool (e.g. ConsoleOne).  This option will enable logging for successful status messages, but not for debug information. Enabling this setting is not necessary to capture debug-level logs. 

Formerly known as TID# 10088017