Howto map syslog level error messages with Access Manager error level messages

  • 7004876
  • 18-Nov-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Linux Access Gateway

Situation

Access Manager writes log files to multiple locations, all referenced via the Admin Console -> Auditing -> General Logging TAB. For example, the Linux Access Gateway (LAG) writes proxy specific logs to /var/log/ics_dyn.log. Looking at the /etc/sysconfig configuration on the LAG, one can see the local0.* statement describing what is logged.

The events are well defined in the Access Manager documentation (e.g. the first digit is Severity) at the following locations:
 
Administrator wants to configure syslog in such a way that the events are sent to another, remote syslog server. The goal is to filter which event get send or not based on severity. To do this, one has to understand the mapping between Access Manager Severity and syslog-level. Currently, the various levels are:
 
Access Manager Severity
1 = severe
2 = error
3 = warn
4 = config
5 = info
6 = debug
9 = internal
 
syslog-level
- emerg
- alert
- crit
- err
- warning
- notice
- info
- debug

Resolution

There are a few overlaps in the mapping - we map the 8 syslog events to 6 different audit style levels. The mapping is done based on the following table:
 
AG_LOG_EMERGENCY <-> SYSLOG_LOG_CRIT
AG_LOG_ALERT <-> SYSLOG_LOG_CRIT 
AG_LOG_CRITICAL <-> SYSLOG_LOG_CRIT
AG_LOG_ERROR <-> SYSLOG_LOG_ERR
AG_LOG_WARNING <-> SYSLOG_LOG_WARNING
AG_LOG_NOTICE <-> SYSLOG_LOG_NOTICE
AG_LOG_INFO <-> SYSLOG_LOG_INFO
AG_LOG_DEBUG <-> SYSLOG_LOG_DEBUG

For example, modifying the /etc/syslog.conf configuration to include

"local0.info   -/tmp/logtest.out"

and restarting syslog, we can see the following entry in the /tmp/logtest.out file
"Nov 14 23:19:04 agcluster : AM#504513000: AMDEVICEID#ag-769DF08E988EFAA: AMAUTHID#0: AMEVENTID#0: VccHealth::HealthGET".

When I set "local0.notice  -/tmp/logtest.out",  there is not corresponding message. This is because they map to two different severity levels.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.