AGS proxy HTTP logs written to wrong location after applying NAM 3.1 SP5

  • 7011927
  • 13-Mar-2013
  • 13-Mar-2013

Environment

NetIQ Access Manager 3.1
NetIQ Access Manager 3.1 Support Pack 5 applied
NetIQ Access Manager 3.1 Access Gateway Service running on Linux

Situation

After upgrading the Access Gateway Service (AGS) from 3.1.4 to 3.1.5, the proxy HTTP logs are created in /var/log/novell-apache2/ instead of /var/log/novell/reverse/[proxyname]. Looking at the configuration files for the problem proxy services (/etc/opt/novell/apache2/conf/vhosts.d/), we could clearly see that the configuration was defined incorrectly with the wrong paths. For example, the following CustomLog entry shows the /var/log/novell-apache2/ path:

  LogFormat "%t - %h - %<u %A %v %m %U %U %q \"%r\" %>s %O %I %D \"%{user-agent}i\" \"%{IPCZQX0}C\" \"%{referer}i\" - %a \"%{BALANCER_WORKER_IP}e\" \"%{x-forward-for}i\" %s %I \"%{Content-Range}o\" \"%{ETag}o\" %X \"%{Cache-Control}o\" \"%{Range}o\" \"%{If-Range}o\" %B \"%{Pragma}i\" \"%{Pragma}o\"" srv2-srv2
  CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell-apache2/srv2-srv2.extended.log.%Y-%m-%d-%H_%M_%S\" 86400 540" srv2-srv2 env=srv2

The correct path should have been like the following entry with /var/log/novell/reverse/web01/web01-web01c ...

LogFormat "%t - %h - %<u %A %U %s %I \"%{Content-Range}o\" \"%{ETag}o\" %X \"%{Cache-Control}o\" \"%{Range}o\" \"%{If-Range}o\" %B \"%{Pragma}i\" \"%{Pragma}o\"" web01-web01c
  CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell/reverse/web01/web01-web01c.extended.log.%Y-%m-%d-%H_%M_%S\" 86400 540" web01-web01c env=web01c


Resolution

Manually verify that the valid path where the HTTP log entries should exist is actually there. It appears that if the Proxy cannot write the logs to /var/logs/novell/reverse it will instead write them to /var/logs/novell-apache2.
 
When we applied 3.1.5, it failed to write the logs if /var/logs/novell/reverse/[proxy] did not exist, so we had to create that folder manually.Make sure that the permissions for the directories are set to the following too:
 
    chmod 770 /var/log/novell
    chown novlwww:novlwww /var/log/novell
    chmod 755 /var/log/novell/reverse
    chown novlwww:novlwww /var/log/novell/reverse
    chmod 755 /var/log/novell/reverse/*
    chown novlwww:novlwww /var/log/novell/reverse/*
    /etc/init.d/novell-tomcat5 restart

Feedback service temporarily unavailable. For content questions or problems, please contact Support.