NetIQ Access Manager NIDP server enable jgroups debug logging

  • Document ID:7021445
  • Creation Date:17-Sep-2017
  • Modified Date:29-Nov-2019
    • Micro Focus Products:
      Access Manager (NAM)

Environment

  • NetIQ Access Manager 4.3.x
  • NetIQ Access Manager 4.4.x
  • NetIQ Access Manager 4.5.x

Situation

jgroups debugging has been required in order to narrow down a cluster node join problem with cluster nodes placed in different location having to pass several networks / active network devices

Resolution

  1. download "log4j-1.2.17.jar" from: "https://logging.apache.org/log4j/1.2/download.html"
  2. copy the “log4j-1.2.17.jar” into “/opt/novell/nam/idp/endorsed/”
  3. change the ownership “chown novlwww.novlwww /opt/novell/nam/idp/endorsed/log4j-1.2.17.jar”
  4. create a "/opt/novell/nids/lib/webapp/WEB-INF/classes/log4j.properties" file:
    # Set root logger priority to FATAL and its only appender to CONSOLE.
    log4j.rootLogger=INFO, LOGFILE

    # CONSOLE is set to be a ConsoleAppender using a PatternLayout.
    log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
    log4j.appender.CONSOLE.Threshold=DEBUG
    log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
    log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n

    log4j.logger.org.jgroups=trace,LOGFILE
    #log4j.logger.org.jgroups.blocks=trace,LOGFILE
    #log4j.logger.org.jgroups.protocols=trace,LOGFILE
    #log4j.logger.org.jgroups.protocols.pbcast=trace,LOGFILE
    #log4j.logger.org.jgroups.persistence=trace,LOGFILE
    #log4j.logger.org.jgroups.conf=DEBUG,LOGFILE
    #log4j.logger.org.jgroups.jmx=DEBUG,LOGFILE
    #log4j.logger.org.jgroups.jmx.protocols=DEBUG,LOGFILE
    #log4j.logger.org.jgroups.jmx.protocols.pbcast=DEBUG, LOGFILE
    #log4j.logger.org.jgroups.stack=DEBUG,LOGFILE
    #log4j.logger.org.jgroups.util=DEBUG,LOGFILE

    # LOGFILE is set to be a File appender using a PatternLayout.
    log4j.appender.LOGFILE=org.apache.log4j.RollingFileAppender
    log4j.appender.LOGFILE.MaxFileSize=10MB
    log4j.appender.LOGFILE.MaxBackupIndex=10
    log4j.appender.LOGFILE.File=/var/opt/novell/nam/logs/idp/tomcat/idp-log4j.log
    log4j.appender.LOGFILE.Append=true
    log4j.appender.LOGFILE.bufferedIO=true
    log4j.appender.LOGFILE.ImmediateFlush=false
    log4j.appender.LOGFILE.bufferedSize=16
    log4j.appender.LOGFILE.Threshold=TRACE
    log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
    log4j.appender.LOGFILE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

    The above file will grow up to 10MB before it rolls over and create 10 backup files. For performance reasons logging will be buffered with a bugger size of 16KB. For further inforamtion on log4j please visit: "https://logging.apache.org/log4j/1.2/manual.html"

  5. . change the ownership: “chown novlwww.novlwww /opt/novell/nids/lib/webapp/WEB-INF/classes/log4j.properties”

  6. restart your IDP server

Additional Information

  • jgroups will use multicast at address 224.0.0.75 in order to leave or join



  • Access Manager services (IDP and ESP) use Unicast messages to communicate with each other



  • If no NAT has been configured to be in the communication path the listening port will be per default 7801
  • Using a local Firewall on the host requires to make sure port 7801 and multicast is allowed. Example for multicast allow filter:

    • A INPUT -m pkttype --pkt-type multicast
    • A OUTPUT -m pkttype --pkt-type multicast
    • A FORWARD -m pkttype --pkt-type multicast

  • The Groupname of the cluster will be the cluster object name in the configstore

  • running the command on

    • IDP Server "/opt/novell/java/bin/java -cp /opt/novell/nids/lib/webapp/WEB-INF/lib/jgroups-all.jar org.jgroups.tests.Probe"

      Example:
      org.jgroups.testProbe" on a given NIDP server will list the cluster member / names
      #3 (669 bytes): x.x.x.105:7801 (cn=SCC8zuvta,cn=cluster,cn=nids,ou=accessManagerContainer,o=novellNIDPMessageBus)
      local_addr=147.2.92.105:7801
      group_name=cn=SCC8zuvta,cn=cluster,cn=nids,ou=accessManagerContainer,o=novellNIDPMessageBus
      Version=2.3 SP1, cvs="$Id: Version.java,v 1.35.2.1 2006/07/10 14:26:20 belaban Exp $"
      view: [x.x.x.100:7801|26] [x.x.x.100:7801, x.x.x.109:7801, x.x.x.105:7801]
      connections: connections (3):
      key: x.x.x.105:7801: <x.x.x.105:37279 --> x.x.x.105:7801> (49 secs old)
      key: x.x.x.109:7801: <x.x.x.105:47955 --> x.x.x.109:7801> (1 secs old)
      key: x.x.x.100:7801: <x.x.x.105:38135 --> x.x.x.100:7801> (1 secs old)

    • AG "/opt/novell/java/bin/java -jar /opt/novell/nesp/lib/webapp/WEB-INF/lib/jgroups-all.jar org.jgroups.tests.Probe"

  • The configuration for jgroups is stored in the configstore and will be initialized during the startup process. The NIDP / NESP web.xml file can be used to modify the jgroups configuration. For further details see the NAM documentation / Admin Guide

  • The oldest node in the cluster will act as jgroups coordinator responsible for communicating any config changes. For further details please visit the jgroups documentation at: "http://www.jgroups.org/manual-3.x/html/protlist.html"