Hi Matt,
The directory /var/application.logs.local/rtprofile/ is the correct location for message.log, trace.log, and ffdc.
Note from a lab,
[isam@isvaruntimeone-labtest-isva1050 rtprofile]$ pwd
/var/application.logs.local/rtprofile
[isam@isvaruntimeone-labtest-isva1050 rtprofile]$ ls -l
total 132
drwxr-x--- 2 isam root 6 May 22 09:39 ffdc
-rw-r----- 1 isam root 62978 May 22 09:43 messages.log
-rw-r----- 1 isam root 66163 May 22 09:43 trace.log
The trace spec "com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils=FINER" is minimal but there should always be "*=info" tacked on.
"trace.specification = *=info:com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils=FINER"
There should always be some basic startup INFO.
Given the message I suggest enabling "com.tivoli.am.fim.trustserver.sts=ALL" so we can see what is going on.
Somebody is calling a Trust Chain,
"an exception while processing a request in validate mode"
------------------------------
Nick
IBM Security Verify Customer Support
------------------------------
Original Message:
Sent: Fri May 19, 2023 03:35 PM
From: Matt Jenkins
Subject: Tracing runtime on containers
Very strange, under my lab I do see trace files under /var/application.logs.local/rtprofile/ when I have com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils=FINER
. So I am guessing nothing is being logged to the trace log in the other environment I am working with the development team on. However, I don't understand why FBTSTM068W refers me there, unless I need to adjust the trace spec to catch whatever is being pushed to the trace log when this event occurs.
------------------------------
Matt Jenkins
Original Message:
Sent: Fri May 19, 2023 03:16 PM
From: Matt Jenkins
Subject: Tracing runtime on containers
I keep seeing this message in the runtime message logs (going to the container out in JSON format) that indicates to look elsewhere in the trace files:
message: FBTSTM068W The server encountered an exception while processing a request in validate mode. If the environment has trace enabled, the exception will appear in the trace log.
module: com.tivoli.am.fim.trustserver.sts.STSModuleChain
However, under /var/application.logs.local/rtprofile/ there are no trace files, just messages.log (and rolled messages) and the ffdc directory.
Where do the runtime trace logs go now (on lightweight containers, v10.0.5.0)? On a side note, we don't have a shared / persistent volume for logs. We ship all logs to container out. The traces I can understand if they are going to a log and not container log, but I am not seeing any trace file. The trace spec is configured to com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils=INFO
so I would expect we would be seeing a trace log somewhere.
Before the lightweight containers, the trace.log and rotated files were located in the rtprofile directory. I haven't had to troubleshoot anything for a while, but I have a development team that is having issues with refresh tokens returning a 500 error from the authorization server and I suspect the above message could be related. I did a find / -name trace.log
and I do not see them anywhere.
I feel like I am missing something simple but it has been a long week, and I'm hoping that's the case! Any help finding the trace output from the verify-access-runtime would be appreciated!
Thanks!
Matt
------------------------------
Matt Jenkins
------------------------------