Gathering diagnostic information

Policy Agent writes logging information to a log file. The level of logged information is controlled by the LogLevel configuration statement and the -d startup option. This information (loglevel and debug level) can also be changed after startup using the MODIFY command as shown in the following example: 
MODIFY procname,LOGLEVEL,LEVEL=127
MODIFY procname,DEBUG,LEVEL=2
Error, console, warning, and event LogLevel messages are written by default. To gather more diagnostic information, you can specify a LogLevel value greater than the default or specify debug level 1. This debug level has the side effect of setting the maximum LogLevel value as well.

If you are using both a policy server and one or more policy clients, be sure to gather the log files from all affected Policy Agent applications.

Use the debug levels as follows:
Debug level 1
Use debug level 1 for most debugging, except Sysplex Distributor performance monitor. This debug value gives extra debugging messages and uses the maximum LogLevel for logging.
Debug level 2
Use debug level 2 to verify Policy Agent processing of LDAP objects, or if a problem is suspected in how LDAP objects are defined.
Debug level 4
Use debug level 4 for summary information concerning Sysplex Distributor performance monitor QoS fraction calculations.
Debug level 8
Use debug level 8 for detailed information concerning Sysplex Distributor performance monitor QoS fraction calculations, and additional Sysplex Distributor debugging.
Debug level 16
Use debug level 16 to assist with memory allocation and leak problems. This debug value causes memory allocation and free requests to be logged inline. This can be used in conjunction with the -m startup option and the MODIFY MEMTRC command to debug memory problems.
Debug level 32
Use debug level 32 for detailed information about all policies as they are installed in the TCP/IP stack.
Debug level 64
Use debug level 64 for detailed locking information within Policy Agent.
Debug level 128
Use debug level 128 for details about remote PAPI connections on the policy server, and about connections to the policy server on the policy client.
Debug level 256
Use debug level 256 for details about requests to discover TCP/IP profile information from import requestors.

Use the trace option -t to turn on LDAP client library debugging. Use the trace levels as follows:

Trace level 0
Use trace level 0 for no LDAP client library debugging. This is the default.
Trace level 1
Use trace level 1 to turn on LDAP client library debugging. Note that the destination of LDAP client debug messages is stderr. This is controlled by the LDAP client library, not Policy Agent. Using trace level 1 turns on the following LDAP DEBUG options:
  • LDAP_DEBUG_TRACE
  • LDAP_DEBUG_PACKETS
  • LDAP_DEBUG_ARGS
  • LDAP_DEBUG_CONNS
  • LDAP_DEBUG_BER
  • LDAP_DEBUG_FILTER
  • LDAP_DEBUG_MESSAGE
  • LDAP_DEBUG_STATS
  • LDAP_DEBUG_THREAD
  • LDAP_DEBUG_PARSE
  • LDAP_DEBUG_PERFORMANCE
  • LDAP_DEBUG_REFERRAL
  • LDAP_DEBUG_ERROR
Trace option disabled
If you start Policy Agent with the trace option disabled, the stderr output destination is closed.
Restriction: You cannot turn on the trace option later with the MODIFY command.

See z/OS Communications Server: IP Configuration Reference for details on how to use the LogLevel, debug level, and trace level.

Log output can be directed either to a set of log files or to the syslog daemon (syslogd). This can be accomplished with the -l startup option or the PAGENT_LOG_FILE environment variable. If output is directed to log files, the number and size of the files can be controlled using the PAGENT_LOG_FILE_CONTROL environment variable. This environment variable can be used to extend the size of the log information collected if necessary. For example, if a large LDAP configuration is used with debug level 2, the default log file size and number might not be sufficient to capture all of the information needed. In this case, use the environment variable to increase the number or size, or the number and size, of the log files. See z/OS Communications Server: IP Configuration Guide for more details on using LogLevel, the -d startup option, and the environment variables, as well as the location of the log file.

The following additional information might be useful in diagnosing Policy Agent problems:
  • Output from the pasearch command
  • Output from the NETSTAT IDS or netstat -k commands
  • Output from the NETSTAT SLAP or netstat -j commands
  • Output from the NETSTAT ALL or netstat -A commands for active connections mapped to policies
  • Output from the ipsec command for IPSec policies
  • Output from the NETSTAT TTLS or netstat -x command for AT-TLS policies
  • SNMP output from walks of the Network SLAPM2 subagent MIB tables
  • TCP/IP CTRACE output, using the POLICY, INTERNET and IOCTL CTRACE options
  • RSVP Agent log output if RSVP scoped policies are defined
Parent topic: Diagnosing Policy Agent problems