IBM Support

GSKit Tracing for ISAM Appliance

Troubleshooting


Problem

How to enable and collect GSKit trace for IBM Security Access Manager (ISAM) appliance

Environment

ISAM versions 8 and 9

Resolving The Problem

Please follow one of the three sections for the component you need to trace.  Policy Server, WebSEAL, or Authorization Server.

For Policy Server (9010+)

1) In ISAM LMI go to Secure Web Settings -> Runtime Component -> Manage -> Configuration Files -> ivmgrd.conf

 2) Add the following lines at bottom of the file or go to the stanza [system-environment-variables] and insert

[system-environment-variables]
GSK_TRACE_FILE = ../log/gskit.trc
GSKTRACE_NOBUFFERING = YES
GSK_TRACE_FILE_SIZE = 30000000
GSK_TRACE_FILE_NUMBER = 10

3) Save->Deploy->Restart runtime

4) Recreate issue

5) Edit conf file and remove the GSK* settings. (Save -> Deploy -> Restart instance)

6) The log can be deleted at Monitor Analysis and Diagnostics -> Application Log Files -> isam_runtime -> policy_server but cannot be download. Create and submit support file (instructions: http://www.ibm.com/support/docview.wss?uid=swg21663426)

 

 

 

For WebSEAL

1) In ISAM LMI go to Secure Web Settings -> Manage -> Reverse Proxy -> Manage -> Configuration -> Edit Configuration File

2) Add the following lines (Do not alter other settings in place):

[system-environment-variables]
GSK_TRACE_FILE = gskit.trc
GSKTRACE_NOBUFFERING = YES
GSK_TRACE_FILE_SIZE = 30000000
GSK_TRACE_FILE_NUMBER = 10

3) Save -> Deploy -> Restart instance

4) Verify file creation (Select Reverse Proxy instance, go to Manage -> Management Root -> junction-root)

5) Should see a file named "gskit.trc"

6) Recreate the problem.

7) Edit conf file and remove/comment out the GSK* settings. (Save -> Deploy -> Restart instance)

8) Select the instance, go to Manage -> Management Root -> junction-root
Export the gskit.trc file.
Delete the gskit.trc file.
You will be asked to deploy a change. Restart the instance.

9) The gskit.trc file is a binary file and must be uploaded as such when using FTP.
 

 

For Authorization Server (9010+)

1) In ISAM LMI go to Secure Web Settings -> Authorization Server-> Manage -> Configuration-> Edit Configuration File

 2) Add the following lines at bottom of the file or go to the stanza [system-environment-variables] and insert

[system-environment-variables]
GSK_TRACE_FILE = ../aznsrv/<name of ivalcd instance>/log/gskit.trc
GSKTRACE_NOBUFFERING = YES
GSK_TRACE_FILE_SIZE = 30000000
GSK_TRACE_FILE_NUMBER = 10

3) Save/Deploy changes

4) Verify file creation (Select Auth Server instance, go to Manage -> logging)

5) Should see a file named "gskit.trc"

6) Recreate issue

7) Edit conf file and remove the GSK* settings. (Save -> Deploy -> Restart instance)

8) The log can be cleared at Secure Web Settings -> Authorization Server -> manage -> logging but cannot be download. Create and submit support file (instructions: http://www.ibm.com/support/docview.wss?uid=swg21663426)

 

[{"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"8.0.0;9.0.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
31 July 2018

UID

swg21997169

Page Feedback