Skip past navigation linksSecure Global Desktop 4.31 Administration Guide > Arrays, servers and load balancing > Using log filters to troubleshoot problems with the Secure Global Desktop server

Using log filters to troubleshoot problems with the Secure Global Desktop server

When you first install Secure Global Desktop, the default log filters log all errors on the Secure Global Desktop server. If you want to obtain more detailed information, for example to troubleshoot a problem, you can set additional log filters. You set additional log filters by:

Each filter has the form:
component/sub-component/severity:destination.

The options for each part of the filter and how you view the log output are described below.

Note Log filters can create large amounts of data. It is good practice to set as specific a filter as possible and then remove the filter when you have finished with it.

Selecting a component and sub-component

Selecting a component and sub-component allows you to choose the area of information you want to log from the Secure Global Desktop server. The table below shows the available component/sub-component combinations and an explanation of the kind of information this will produce.

Component and
sub-component
Information provided
admin/auth Authentication of Secure Global Desktop Administrators and the UNIX root user.
Example use: to find out why an Administrator is unable to run Object Manager.
admin/gui Using Array Manager and Object Manager.
Example use: to find out why you can not create an object in Object Manager.
admin/jndi The Java Naming and Directory Interface (JNDI).
Example use: to find out why a naming error with an object in ENS has happened.
admin/misc Miscellaneous messages from using the administration tools.
Example use: to find out why default profile objects are not available.
admin/status Verbose logging for the tarantella status command.
Example use: to find out why the tarantella status command is failing.
admin/webtopsession Records of webtop sessions.
Example use: to find out why a record of user's webtop session can not be found.
audit/glue Audit of changes made to the Secure Global Desktop server configuration or to your ENS configuration and who made the changes.
Example use: to find out who made changes to a person object.
audit/license License use across an array of Secure Global Desktop servers.
Example use: to find out why the use of licenses is not being recorded.
audit/session Starting and stopping webtop and emulator sessions.
Example use: to find out how long a user had an emulator session running.
cdm/audit Authorization of Secure Global Desktop user for client drive mapping (CDM) purposes.
Example use: to find out whether a user's credentials are causing CDM to fail.
cdm/server Information about CDM services.
Example use: to find out whether a client connection error is causing CDM to fail.
common/config How Secure Global Desktop server configuration is stored and copied across the array.
Example use: to find out why an array-wide configuration change is not being applied to a Secure Global Desktop server.
metrics/glue Memory and timings.
Example use: to find out how long it took to run a Secure Global Desktop command.
metrics/soap The SOAP component of Tomcat's SOAP proxy.
Example use: to trace how long it took a SOAP request to finish.
server/billing Secure Global Desktop billing services.
Example use: to find out why billing data is being lost.
server/common General Secure Global Desktop information.
Example use: to troubleshoot DNS errors.
server/config Changes to Secure Global Desktop server configuration.
Example use: to log changes to Secure Global Desktop server configuration or to find out if the configuration has become corrupt.
server/csh The Secure Global Desktop client session handler.
Example use: to find out why a user can not re-start an application session.
server/deviceservice Mapping of users to accessible device data.
Example use: to find out why a user can not access client drives.
server/diskds Information about the ENS database.
Example use: to get information about corrupt objects or inconsistencies in ENS.
server/glue The Secure Global Desktop ASAD protocol used in requests from Secure Global Desktop clients to log in or launch applications or to communication between Secure Global Desktop servers.
Example use: to find out why a user can't launch an application.
server/install Installation and upgrades.
Example use: to investigate problems with an installation.
server/kerberos Windows Kerberos authentication.
Example use: to find out why an Active Directory user can't log in.
server/launch Launching or resuming applications.
Example use: to find out why a user can't launch an application.
server/ldap Connections to an LDAP server.
Example use: to find out why an LDAP user can't log in.
server/loadbalancing Webtop and emulator session load balancing.
Example use: to find out why a Secure Global Desktop host isn't being selected to host emulator sessions.
server/logging Logging.
Example use: to find out why log messages are not being written to a file.
server/login Log in to Secure Global Desktop.
Example use: to find out which login authority authenticated a user and the login profile used.
server/mupp The Secure Global Desktop MUPP protocol.
Example use: Only use this filter if Secure Global Desktop Support asks you to.
server/netlet Netlet connections.
Example use: to find out why Netlet connections are failing.
server/printing Secure Global Desktop printing services.
Example use: to find out why print jobs are failing.
server/replication Copying data between Secure Global Desktop servers in an array.
Example use: to find out why data hasn't been copied between array members.
server/securid Connections to SecurID ACE/Server®.
Example use: to find out why SecurID authentication is not working.
server/security Secure SSL-based connections.
Example use: to find out why the SSL Daemon is not running.
server/server The Secure Global Desktop JServer component.
Example use: to troubleshoot Secure Global Desktop server failures, such as Java runtime exceptions which are not logged elsewhere.
server/services Internal Secure Global Desktop server services.
Example use: to find out why a service is failing.
server/session Webtop sessions.
Example use: to find out why a session failed to suspend.
server/soap SOAP bean interface
Example use: to diagnose problems with the SOAP beans.
server/soapcommands SOAP requests.
Example use: to log the SOAP requests received.
server/tfn Secure Global Desktop Federated Naming (TFN) namespace.
Example use: to find out why Object Manager is running in read-only mode.
server/tier3loadbalancing Application server load balancing.
Example use: to find out why a host is not being selected to launch an application.
server/tokencache Authentication token cache.
Example use: to find out why an authentication token is not being created for a user.
server/tscal Windows Terminal Services Client Access Licenses (CALs) for non-Windows clients.
Example use: to find out why a non-Windows client doesn't have a CAL.
server/webtop Webtop content.
Example use: to find out why an application isn't appearing on a user's webtop.

Selecting the severity

You can select one of the following levels of severity for each log filter:

Severity Description
fatalerror Logs information on fatal errors.
Fatal errors stop the Secure Global Desktop server from running. When you first install Secure Global Desktop, all fatal errors are logged by default.
error Log information on any errors that occur.
When you first install Secure Global Desktop, all errors are logged by default.
warningerror Log information on any warnings that occur, for example if system resources are running low.
When you first install Secure Global Desktop, all warnings are logged by default.
info Informational logging.
Useful for problem solving and identifying bugs.
moreinfo Verbose informational logging.
auditinfo Logs selected events for auditing purposes, for example changes to Secure Global Desktop server configuration. For details see, Using log filters for auditing

The fatalerror severity produces the least amount of information and the moreinfo severity produces the most.

Selecting a severity level is not cumulative. For example, selecting info does not mean you also see warning, error or fatalerror log messages. To log more than one level of severity, use a wild card (see below).

Using wildcards

You can use a wildcard (*) to match multiple components, sub-components and severities. For example, to log all warning, error and fatal error messages for printing, you could use server/printing/*error.

Note If you use a wildcard on the command line, you must enclose the filter in quotes to stop your shell from expanding them.

Selecting a destination

When selecting a destination for the logs, you can specify that the output goes to:

Using log files

If you are outputting to a file, you can output to two types of file:

The file extension of the destination file controls the format of the file.

You can also create a separate log file for each process ID by including the %%PID%% placeholder in the file name.

The log files are output in the log directory specified on the General Properties pane for each array member. The directory is usually /opt/tarantella/var/log. You cannot change the location of the log files, but you can use a symlink to redirect the logs to a different location. Alternatively, you can use the syslog log handler described below.

Using log handlers

A log handler is a JavaBeans component used as the destination for the log messages. When specifying a log handler, you must use its Secure Global Desktop Federated Name (TFN). Secure Global Desktop provides two standard log handlers:

The ConsoleSink writes log messages in a easy to read format to standard error. This log handler is enabled by default and logs all errors. The TFN of this log handler is:
.../_beans/com.sco.tta.server.log.ConsoleSink

The SyslogSink writes log messages to the UNIX/Linux syslog facility. The TFN of this log handler is:
.../_beans/com.sco.tta.server.log.SyslogSink

Example log filters

Here are some examples of commonly used log filters:

Viewing log output

To view the log output, you can either:

If you use the tarantella query command, use:

Note You can only use these commands to view the log output until the logs are archived. You configure archiving when you install Secure Global Desktop but you can change the settings at any time by running the tarantella setup command.

Related topics