beautypg.com

Using decision manager tracing – HP Identity Driven Manager Software Series User Manual

Page 213

background image

5-11

Troubleshooting IDM

Using Decision Manager Tracing

Using Decision Manager Tracing

IDM provides a tracing tool (DMConfig.prp) and log file (DM-IDMDM.log) to assist
with troubleshooting IDM problems that may occur. These files are included on the
IDM Agent when it is installed on the RADIUS server. Note: that the Decision
Manager (DM) is an internal component of the IDM Agent.

The default configuration has the tracing options turned off because of the perfor-
mance degradation when tracing is used.

To turn on tracing, edit the DMConfig.prp file on the RADIUS server. The default
directory location is \Program Files\Hewlett-Packard\PNM\agent\logs.

N o t e :

You must restart the NPS/IAS server as well and the IDM agent for changes in the
DMConfig.prp

file to take effect.

Available logging options in DMConfig.prp are:

Log_dm_cache = true/false: True will log IDM configuration deployment events,
including the configuration file data content. The default setting is false, IDM
configuration deployment logging is turned off.

Log_radius_requests = true/false: True will log RADIUS requests and the IDM
agent response to RADIUS. If the request is accepted then it also logs the access
policy group, policy rule and access profile that is sent to RADIUS.
The default setting is false, RADIUS requests are not logged.

Log_radius_acc_events = true/false: True will log session accounting events, such
as session start and stop. The default setting is false, session events are not logged.

When logging is turned on, data is sent to the DM-IDMDM.log file. The default
directory location is \Program Files\Hewlett-Packard\PCM\agent\logs.

Use this file for tracing purposes, to capture the following information:

What RADIUS requests are received and the IDM agent response to the
request, including the time (in milliseconds) it took the IDM agent to serve
the RADIUS request.

A list of accounting events (like session start/stop) being sent by RADIUS
to the IDM agent, and whether or not the IDM agent could post them
properly to the IDM server.