Secure Global Desktop Administration Guide > Arrays, servers and load balancing > Using log filters to troubleshoot problems with the Secure Global Desktop server

Using log filters to troubleshoot problems with the Secure Global Desktop server

When you first install Secure Global Desktop, the default log filters log all errors on the Secure Global Desktop server. If you want to obtain more detailed information, for example to troubleshoot a problem, you can set additional log filters. You set additional log filters by:

Each filter has the form:

component/sub-component/severity:destination.

The options for each part of the filter and how you view the log output are described below.

Note Log filters can create large amounts of data. It is good practice to set as specific a filter as possible and then remove the filter when you have finished with it.

Selecting a component and sub-component

Selecting a component and sub-component allows you to choose the area of information you want to log from the Secure Global Desktop server. The table below shows the available component/sub-component combinations and an explanation of the kind of information this will produce.

Component and

sub-component
Information provided
admin/authAuthentication of Secure Global Desktop Administrators and the UNIX root user.

Example use: to find out why an Administrator is unable to run Object Manager.
admin/guiUsing Array Manager and Object Manager.

Example use: to find out why you can not create an object in Object Manager.
admin/jndiThe Java Naming and Directory Interface™ (JNDI).

Example use: to find out why a naming error with an object in ENS has happened.
admin/miscMiscellaneous messages from using the administration tools.

Example use: to find out why default profile objects are not available.
admin/statusVerbose logging for the tarantella status command.

Example use: to find out why the tarantella status command is failing.
admin/webtopsessionRecords of webtop sessions.

Example use: to find out why a record of user's webtop session can not be found.
audit/glueAudit of changes made to the Secure Global Desktop server configuration or to your ENS configuration and who made the changes.

Example use: to find out who made changes to a person object.
audit/licenseLicense use across an array of Secure Global Desktop servers.

Example use: to find out why the use of licenses is not being recorded.
audit/sessionStarting and stopping webtop and emulator sessions.

Example use: to find out how long a user had an emulator session running.
cdm/auditAuthorization of Secure Global Desktop user for client drive mapping (CDM) purposes.

Example use: to find out whether a user's credentials are causing CDM to fail.
cdm/serverInformation about CDM services.

Example use: to find out whether a client connection error is causing CDM to fail.
common/configHow Secure Global Desktop server configuration is stored and copied across the array.

Example use: to find out why an array-wide configuration change is not being applied to a Secure Global Desktop server.
metrics/glueMemory and timings.

Example use: to find out how long it took to run a Secure Global Desktop command.
metrics/soapThe SOAP component of Tomcat's SOAP proxy.

Example use: to trace how long it took a SOAP request to finish.
server/billingSecure Global Desktop billing services.

Example use: to find out why billing data is being lost.
server/commonGeneral Secure Global Desktop information.

Example use: to troubleshoot DNS errors.
server/configChanges to Secure Global Desktop server configuration.

Example use: to log changes to Secure Global Desktop server configuration or to find out if the configuration has become corrupt.
server/cshThe Secure Global Desktop client session handler.

Example use: to find out why a user can not re-start an application session.
server/deviceserviceMapping of users to accessible device data.

Example use: to find out why a user can't access client drives.
server/diskdsInformation about the ENS database.

Example use: to get information about corrupt objects or inconsistencies in ENS.
server/glueThe Secure Global Desktop ASAD protocol used in requests from Secure Global Desktop clients to log in or launch applications or to communication between Secure Global Desktop servers.

Example use: to find out why a user can't launch an application.
server/installInstallation and upgrades.

Example use: to investigate problems with an installation.
server/kerberosWindows Kerberos authentication.

Example use: to find out why an Active Directory user can't log in.
server/launchLaunching or resuming applications.

Example use: to find out why a user can't launch an application.
server/ldapConnections to an LDAP server.

Example use: to find out why an LDAP user can't log in.
server/loadbalancingWebtop and emulator session load balancing.

Example use: to find out why a Secure Global Desktop host isn't being selected to host emulator sessions.
server/loggingLogging.

Example use: to find out why log messages are not being written to a file.
server/loginLog in to Secure Global Desktop.

Example use: to find out which login authority authenticated a user and the login profile used.
server/muppThe Secure Global Desktop MUPP protocol.

Example use: Only use this filter if Secure Global Desktop Support asks you to.
server/netletNetlet connections.

Example use: to find out why Netlet connections are failing.
server/printingSecure Global Desktop printing services.

Example use: to find out why print jobs are failing.
server/replicationCopying data between Secure Global Desktop servers in an array.

Example use: to find out why data hasn't been copied between array members.
server/securidConnections to SecurID ACE/Server®.

Example use: to find out why SecurID authentication is not working.
server/securitySecure SSL-based connections.

Example use: to find out why the SSL Daemon is not running.
server/serverThe Secure Global Desktop JServer component.

Example use: to troubleshoot Secure Global Desktop server failures, such as Java runtime exceptions which are not logged elsewhere.
server/servicesInternal Secure Global Desktop server services.

Example use: to find out why a service is failing.
server/sessionWebtop sessions.

Example use: to find out why a session failed to suspend.
server/soapSOAP bean interface

Example use: to diagnose problems with the SOAP beans.
server/soapcommandsSOAP requests.

Example use: to log the SOAP requests received.
server/tfnSecure Global Desktop Federated Naming (TFN) namespace.

Example use: to find out why Object Manager is running in read-only mode.
server/tier3loadbalancingApplication server load balancing.

Example use: to find out why a host is not being selected to launch an application.
server/tscalWindows Terminal Services Client Access Licenses (CALs) for non-Windows clients.

Example use: to find out why a non-Windows client doesn't have a CAL.
server/webtopWebtop content.

Example use: to find out why an application isn't appearing on a user's webtop.

Selecting the severity

You can select one of the following levels of severity for each log filter:

SeverityDescription
fatalerrorLogs information on fatal errors.

Fatal errors stop the Secure Global Desktop server from running. When you first install Secure Global Desktop, all fatal errors are logged by default.
errorLog information on any errors that occur.

When you first install Secure Global Desktop, all errors are logged by default.
warningerrorLog information on any warnings that occur, for example if system resources are running low.

When you first install Secure Global Desktop, all warnings are logged by default.
infoInformational logging.

Useful for problem solving and identifying bugs.
moreinfoVerbose informational logging.
auditinfoLogs selected events for auditing purposes, for example changes to Secure Global Desktop server configuration. For details see, Using log filters for auditing

The fatalerror severity produces the least amount of information and the moreinfo severity produces the most.

Selecting a severity level is not cumulative. For example, selecting info does not mean you also see warning, error or fatalerror log messages. To log more than one level of severity, use a wild card (see below).

Using wildcards

You can use a wildcard (*) to match multiple components, sub-components and severities. For example, to log all warning, error and fatal error messages for printing, you could use server/printing/*error.

Note If you use a wildcard on the command line, you must enclose the filter in quotes to stop your shell from expanding them.

Selecting a destination

When selecting a destination for the logs, you can specify that the output goes to:

Using log files

If you are outputting to a file, you can output to two types of file:

The file extension of the destination file controls the format of the file.

You can also create a separate log file for each process ID by including the %%PID%% placeholder in the file name.

The log files are output in the log directory specified on the General Properties pane for each array member. The directory is usually /opt/tarantella/var/log. You cannot change the location of the log files, but you can use a symlink to redirect the logs to a different location. Alternatively, you can use the syslog log handler described below.

Using log handlers

A log handler is a JavaBeans component used as the destination for the log messages. When specifying a log handler, you must use its Secure Global Desktop Federated Name (TFN). Secure Global Desktop provides two standard log handlers:

The ConsoleSink writes log messages in a easy to read format to standard error. This log handler is enabled by default and logs all errors. The TFN of this log handler is:

.../_beans/com.sco.tta.server.log.ConsoleSink

The SyslogSink writes log messages to the UNIX/Linux syslog facility. The TFN of this log handler is:

.../_beans/com.sco.tta.server.log.SyslogSink

Example log filters

Here are some examples of commonly used log filters:

Viewing log output

To view the log output, you can either:

If you use the tarantella query command, use:

Note You can only use these commands to view the log output until the logs are archived. You configure archiving when you install Secure Global Desktop but you can change the settings at any time by running the tarantella setup command.

Related topics