Symantec Access Management

  • Private Community

  • 1.  Using filtering in profiler

    Posted Apr 05, 2018 11:21 AM

    I'm looking for a straightforward explanation of what the filter tab does when configuring the profiler in smconsole.  What I'm trying to do is only log entries that contain data for 'domain, policy, rule, realm' fields.  I started with my smtracedefault.txt looking like this:

     

    components: Login_Logout/Authentication, IsAuthorized/Policy_Evaluation

    data: Date, Time, Domain, Realm, Policy, Rule

     

    When using a policy server in lab and the smtesttool, and hitting IsProtected, IsAuthenticated and IsAuthroized buttons, my profile log looked like this:

     

    [Date][Time][Domain][Realm][Policy][Rule]

    [====][====][======][=====][======][====]

    [04/03/2018][14:55:57][][][][]

    [04/03/2018][14:55:57][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:55:57][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:55:59][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][][][][]

    [04/03/2018][14:55:59][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][][loadtest policy][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][][][loadtest rule]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][][loadtest policy][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][][loadtest policy][loadtest rule]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:56:00][][][][]

    [04/03/2018][14:56:00][OFT ws04 Development Policy Domain][Loadtest][][]

     

    It was at this point that I thought I could use the filter config to not print any of the log lines where all 4 entries were empty.  There doesn't appear to be any way to do this.  I opened a case and was told by the engineer that he couldn't get it to do that either.  And I could not get a good explanation of what is the functionality of the filter piece of the profiler config?  Is there any?  Is it just useless code that has lived on and no one noticed it should be removed?

     

    Any insight would be appreciated.



  • 2.  Re: Using filtering in profiler

    Posted Apr 05, 2018 12:19 PM
    Not in front of computer so haven’t got a chance to test this. But I did get it working before if I am not mistaken.


    Have you looked at this :


    https://docops.ca.com/ca-single-sign-on/12-7/en/using/policy-server-management-console/policy-server-profiler-filters-dialog


    Policy Server Profiler Filters Dialog

    Last update June 27, 2016

    This screen lets you configure new or edit existing data filters for Profiler trace output.

    If you are filtering a complete message into the smtracedefault.log profiling file, you must enter the exact text of the message into the filtering field in the Edit Filter section. The text must also match the message's case exactly.

    For example, if you are filtering out the "Clearing the object cache" message, you must enter the exact message with the proper case. Entering "Clear" or "Clearing" does not work.

    • Left drop down list
      Specifies the data field to filter (for example, Resource, Domain, or AgentName).
    • Middle drop down list
      Specifies the filter operator:
      • Equal
      • Not Equal
    • Right drop down list
    • Defines the matching value for the filter.


    So in your case are you trying with the value as blank?

    Does it work if you add just one filter condition?




  • 3.  Re: Using filtering in profiler

    Posted Apr 05, 2018 12:54 PM

    Hi Ujwol.  Thanks for the update.  Here are 2 examples of what I tried and the results:

     

    With this first one - I am looking for an exact match and in that case, I then only saw blank lines (which made my head explode since I copied/pasted the line from the original output):

     

    components: Login_Logout/Authentication, IsAuthorized/Policy_Evaluation

    data: Date, Time, Domain, Realm, Policy, Rule

    version: 1.1

    Domain: =="OFT ws04 Development Policy Domain"

     

    [Date][Time][Domain][Realm][Policy][Rule]

    [====][====][======][=====][======][====]

    [04/03/2018][14:57:45][][][][]

    [04/03/2018][14:57:46][][][][]

    [04/03/2018][14:57:46][][][][]

    [04/03/2018][14:57:46][][][][]

     

     

    So then I reversed the check:

     

    components: Login_Logout/Authentication, IsAuthorized/Policy_Evaluation

    data: Date, Time, Domain, Realm, Policy, Rule

    version: 1.1

    Domain: !="OFT ws04 Development Policy Domain"

     

    [Date][Time][Domain][Realm][Policy][Rule]

    [====][====][======][=====][======][====]

    [04/03/2018][14:58:33][][][][]

    [04/03/2018][14:58:33][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:58:33][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:58:34][][][][]

    [04/03/2018][14:58:34][OFT ws04 Development Policy Domain][Loadtest][][]

    [04/03/2018][14:58:34][][][][]

    [04/03/2018][14:58:34][][][][]

     

    and are back at a mix of blank/non-blank entries.  Hence my confusion.

     

    Thanks

    Sam



  • 4.  Re: Using filtering in profiler

    Posted Apr 05, 2018 12:56 PM

    Looks like the feature is broken. Let me check this and get back to you.



  • 5.  Re: Using filtering in profiler
    Best Answer

    Posted Apr 06, 2018 01:57 AM

    Hi Sam,

     

    Ok. It seems that at present there is no way to filter out (not show) entry with the empty/null values.

    Everything else works with the filter.

     

    Here is what I tried .

     

    TEST - 1

     

    Profiler :

    components: IsProtected, Login_Logout/Authentication, IsAuthorized/Policy_Evaluation
    data: Date, Time, Domain, Realm, Policy, Rule, AgentName
    version: 1.1
    Domain: ==IIS_shruj01-i3842

     

    Log :

    As you can see below, it is displaying all the log which has either domain name ="IIS_shruj01-i3842" or empty.

    It is NOT displaying record with other domain names.

    [04/06/2018][05:49:45][][][][][agent-shruj01-i3842]
    [04/06/2018][05:49:45][IIS_shruj01-i3842][html][][][]
    [04/06/2018][05:49:45][IIS_shruj01-i3842][html][][][agent-shruj01-i3842]
    [04/06/2018][05:49:45][][][][][]

     

     

    TEST - 2

     

    Profiler :

     

    components: IsProtected, Login_Logout/Authentication, IsAuthorized/Policy_Evaluation
    data: Date, Time, Domain, Realm, Policy, Rule, AgentName
    version: 1.1
    Domain: ==shruj01-i2067-Apache

     

    Log : 

    As you can see below, it is displaying all the log which has either domain name ="shruj01-i2067-Apache" or empty.

    It is NOT displaying record with other domain names.

    [04/06/2018][05:51:17][][][][][]
    [04/06/2018][05:51:17][][][][][]
    [04/06/2018][05:51:17][][][][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][agent-shruj01-i2067]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][][GEtPost_All][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][][][GEtPost_ajax][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][][GEtPost_All][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][][GEtPost_All][GEtPost_ajax][]
    [04/06/2018][05:51:17][][][][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][agent-shruj01-i2067]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][]
    [04/06/2018][05:51:17][][][][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][]
    [04/06/2018][05:51:17][][][][][]
    [04/06/2018][05:51:17][shruj01-i2067-Apache][ajax][][][agent-shruj01-i2067]

     

    I would suggest to open it as defect. We should be able to fix with relatively small code change.