How do you identify the internet protocol (ip) address of a problematic Business Glossary Anywhere (BGA) client that is generating excessive errors in the WebSphere logs?

Technote (FAQ)


Question

How do you identify the ip address of a problematic Business Glossary Anywhere (BGA) client that is generating excessive errors in the WebSphere logs?

Answer

You are able to identify the ip address of a problematic Business Glossary Anywhere (BGA) client from the RemoteAddr field log record in the WAS audit logs.

Please enable WAS audit logs by referring to this URL for more details:

http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.nd.doc%2Finfo%2Fae%2Fae%2Ftsec_sa_enable_secauditing.html

Here is the location of the audit log file - WAS_HOME/AppServer/profiles/InfoSphere/logs/server1 . To identify the problematic BGA client ip address you need to look for the following sequence of events in the audit log file based on the timestamp of errors in the SystemOut.log.

First, identify log messages in the SystemOut.log for errors related to BGA login failures. Based on the timestamp of those events check audit log file for events with the same timestamp. You should find events similar to the events below:

The following event is a login request made by Business Glossary. You can identify using ProgName = /j_acegi_security_check.do:


Seq = 132 | Event Type = SECURITY_RESOURCE_ACCESS | Outcome = SUCCESSFUL | OutcomeReason = SUCCESS | OutcomeReasonCode = 6 | SessionId = XpKwvYZaM8A_tD9nq9mGQ9l | RemoteHost = VEW03SEJ.ascential.com | RemoteAddr = 9.22.117.72 | RemotePort = 2244 | ProgName = /j_acegi_security_check.do | Action = resourceAccess | AppUserName = /UNAUTHENTICATED | ResourceName = POST | RegistryUserName = null | AccessDecision = accessSuccess | ResourceType = web | ResourceUniqueId = 0 | PermissionsChecked = null | PermissionsGranted = null | RolesChecked = everyoneAccess | RolesGranted = everyoneAccess | CreationTime = Wed Apr 24 17:42:00 EDT 2013 | GlobalInstanceId = 0 | LastEventTrailId = null | EventTrailId = null | FirstCaller = /UNAUTHENTICATED | CallerList = /UNAUTHENTICATED , /UNAUTHENTICATED | Domain = global | Realm = bluepages.ibm.com:389 | RegistryType = LDAP | Url = /j_acegi_security_check.do ...

If the login request fails it will redirect to login.jsp. Again you can identify using ProgName = /login.jsp:

Seq = 133 | Event Type = SECURITY_RESOURCE_ACCESS | Outcome = SUCCESSFUL | OutcomeReason = SUCCESS | OutcomeReasonCode = 6 | SessionId = XpKwvYZaM8A_tD9nq9mGQ9l | RemoteHost = VEW03SEJ.ascential.com | RemoteAddr = 9.22.117.72 | RemotePort = 2244 | ProgName = /login.jsp | Action = resourceAccess | AppUserName = /UNAUTHENTICATED | ResourceName = GET | RegistryUserName = null | AccessDecision = accessSuccess | ResourceType = web | ResourceUniqueId = 0 | PermissionsChecked = null | PermissionsGranted = null | RolesChecked = everyoneAccess | RolesGranted = everyoneAccess | CreationTime = Wed Apr 24 17:42:00 EDT 2013 | GlobalInstanceId = 0 | LastEventTrailId = null | EventTrailId = null | FirstCaller = /UNAUTHENTICATED | CallerList = /UNAUTHENTICATED , /UNAUTHENTICATED | Domain = global | Realm = bluepages.ibm.com:389 | RegistryType = LDAP | Url = /login.jsp ...

You can identify the ip address of the problematic BGA client from the RemoteAddr field log record in the audit logs. Please check the build number of the BGA client installed on that machine with the identified ip address. You can usually resolve an issue with BGA clients generating excessive errors in the WebSphere logs by upgrading the BGA client to the latest build.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

InfoSphere Business Glossary

Software version:

8.0, 8.1, 8.2.0, 8.5, 8.7, 9.1

Operating system(s):

AIX, HP-UX, Linux, Solaris

Reference #:

1636557

Modified date:

2013-05-07

Translate my page

Machine Translation

Content navigation