How to Trace Enterprise Server Administration Security Resources
No trace messages appear in the logs when an attempt is made to trace "Enterprise Server Administration" resources in an External Security Manager (ESM) definition.
Trace1=auth:*:Enterprise Server Administration:*:debug
Instead there will be an error message about this trace line:
1038 W ESM1: Invalid expression for trace rule Trace1
The problem is due to spaces in the resource name (a space is used as a delimiter)
To enable this trace it is necessary to use wildcards in the string:
Now trace messages related to Enterprise Server Administration resource will be seen in the relevant logs (e.g. the journal log):
16:53:38.278 MF.MFDS 32120973 1 "19600:15996:SA1039I ESM1: [Trace1] Auth SYSAD (Directory Discovery / Enterprise Server Administration): ACE for "#DSADMIN group"
16:53:38.289 MF.MFDS 32121003 1 "19600:15996:SA1039I ESM1: [Trace1] Auth SYSAD (User Administration / Enterprise Server Administration): Ranking ACE type for Al"