Description:

As a security measure, you can configure CA Clarity PPM to prevent session ID values from appearing in your log files. To prevent these values from appearing, edit the logger.xml file. Replace the log pattern (%u:%s:%a) with the pattern (%U:%a).

Release: 451-101-14.1-Clarity-Creator User License
Component:

Solution:

The following examples show the results of using both log patterns in the logger.xml file.

Example: (%u:%s:%a)
This line of code shows how the pattern to display the session ID value appears in the logger.xml file.

<param name="ConversionPattern" value="%-5p %d{ISO8601} [%t] %c{2} (%u:%s:%a) %m\r\n"/>

This pattern produces records in a log file with the session ID value. The following record from the app-ca.log that shows the session ID value (bolded):

DEBUG 2014-08-18 19:52:02,949 [http-bio-80-exec-3] odf.view (clarity:admin:5077018__8DF3B2A0-F398-4A4B-BC35-E9A012065CE0:npt.overview) Adding view FILTER_VIEW_LOADER::USER:NIKU.ROOT to transient cache

Example: (%U:%a)
This line of code shows how the pattern to prevent the session ID value appears in the logger.xml file.

<param name="ConversionPattern" value="%-5p %d{ISO8601} [%t] %c{2} (%U:%a) %m\r\n"/>

This pattern produces a record in a log file without the session ID value. The following example is a record from the app-ca-service.log that shows no session ID value.

DEBUG 2014-08-18 19:52:02,494 [http-bio-80-exec-3] in.service (admin:npt.overview)

CA Clarity PPM supports additional logging patterns if the layout is set to NikuLayout in the logger.xml for an appender.

Note: For more information about log4j version 1.2 supported patterns, see the API documentation for Class PatternLayout at https://logging.apache.org.