Logging and Debug Tracing for CXF based Web Services

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

Since 17.3 RU19, the new CXF based Web Services have been added for CA Service Desk Manager (SDM).

Is there a means to enable additional logging for CXF based web services?

Environment

CA Service Desk Manager 17.3 RU19 or higher

All Supported Operating Systems

Resolution

There are two methods that can be followed to enable additional logging of CXF based web services.

Method 1: Modify cxf-beans.xml

This approach will expose both inbound and outbound SOAP calls that are being made over CXF web services along with some supporting context for the calls being issued.

Caution: This method may result in large pdm_tomcat.log file output. It is strongly advised to utilise this method under Support supervision.

On the SDM server where CXF Web Services are deployed, backup, then open the following file for editing with a text editor, file cxf-beans.xml located in NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\cxf\WEB-INF\
Search for the tag "jaxws:features"

There will be the following content located:

        <jaxws:features>
            <!--bean class="org.apache.cxf.feature.LoggingFeature" /-->
        </jaxws:features>

Remove the above comment so the entry reads as:

        <jaxws:features>
            <bean class="org.apache.cxf.feature.LoggingFeature" />
        </jaxws:features>

Save the changes to the file
Recycle the main SDM Tomcat process or recycle the SDM services

Additional logging will be written to the pdm_tomcat.log under NX_ROOT/log

Method 2: Modify log4j2.xml

This approach will expose both inbound and outbound SOAP calls that are being made over CXF web services.

Backup, then edit the NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\cxf\WEB-INF\classes\log4j2.xml file. Locate and uncomment this section, around lines 31-35

        <Logger name="com.broadcom.casm.sdm.jws.handlers.SOAPMessageHandler" additivity="false" level="DEBUG">
            <AppenderRef ref="RollingFile" />
        </Logger>

Save, and recycle Tomcat or SDM Services

Log file of interest is the jsrvr.log, located under NX_ROOT/log

Additional Information

The above logging should only be activated for purposes of debug and tracing as this logging is highly resource intensive.

To enable logging for only incoming or outgoing SOAP calls, please review Monitor incoming or outgoing CXF SOAP payload in CA Service desk Manager. To avoid confusion, please use one or the other method of logging described, and not both.

While both of the above methods can be activated simultaneously, it is advised to utilise only one or the other approach listed in this article, depending on requirements.

Both methods also have the potential to expose sensitive content as SOAP messages are logged via this approach. To illustrate, the following is sample content from the pdm_tomcat.log and jsrvr.log collected while both had debug tracing activated and a web services call was made for login to Service Desk.

Sample pdm_tomcat.log:

Feb 18, 20XX 4:07:26 PM org.apache.cxf.services.USD_WebService.USD_WebServiceSoap.USD_WebServiceSoap
INFO: Inbound Message
----------------------------
ID: 1
Address: http://SDMSERVER:8080/cxf/services/USD_WebService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[344], content-type=[text/xml;charset=UTF-8], host=[SDMSERVER:8080], SOAPAction=["login"], user-agent=[Apache-HttpClient/4.5.5 (Java/17.0.12)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://www.ca.com/UnicenterServicePlus/ServiceDesk">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:login>
         <username>XXXXXXXX</username>
         <password>XXXXXXXX</password>
      </ser:login>
   </soapenv:Body>
</soapenv:Envelope>
--------------------------------------
Feb 18, 20XX 4:07:31 PM org.apache.cxf.services.USD_WebService.USD_WebServiceSoap.USD_WebServiceSoap
INFO: Outbound Message
---------------------------
ID: 1
Response-Code: 200
Encoding: UTF-8
Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:XXXX-XXXX-XXXX-XXXX-XXXX-XXXX"; start="<[email protected]>"; start-info="text/xml"
Headers: {}
Payload: 
--uuid:XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
Content-Transfer-Encoding: binary
Content-ID: <[email protected]>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:loginResponse xmlns:ns2="http://www.ca.com/UnicenterServicePlus/ServiceDesk"><loginReturn>XXXXXXXXXX</loginReturn></ns2:loginResponse></soap:Body></soap:Envelope>
--uuid:XXXX-XXXX-XXXX-XXXX-XXXX-XXXX--

Sample jsrvr.log:

02/18 16:07:27.242 [http-nio-8080-exec-1] DEBUG SOAPMessageHandler 101 Inbound message: 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://www.ca.com/UnicenterServicePlus/ServiceDesk">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:login>
         <username>XXXXXXXX</username>
         <password>XXXXXXXX</password>
      </ser:login>
   </soapenv:Body></soapenv:Envelope> 
....
02/18 16:07:31.376 [http-nio-8080-exec-1] INFO  usdsda 1124 Web Services session created XXXXXXXXXX; user(XXXXXXXX); IP(XXX.XXX.XXX.XXX); session count 1 

02/18 16:07:31.518 [http-nio-8080-exec-1] DEBUG SOAPMessageHandler 59 USDJWS - methodName=login - duration=4271(ms) 

02/18 16:07:31.518 [http-nio-8080-exec-1] DEBUG SOAPMessageHandler 99 Outbound message: 
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:loginResponse xmlns:ns2="http://www.ca.com/UnicenterServicePlus/ServiceDesk"><loginReturn>XXXXXXXXXX</loginReturn></ns2:loginResponse></soap:Body></soap:Envelope>