search cancel

Enable logging in secure proxy server


Article ID: 40651


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



After installing the SPS, several logs like "webagent.log", "server.log", "nohup.out", “proxyui.log" ,"affwebserv.log", "error.log" and "access.log" will be generated by default, but need information how to enable other logs.


How do we enable the httpclient.log, mod_jk and FWS Trace logs in secure proxy server?


SPS versions: 12.5, 12.51, 12.52


Follow the below steps to enable the different logs in secure proxy server:

1. httpclient.log:

Go to the below path and make the default value NO to YES for the parameter httpclientlog in server.conf file.

# Enable disable HTTPClient logging with value "yes" or "no".

          # Recommended to enable the logging for only debug purposes. Not recommended for production environment.


Path for server.conf file  : <<SPS_Installation_Path>>\proxy-engine\conf\server.conf               

In <InstallRoot>/tomcat/properties/

Make sure the following two parameters are uncommented:

httpclient.wire.header.level=FINEST httpclient.wire.level=FINEST as they are commented out by default

After changing the value, save the file

Navigate to sps_home\proxy-engine\conf and open the file.

Add either of the following lines in the NETE_SPS_PROXYENGINE_CMD section before the classpath:


Save the change.

Restart the proxy-Engine.     

2. mod_jk.log :

By default, mod_jk.log will be generated in the following log location <<SPS_Installation_Path>>\httpd\logs only if there are any error messages. For changing the logging level to DEBUG or INFO, change the following parameter in httpd.conf file in the path <<SPS_Installation_Path>>\httpd\conf.

# The JkLogLevel directive is used to describe what detail of logging

# should occur to the log file defined by JkLogFile.

# Parameter: log-level

# The log-level parameter describes what detail of logging should

# occur to the log file defined by JkLogFile. The possible log level

# values are:
#                  debug
#                  info
#                  error

JkLogLevel error

Note: Select the desired logging level as per the requirement for troubleshooting purpose.

 Also for JkRequestLogFormat for Detailed Tracing navigate to JkWorkersFile "/CA/secure-proxy/proxy-engine/conf/server.conf", for JkLogFile "logs/mod_jk.log" and for

JkLogLevel debug
JkRequestLogFormat "%w %V %T %m %H %p %U %s"

After changing the Value, save the file and then restart the secure-proxy.

3. FWStrace.log:

To enable the FWStrace.log file, browse the below path and edit the file

Path to enable the FWStrace.log :  <<SPS_Installation_Path>>Tomcat\webapps\affwebservices\WEB-INF\classes\

Modify TracingOn from N to Y, save the file and then restart the proxy-engine.


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus


Please Update This Required Field