Enable logging in secure proxy server

Article Id: 40651
Status: Published
Updated On: 02-01-2019 12:30
Legacy Id: TEC1805983
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

Introduction: 

After installing the SPS, several logs like "webagent.log", "server.log", "nohup.out", “proxyui.log" ,"affwebserv.log", "error.log" and "access.log" will be generated by default, but need information how to enable other logs.

Question: 

How do we enable the httpclient.log, mod_jk and FWS Trace logs in secure proxy server?

Environment:  

SPS versions: 12.5, 12.51, 12.52

Answer: 

Follow the below steps to enable the different logs in secure proxy server:

1. httpclient.log:

Go to the below path and make the default value NO to YES for the parameter httpclientlog in server.conf file.

# Enable disable HTTPClient logging with value "yes" or "no".

          # Recommended to enable the logging for only debug purposes. Not recommended for production environment.

          httpclientlog="no"  

Path for server.conf file  : <<SPS_Installation_Path>>\proxy-engine\conf\server.conf               

In <InstallRoot>/tomcat/properties/httpclientlogging.properties

Make sure the following two parameters are uncommented:

httpclient.wire.header.level=FINEST httpclient.wire.level=FINEST as they are commented out by default

After changing the value, save the file

Navigate to sps_home\proxy-engine\conf and open the SmSpsProxyEngine.properties file.

Add either of the following lines in the NETE_SPS_PROXYENGINE_CMD section before the classpath:

-Djava.util.logging.config.file=sps_home/Tomcat/properties/httpclientlogging.properties
OR
-Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger

Save the change.

Restart the proxy-Engine.     


2. mod_jk.log :

By default, mod_jk.log will be generated in the following log location <<SPS_Installation_Path>>\httpd\logs only if there are any error messages. For changing the logging level to DEBUG or INFO, change the following parameter in httpd.conf file in the path <<SPS_Installation_Path>>\httpd\conf.

# The JkLogLevel directive is used to describe what detail of logging

# should occur to the log file defined by JkLogFile.

# Parameter: log-level

# The log-level parameter describes what detail of logging should

# occur to the log file defined by JkLogFile. The possible log level

# values are:
#                  debug
#                  info
#                  error

JkLogLevel error

Note: Select the desired logging level as per the requirement for troubleshooting purpose.

 Also for JkRequestLogFormat for Detailed Tracing navigate to JkWorkersFile "/CA/secure-proxy/proxy-engine/conf/server.conf", for JkLogFile "logs/mod_jk.log" and for

JkLogLevel debug
JkRequestLogFormat "%w %V %T %m %H %p %U %s"

After changing the Value, save the file and then restart the secure-proxy.

3. FWStrace.log:

To enable the FWStrace.log file, browse the below path and edit the file LoggerConfig.properties

Path to enable the FWStrace.log :  <<SPS_Installation_Path>>Tomcat\webapps\affwebservices\WEB-INF\classes\LoggerConfig.properties

Modify TracingOn from N to Y, save the file and then restart the proxy-engine.



Environment:

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:

Resolution:

Please Update This Required Field