Enabling SSL/TLS transaction logging
search cancel

Enabling SSL/TLS transaction logging


Article ID: 42820


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


Several cluster-wide properties are required for enabling full SSL/TLS transaction logs. Set the following cluster-wide properties to the indicated values.

  1. io.debugSsl to true
  2. log.stdoutLevel to FINE
  3. log.levels to STDOUT.level=FINE



Component: APIGTW


SSL/TLS transaction logs are very verbose and can make interpreting normal message processing and auditing traffic difficult to read or find. In order to keep these items separate, a second log sink will be created specifically for the SSL/TLS transaction logs. To create this sink:

  1. Log into the Layer 7 Policy Manager as an administrative user.
  2. Open the Manage Log/Audit Sinks task.
  3. Create a new Log Sink.
  4. Provide a Name and Description.
  5. Enable the Log Sink.
  6. Set the Severity Threshold to ALL.
  7. Set the following filters:
    • Category=Gateway Log
    • Package=STDOUT

Once the new log sink is created, restart the Layer 7 Gateway service. The new log sink will be created in /opt/SecureSpan/Gateway/node/default/var/logs/ with the name specified in Step #4.