This Article describes the process of enabling Access Gateway Logs required for troubleshooting Access Gateway issues
12.x Windows , Solaris, and Linux--------------------------------Secure proxy logging components :SPS logs consist of the below?--> Apache : access_log ,error_log--> mod_jk : mod_jk.log--> tomcat(proxy-engine) : server.log ,nohup.out ,WebAgent.log ,WebAgentTrace.log, HttpClient logs--> Http Client/Java SSL Logging
#############
############# Apache : access_log ,error_log
#############
Apache logs are defined in the httpd.conf that can be found under (C:\Program Files (x86)\CA\secure-proxy\httpd\conf) as follows
* access_log
1) LogFormat "%h %l %u %t \"%r\" %>s %b" common
2) CustomLog logs/access_log common
* error_log
1) ErrorLog logs/error_log
2) LogLevel warn ("LogLevel debug" for detailed tracing)
to rotate Apache logs ,you can set the below
* access_log
CustomLog "I'C:\Program Files (x86)\CA\secure-proxy\httpd\bin\rotatelogs.exe' 'C:\Program Files (x86)\CA\secure-proxy\httpd\logs\access_log' 10M" common
* error_log
ErrorLog "I'C:\Program Files (x86)\CA\secure-proxy\httpd\bin\rotatelogs.exe' 'C:\Program Files (x86)\CA\secure-proxy\httpd\logs\error_log' 10M"
#############
############# mod_jk : mod_jk.log
#############
mod_jk logging settings are found in httpd.conf under C:\Program Files (x86)\CA\secure-proxy\httpd\conf) as follows
* Original:
1) JkWorkersFile "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/conf/server.conf"
2) JkLogFile "|'C:/Program Files (x86)/CA/secure-proxy/httpd/bin/rotatelogs.exe' 'C:/Program Files (x86)/CA/secure-proxy/httpd/logs/mod_jk.log' 10M"
3) JkLogLevel error
* for Detailed Tracing:
1) JkWorkersFile "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/conf/server.conf"
2) JkLogFile "|'C:/Program Files (x86)/CA/secure-proxy/httpd/bin/rotatelogs.exe' 'C:/Program Files (x86)/CA/secure-proxy/httpd/logs/mod_jk.log' 10M"
3) JkLogLevel debug
4) JkRequestLogFormat "%w %V %T %m %H %p %U %s"
#############
############# tomcat(proxy-engine) : server.log ,WebAgent.log ,WebAgentTrace.log
#############
NOTE --> For nohup logs, please refer to https://knowledge.broadcom.
*** server.log :
These logs are enabled by Default. Both files are found under "C:\Program Files (x86)\CA\secure-proxy\proxy-engine\logs"
To modify it ,you can follow the below steps
To configure manually, perform the following steps:
1. Navigate to the following location: sps_home/Tomcat/properties
2. Open the logger.properties file.
3. To log events on a console, navigate to the SvrConsoleAppender section and set the following parameter: log_message_display_format_on_console
Defines the display format of a log message on the console. You can define any log4j date pattern strings.
4. To log events in to a file, navigate to the SvrFileAppender section and set the following parameter: log_message_display_format_in_file
Defines display format of a log message in the file. You can define any log4j date pattern strings.
5. Configure the following fields to define the logging settings:
* log level
Defines the log level of a message. The following list displays the possible values in the increasing order of priority:
? OFF
? FATAL
? ERROR
? WARN
? INFO
? DEBUG
? ALL
If the value is set to OFF, logging is disabled. If the value is set to any other value, logging is enabled.
Example -->
log4j.rootCategory=DEBUG,SvrFileAppender --> Log level is set to Debug
log4j.rootCategory=OFF,SvrFileAppender --> Log is set to OFF
* output format
Defines how a log message is displayed. You can display a log message on a console, or store it in a file, or both.
For example, if the log level is INFO and you want to display a log message on a console and store it in a file, use the following command:
log4j.rootCategory=INFO,SvrConsoleAppender,SvrFileAppender
6. Perform one of the following steps:
? To define log rolling based on file size, perform the following steps:
logfile path --> Specifies the name and path of the log file.
Default Name: server.log
Default Path: install_dir_home/secure-proxy/proxy-engine/logs/
* true|false (log4j.appender.SvrFileAppender.Append=true)
Specifies how the system manages the log file. If this value is set to true, the system appends new log messages to the existing log file when it starts. If this value is set to false, the system rolls over the existing log file and creates a log file for new log messages when it starts.
* MaxFileSize
Specifies the maximum size of the log file after which the system must create a new log file.
* MaxBackupIndex
Specifies the maximum number of log files that the system creates. If the number of log files exceeds the maximum number that is specified, the system deletes the oldest log file and creates a new log file.
? To define log rolling based on file age, perform the following steps:
date_pattern
Specifies the date when the system must create a new log file. A new log file is created in the <logfile_name>.<date_format>.
For Example
log4j.appender.SvrFileAppender.DatePattern='.'yyyy-MM-dd
7. Save the changes.
*** WebAgent.log ,WebAgentTrace.log
Either edit the LocalConfig.conf file or the ACO for the agent SPS is running.
1) WebAgent.log
- LogAppend="NO"
- LogFile="YES"
- LogFileName="C:\Program Files (x86)\CA\secure-proxy\proxy-engine\logs\WebAgent.log"
- LogFileSize="100"
2) WebAgentTrace.log
- TraceAppend="NO"
- TraceConfigFile="C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SecureProxyTrace.conf"
- TraceFile="YES"
- TraceFileName="C:\Program Files (x86)\CA\secure-proxy\proxy-engine\logs\WebAgentTrace.log"
- LogFileSize="100"
#############
############# Http Client/Java SSL Logging
#############
*** HttpClient logs
This log will capture the requests sent from the proxy-engine to the backend Web/app server . This log can be found under "C:\Program Files (x86)\CA\secure-proxy\proxy-engine\logs"
To enable HttpClient log follow the below
1) in server.conf (under C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf) ,set httpclientlog="yes"
2) in "C:\Program Files (x86)\CA\secure-proxy\Tomcat\properties\httpclientlogging.properties" ,make surer the below are UNcommented
- httpclient.wire.header.level=FINEST
- httpclient.wire.level=FINEST
- they are commented out by default
*** Http Client/Java SSL Logging can be enabled by setting the below
1) Java has facility to log network SSL Connections
- "-Djavax.net.debug=all" that should be applied to the below as follows
a) Windows - C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\SmSpsProxyEngine.properties
b) Unix - proxy-engine/proxyserver.sh
#############
############# Federation Webservices Logs
#############
C:\CA\secure-proxy\Tomcat\webapps\affwebservices\WEB-INF\classes\LoggerConfig.properties
LoggerConfig.properties settings :
----------------------------------
#LoggingOn can be Y, N
LoggingOn=Y
// If LogFileName is set Log output will go to the file named
LogFileName=C:\\CA\\secure-proxy\\proxy-engine\\logs\\affwebserv.log
// TracingOn can be Y, N
TracingOn=N
// If TraceFileName is set Trace output will go to the file named
TraceFileName=C:\\CA\\secure-proxy\\proxy-engine\\logs\\FWSTrace.log
// TraceConfigFile should be set to the full path of the desired Trace.conf configuration file
TraceConfig=C:\\CA\\secure-proxy\\proxy-engine\\conf\\defaultagent\\FederationTrace.conf