Title	How to enable debug in Key Manager Server?

URL Name	a32096-How-to-enable-debug-in-Key-Manager-Server

Summary

Validation Status	Work in Progress

Age	6,407.07

Translate To

Applies To

Jakarta Tomcat 5.5
RSA Key Manager Server 2.0
Microsoft Windows Server 2003 R2
BEA WebLogic 9.0

Issue

Debugging key manager server 2.0
How to enable Key Manager Server tracing?
How to enable debug in Key Manager Server?

Cause

RSA Key Manager uses Log4J to generate log data. By default, no logs are generated. This can be configured using standard Log4J parameters.

Resolution

Extensive Log4J documentation is available at http://logging.apache.org/log4j/docs/index.html. As an initial default configuration do the following:

Create a file called log4j.properties with the following content:

log4j.rootLogger=OFF, R

log4j.appender.R=org.apache.log4j.RollingFileAppender

log4j.appender.R.layout=org.apache.log4j.PatternLayout

log4j.logger.rsa.pso.kms=ALL, R

log4j.logger.com.rsa.kms=ALL, R

# Log file name - Enter full path

log4j.appender.R.File=c:\\kms.log

# Keep 10 files max of 10MB each maximum

log4j.appender.R.MaxFileSize=10MB

log4j.appender.R.MaxBackupIndex=10

# Standard logging format, normally, this will be enough

log4j.appender.R.layout.ConversionPattern=[%d][%p] %m%n

# Show file and line number (extremely slow)

#log4j.appender.R.layout.ConversionPattern=[%d][%p] %m (%l)%n

# Show thread info, file and line number(extremely slow)

#log4j.appender.R.layout.ConversionPattern=[%d][%p][%t] %m (%l)%n

Note that in this example the log file is created in c:\, ensure that any file path used exists. If you are running KMS on Unix, change the path accordingly.

Under Tomcat:

Place log4j.properties in the <Tomcat install folder>/common/classes
If the Jakarta-Tomcat server is currently running then it must be stopped and restarted to pick up the change.

Under Weblogic:

If Key Manager Server is deployed in your own WebLogic domain, enable logging as follows (assume that Key Manager Server configuration files are located in the directory /opt/kms/conf/):

Copy log4j.properties to /opt/kms/conf/
Update your Weblogic startup script to export LOG4J_CONFIG_FILE so that WebLogic knows where to find the log4j configuration file. For example, set the following in the environment:
export LOG4J_CONFIG_FILE="/opt/kms/conf/log4j.properties"
Or, add the following to JAVA_OPTIONS
JAVA_OPTIONS="-Dlog4j.configuration=file:/opt/kms/conf/log4j.properties"
If you use WebLogic Node Manager to start your WebLogic Server instance, modify the startup script before running startManagedWebLogic.sh.
If you use WebLogic Console to start your WebLogic Server instance, add the following under Domain -> Environment -> Servers -> <YourServer> -> Server Start -> Arguments:
-Dlog4j.configuration=file:/opt/kms/conf/log4j.properties

Workaround

Notes

The above logfile will only log RKM data. It avoids logging sensitive information, such as passwords. The key to this setting is the rootLogger=OFF line. Changing this could result in passwords being logged in cleartext by the application server, and not by an RKM component. Be very careful before changing the rootLogger setting.

Legacy Article ID 000019698

Audience	External

Article Source	Conversion

Original Article Author	mbond

Original Created Date	10/9/2006 11:30 PM

Owner	Admin6 Integration (R3 Propel)

Assigned To

Assigned By

Assignment Note

Assignment Due Date

Publication Status	Published

Article Type	Knowledge

Article Number	000054816

Created By	Admin6 Integration (R3 Propel)

Last Modified By	Katrina Nash

Language	English