000016097 - Access Manager Adaptive Authentication log file $AxMHOME/bin/logs/aa-onpremise-adapter.log grows excessively

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016097
Applies ToRSA Access Manager 6.1 SP3
IssueAccess Manager Adaptive Authentication log file $AxMHome/bin/logs/aa-onpremise-adapter.log grows excessively
The logs in directory in $AxMHOME/bin/logs/ such as  aa-onpremise-adapter.log grow in size even if Adaptive Authentication is not configured.  The log files contain a copy of every Access Manager log event normally sent to the lserver or server log files.
2010-12-17 11:03:43,776 [QueueDispatcher] INFO  sirrus.logging.Log4JWriter (Log4JWriter.java:334) - sequence_number=8,2010-12-17 11:03:43:776 PST,messageID=108,event_type=Connection error,event_details=Unable to connect to the Instrumentation Server.
CauseRSA Access Manager SP3 Adaptive Authentication log4j settings inadvertently affect Access Manager logging as well as those for Adaptive Authentication.  The default log4j settings echo all INFO level log events to the log file in /bin/logs/.  The log4j settings in SP3 are hard coded in the aa-onpremise-adapter-6021-6.1.3.jar file.  This file is signed and cannot be modified or edited by the user.
ResolutionThis issue is resolved in hotfix for RSA Access Manger 6.1   Contact RSA Support and request this hotfix.  This file contains a new adaptive auth jar file called aa-onpremise-adapter-6021-  This version of the jar file does not set any log4j logging settings and will not create logs in /bin/logs directory.   Note that updating to the latest axm-core.jar file will not resolves this issue.  Customers must update to a hotifx that contains a new version of the aa-onpremise-adapter-6021- file.   
This hotfix also contains a new jar file called aa-onpremise-logging- file. This jar file contains a log4j.properties file that may be edited to enable provide additional Adaptive Authentication logging if desired. This jar file should only be copied over to the Access Manger lib directory if debug level adaptive authentication logging is desired.  
Ensure when archiving or backing up java jar files that they are archived outside of the lib directory and outside of the Java path.  Renaming a jar file, for example to aa-onpremise-logging- is not sufficient. 

Note for additional information on how to configure Adaptive Authentication logging see PRIMUS solution a50635
WorkaroundApplied SP3 for Access Manager 6.1 (Version 6.1.SP3 (Build ID: 20101206035808-0500-1188443))
Applied aa-onpremise-adapter-6021-6.1.3.jar file.
Legacy Article IDa53622