000019698 - How to enable debug in Key Manager Server?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019698
Applies ToJakarta Tomcat 5.5
RSA Key Manager Server 2.0
Microsoft Windows Server 2003 R2
BEA WebLogic 9.0
IssueDebugging key manager server 2.0
How to enable Key Manager Server tracing?
How to enable debug in Key Manager Server?
CauseRSA Key Manager uses Log4J to generate log data. By default, no logs are generated. This can be configured using standard Log4J parameters.

Extensive Log4J documentation is available at http://logging.apache.org/log4j/docs/index.html. As an initial default configuration do the following:

Create a file called log4j.properties with the following content:

log4j.rootLogger=OFF, R



log4j.logger.rsa.pso.kms=ALL, R

log4j.logger.com.rsa.kms=ALL, R


# Log file name - Enter full path



# Keep 10 files max of 10MB each maximum




# Standard logging format, normally, this will be enough

log4j.appender.R.layout.ConversionPattern=[%d][%p] %m%n


# Show file and line number (extremely slow)

#log4j.appender.R.layout.ConversionPattern=[%d][%p] %m (%l)%n


# Show thread info, file and line number(extremely slow)

#log4j.appender.R.layout.ConversionPattern=[%d][%p][%t] %m (%l)%n

Note that in this example the log file is created in c:\, ensure that any file path used exists. If you are running KMS on Unix, change the path accordingly.

Under Tomcat:

  • Place log4j.properties in the <Tomcat install folder>/common/classes
  • If the Jakarta-Tomcat server is currently running then it must be stopped and restarted to pick up the change.

Under Weblogic:

If Key Manager Server is deployed in your own WebLogic domain, enable logging as follows (assume that Key Manager Server configuration files are located in the directory /opt/kms/conf/):

  • Copy log4j.properties to /opt/kms/conf/
  • Update your Weblogic startup script to export LOG4J_CONFIG_FILE so that WebLogic knows where to find the log4j configuration file.  For example, set the following in the environment:
           export LOG4J_CONFIG_FILE="/opt/kms/conf/log4j.properties"
    Or, add the following to JAVA_OPTIONS
  • If you use WebLogic Node Manager to start your WebLogic Server instance, modify the startup script before running startManagedWebLogic.sh.
  • If you use WebLogic Console to start your WebLogic Server instance, add the following under Domain -> Environment -> Servers -> <YourServer> -> Server Start -> Arguments:
NotesThe above logfile will only log RKM data.  It avoids logging sensitive information, such as passwords.  The key to this setting is the rootLogger=OFF line.  Changing this could result in passwords being logged in cleartext by the application server, and not by an RKM component.  Be very careful before changing the rootLogger setting.
Legacy Article IDa32096