Running ./rsaserv command displays errors on the log4j file for RSA Authentication Manager 8.x
4 months ago
Originally Published: 2015-04-13
Article Number
000060948
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Running the ./rsaserv status command from /opt/rsa/am/server throws a log4j error as follows: 
log4j:ERROR Could not read configuration file [test/resources/log4j.properties].
java.io.FileNotFoundException: test/resources/log4j.properties (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:120)
at java.io.FileInputStream.<init>(FileInputStream.java:79)
Cause
The log4j.properties could not read configuration file error happens when the log4j.properties file is missing from /opt/rsa/am/utils/etc/rsaserv.  

Every time that rsaserv is run, a new copy of  /opt/rsa/am/utils/etc/rsaserv/log4j.properties is created, and Customer Support has seen several occasions where an automated monitor was logging into SSH and running 
     /opt/rsa/am/server/rsaserv status all
with a frequency of every minute.  

The log4j logging system was not designed for this amount of activity, and eventually the logging breaks and this copy of log4j.properties, located in /opt/rsa/am/utils/etc/rsaserv/log4j.properties is not recreated.  When this happens RSA service status logs are no longer created.

You can tell this is happening because the timestamp on /opt/rsa/am/utils/etc/rsaserv/log4j.properties is updated every 1 minute.  To verify, you could add an entry in /etc/crontab to check the date on log4j and write it to a file.

SSH as rsaadmin
sudo su -
<same password as rsaadmin>
# <now you are root>

cp /etc/crontab /etc/crontab.orig
vi /etc/crontab
<press i for insert mode>
<type or past the following line into /etc/crontab >

* * * * * root ls -l /opt/rsa/am/utils/etc/rsaserv/log4j.properties >> /tmp/log4j.txt

<esc> to exit insert mode
:wq to save
or
:q! to quit without saving

cat /etc/crontab
log4j_crontab
Resolution

To resolve the error, copy the log4j.properties file from a replica server's /opt/rsa/am/utils/etc/rsaserv directory to the proper path on the primary.  If there is no replica in the deployment, contact RSA Customer Support for the file.

Workaround
Monitoring software should not run  an authenticated SSH session every minute to run any
     /opt/rsa/am/server/rsaserv status
command.
Frequency should be 5 minutes or more for all status commands.
Customer Support has seen this situation with products like WhatsUpGold, configured to run the ./rsaserv status command too frequently. 

Related Articles

Trending Articles

Don't see what you're looking for?