Symantec Access Management

  • 1.  server.log

    Posted Feb 07, 2017 12:20 PM

    Can we configure new log(server.log) file on sps service start up like we do for smps.log from management console.

    In server.conf file Logging section has the following format:

    # Logging for the server

    # 1 - FATAL

    # 2 - ERROR

    # 3 - INFO

    # 4 - DEBUG

    loglevel="3"

    logconsole="yes"

    logfile="yes"

    logappend="no"

    # Note: If logfilename is specified as a relative file,

    it # will be relative to proxy-engine/ logfilename="logs/server.log"

     

    Is there any option to set like generate new log file when the server OR sps service is restarted.

     

    Thanks!



  • 2.  Re: server.log

    Broadcom Employee
    Posted Feb 07, 2017 12:49 PM

    Hi Krishina,

     

    SPS and policy server are two separate code bases, thus logging by design are different.

    Currently smps.log customization is very limited.

    This will require feature enhancement in order to change it, you may file an idea from this community.

    SPS can do it much easier, because it is based on open source Tomcat.

     

    To generate new log file when the server OR SPS service is restarted. You will need 3rd party tool like cronolog or rotatelogs, this might be the limitation from Tomcat side.  Or you make your own script, stop the service, archive the file, then start the service.

     

    Hope this helps.

     

    Hongxu



  • 3.  Re: server.log
    Best Answer

    Broadcom Employee
    Posted Feb 08, 2017 12:22 AM

    Hi Krishina,

     

    For SPS logging of server.log, it is controlled with settings from the following file: 

     

         C:\Program Files\CA\secure-proxy\Tomcat\properties\logger.properties 

     

    It is a standard log4j setup : 

     

    #Common setting for SvrFileAppender
    log4j.appender.SvrFileAppender.layout=org.apache.log4j.PatternLayout
    log4j.appender.SvrFileAppender.layout.ConversionPattern=[%d{dd/MMM/yyyy:HH:mm:ss-SSS}] [%p] - %m%n
    log4j.appender.SvrFileAppender.File=${catalina.base}/../proxy-engine/logs/server.log
    log4j.appender.SvrFileAppender.Append=true

     

    #Type of log rolling used.
    log4j.appender.SvrFileAppender=org.apache.log4j.RollingFileAppender
    log4j.appender.SvrFileAppender.MaxFileSize=1MB
    log4j.appender.SvrFileAppender.MaxBackupIndex=10

     

    The log4j used is : log4j-1.2.17.jar and the default is : RollingFileAppender,: 

     

    http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/RollingFileAppender.html 

     

    You can change it, but for log4j 1.2 there isnt much (log4j 2x has rollover policy) - but there is a DailyRollingFileAppender, and it is possible to write your own or find some with a google search on the net. 

     

     

    Cheers - Mark



  • 4.  Re: server.log

    Broadcom Employee
    Posted Feb 08, 2017 06:01 PM

    Hi Krishina,

     

    Following up a little further, via this Stack Overflow question;

     

    java - Rolling logs by both size and time - Stack Overflow 

     

    I did think someone would have written some more complex rollinglogappenders, given how long log4j 1.2 was current.

     

    This looks very promising: 

    simonsite.org.uk - Log4J Appenders 

     

    The TimeAndSizeRollingAppender (apache license)  can be configured to roll on startup : 

    http://www.simonsite.org.uk/javadoc/timeandsize/uk/org/simonsite/log4j/appender/TimeAndSizeRollingAppender.html 

     

    As well as roll to date stamp and roll on file size, and even compress the log, which is all the options any reasonable administrator would want.

     

    I haven't personally tried it, but it looks fairly well established. 

     

    Cheers - Mark 

    Snr Principal Support Engineer

    CA Technologies | 380 St. Kilda Road Level 2 | Melbourne, VIC 3004



  • 5.  Re: server.log

    Posted Feb 16, 2017 11:55 AM

    Hi

    Updating log4j.appender.SvrFileAppender.Append from true to false in logger.properties  is generating  new server.log file on every proxy service restart.

     

     

    Thanks!