Troubleshooting Logs

Tomcat Logs

CORE services run within the Tomcat framework. We recommend examining its log file following the EKMEnterprise Key Management - previous name of the product. Service start or restart.

The current day Tomcat logs are stored in catalina.out file in the Log-data Folder.
The historic Tomcat logs are located in date-based files catalina.<YYYY-MM-DD>.log in this folder.

Make sure that the EKMEnterprise Key Management - previous name of the product. Service start didn't generate WARNING, ERROR, or SEVERE logs.

Tomcat ERROR Example

The following error indicates that a Tomcat restart identified an issue with one of the log-forwarding options specified in the log4j.xml file:

ERROR Unable to write to stream TCP:192.168.0.242:514 for appender bsd ERROR TcpSocketManager (TCP:192.168.0.242:514) java.net.ConnectException: Connection refused.

Tomcat SEVERE Example

Occasionally, Tomcat logs refer to an application logger for further details. For example, the following log recommends examining the appropriate container log file:

SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details are found in the appropriate container log file.

In this case, the appropriate container log file is the ekm-trace.log file that identifies the error source:

2017-09-10 13:04:18,092 INFO KMIP Exception: Couldn't' parse server java.net.UnknownHostException: partner1

EKM Trace Logs

EKMEnterprise Key Management - previous name of the product. trace logs capture fault events. They are stored in the ekm-trace.log file located in the Log-data Folder. Trace files are archived there daily.

Control

By default, the level of the trace log details is set to "off". To enable the trace-log:

Follow the instructions in Server Log to change the "TRACE" logger level to "info".
Restart the EKMEnterprise Key Management - previous name of the product. service. Refer to EKM Service Management.

Filters

By default, IP addresses and URLs are filtered from the ekm-trace.log. To allow this data in the ekm-trace.log, perform the following steps:

Open the log4j.xml for editing and find the following line:

.

Comment-out the Filters element.
Restart the EKMEnterprise Key Management - previous name of the product. service. Refer to EKM Service Management.

External Keystore Trace Logs

External Keystore trace logs capture RESTRepresentational State Transfer (REST) - an architectural style that defines a set of constraints and properties based on HTTP. Web Services that conform to the REST architectural style, or RESTful web services, provide interoperability between computer systems on the Internet. API requests and responses between EP and the external keystore provider. They are stored in the extks.log file located in the Log-data Folder. Trace files are archived there daily.

Control

By default, the level of the log detail is set to "Info". To disable the log:

Follow the instructions in External Keystore Logs to change the "level" to "off".
Restart the EKMEnterprise Key Management - previous name of the product. service. Refer to EKM Service Management.

DY Logs

Dyadic (DY) Logs collects procedure traces on the following:

Devices that use the CORE client libraries.
CORE server.

It is used by support@unboundsecurity.com for troubleshooting.

Each CORE service request is comprised of one or many requests. Each request generates its call trace that is stored in a separate binary file. Refer to Dy Log Folder.

To enable or disable procedure call tracing, refer to Dy Log Control.

Important (CORE Server only)
1. To activate the change, restart the EKMEnterprise Key Management - previous name of the product. Service (refer to EKM Service Management).
2. If you cleared the Dy Log Folder from all files, you must restart the EKMEnterprise Key Management - previous name of the product. service to recreate the necessary infrastructure.

To open a DyDyadic - the original name of the company Log file, use the dylogdump tool.