Troubleshooting Logs
Tomcat Logs
CORE services run within the Tomcat framework.
We recommend examining its log file following the EKMEnterprise Key Management - previous name of the product. Service start or
restart.
- The current day Tomcat logs are stored in
catalina.out
file in the Log-data Folder. - The historic Tomcat logs are located in date-based files
catalina.<YYYY-MM-DD>.log
in this folder.
Make sure that the EKMEnterprise Key Management - previous name of the product. Service start didn't generate
WARNING
, ERROR
, or SEVERE
logs.
- Tomcat ERROR Example
- Tomcat SEVERE Example
The following error indicates that a Tomcat restart identified an
issue with one of the log-forwarding options specified in the log4j.xml
file:
ERROR Unable to write to stream TCP:192.168.0.242:514 for appender bsd ERROR TcpSocketManager (TCP:192.168.0.242:514) java.net.ConnectException: Connection refused.
Occasionally, Tomcat logs refer to an application logger for further details. For example, the following log recommends examining the appropriate container log file:
SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details are found in the appropriate container log file.
In this case, the appropriate container log file
is the ekm-trace.log
file that
identifies the error source:
2017-09-10 13:04:18,092 INFO KMIP Exception: Couldn't' parse server java.net.UnknownHostException: partner1
EKM Trace Logs
EKMEnterprise Key Management - previous name of the product. trace logs capture fault events. They are stored in the
ekm-trace.log
file located in the Log-data Folder. Trace files are archived there daily.
- Control
- Follow the instructions in Server Log to change the "TRACE" logger level to "info".
- Restart the EKM
Enterprise Key Management - previous name of the product. service. See EKM Service Management.
- Filters
- Open the
log4j.xml
for editing and find the following line: - Comment-out the Filters element.
- Restart the EKM
Enterprise Key Management - previous name of the product. service. See EKM Service Management.
By default, the level of the trace log details is set to "off". To enable the trace-log:
By default, IP addresses and URLs are filtered from the ekm-trace.log
. To allow this data in the ekm-trace.log
, perform the following steps:
<!-- The following filter sanitizes IP addresses, URLs. To receive this info, comment-out the Filters element-->.
External Keystore Trace Logs
External Keystore trace logs capture RESTRepresentational State Transfer (REST) - an architectural style that defines a set of constraints and properties based on HTTP. Web Services that conform to the REST architectural style, or RESTful web services, provide interoperability between computer systems on the Internet. API requests and responses between EP and the external keystore provider. They are stored in the
extks.log
file located in the Log-data Folder. Trace files are archived there daily.
- Control
- Follow the instructions in External Keystore Logs to change the "level" to "off".
- Restart the EKM
Enterprise Key Management - previous name of the product. service. See EKM Service Management.
By default, the level of the log detail is set to "Info". To disable the log:
DY Logs
Dyadic (DY) Logs collects procedure traces on the following:
- Devices that use the CORE client libraries.
- CORE server.
It is used by support@unboundsecurity.com for troubleshooting.
Each CORE service request is comprised of one or many requests. Each request generates its call trace that is stored in a separate binary file. See Dy Log Folder.
To enable or disable procedure call tracing, see Dy Log Control.
Important (CORE Server only)
1. To activate the change, restart the EKMEnterprise Key Management - previous name of the product. Service (see EKM Service Management).
2. If you cleared the Dy Log Folder from all files, you must restart the EKMEnterprise Key Management - previous name of the product. service to recreate the necessary infrastructure.
To open a DyDyadic - the original name of the company Log file, use the
dylogdump
tool.