About logging - Blue Coat Cloud Data Protection Server Administration Guide

This chapter contains the following topics:

 About log files

 About the maximum log file size and number of backup files

 Specifying Management Console module logging settings

About log files

By default, the Blue Coat Cloud Data Protection Server generates log files for the Container, Cluster Manager, Communication Server, and Management Console. An administrator decides which

Management Console module log files to enable. The location of log files is specified during command line installation. The location can be modified from the properties files of each component. The following table shows the default locations for log files.

Application Log location

Blue Coat Cloud Data Protection Server log files /usr/local/perspecsys/container/logs Cluster Manager log files /usr/local/perspecsys/cluster-manager/logs

Communication Server /usr/local/perspecsys/mta/logs

Management Console /usr/local/perspecsys/management-console/logs

Management Console modules /usr/local/perspecsys/container/logs

The Blue Coat Cloud Data Protection Server creates the following log files:

 access.log. Contains all requests coming from gateway clients, for example, from a user's browser.

 app-protex-server.log: Contains all information related to the Blue Coat Cloud Data Protection Server.

 app-protex-server.err.log: Contains only ERROR and WARN messages for the Blue Coat Cloud Data Protection Server. ERROR and WARN messages are also logged in the app-protex-server.log file.

 console.out: Contains a capture of standard output of the application. Since this file is system generated, the location of this file is not configurable. console.out file is located at the installation root folder for the Container.

 isb.log: Contains ISB specific activities.

 isb.err.log: Contains ERROR and WARN messages for ISB specific activities.

About logging 53 The Cluster Manager creates the following log files:

 cluster-manager.log: Contains information about the Cluster Manager.

 cluster-manager.err.log: Contains only ERROR and WARN messages for the Cluster Manager.

ERROR and WARN messages are also logged in the cluster-manager.log file.

 isb.log: Contains ISB specific activities.

 isb.err.log: Contains ERROR and WARN messages for ISB specific activities.

The Communication Server creates the following log files:

 access.log. Contains all requests coming from gateway client, for example, from an email client.

 communication-server.log: Contains all information related to the Communication Server.

 communication-server.err.log: Contains only ERROR and WARN messages for the

Communication Server. ERROR and WARN messages are also logged in the communication-server.log file.

 isb.log. Contains ISB specific activities.

 isb.err.log. Contains ERROR and WARN messages for ISB specific activities.

An administrator can choose whether to generate logging for each Blue Coat Cloud Data Protection module using the Management Console. You can generate the following log files:

 business-objects.log: Contains information about the Business Objects module.

 crypto.log: Contains information about the Crypto module.

 detection.log: Contains information about the Detection module.

 isb.log: Contains logs of ISB specific activities.

 policy.log: Contains information about the Policy module.

 proxy.log: Contains information about the Proxy module.

 scheduler.log. Contains information about scheduled jobs.

 search.log: Contains information about the Search module.

 tokenization.log: Contains information about the Tokenization module.

About logging 54

 <adapter-name>-plugin.log: Contains information about running the corresponding adapter.

<adapter-name> refers to the name defined for the adapter.

 <container-name>-container.log: Contains information about the container. <container-name>

refers to the name defined for the container.

Each log file is accompanied by an error log file that contains ERROR and WARN messages for the module. For example, enabling the business-objects.log also enables the business-objects.err.log file.

About the maximum log file size and number of backup files

A new log file is generated when the file exceeds the default maximum size of 200 MB. A backup file is created by appending a date stamp and a numeric value to the original log file name. For example, when the cluster-manager.log exceeds 200 MB, the cluster-manager.2014-07-08.0.log file is created. The default number of backup files is 9. An administrator can configure the maximum log file size and number of backup log files for the modules in the Management Console.

About log cleansing

At all logs captured at levels below TRACE, protected assets are automatically masked in logs. Protected assets include any assets that are protected by a data protection policy.

Log masking may also be extended to mask patterns defined by administrators. To configure additional log masking, you must add log masking rules in the Management Console. If extending log masking rules, they should be configured for all modules where logging is enabled.

The following image shows sample log masking rules. Each rule is a regular expression that matches the patterns for data that you want to mask in the logs. To add additional rules, select Add.

About logging 55 In each masking rule, the pattern in parenthesis () represents a masking group. Data matching the masking group is masked in the logs.

In the above image, the first rule masks the file name in a log message.

The second rule masks all 16-digit patterns. For example, credit card numbers.

The last rule masks all US Zip codes and Canadian Postal codes.

For example, to mask the string in bold in the following log message:

https://na17.salesforce.com:443/_ui/common/search/client/ui/ajax/UnifiedSearc hAjaxServlet?_dc=1416862886958&searchCount=2&cmdType=cmp&cmp=summarySearchRes ult&cmp=sidetabAJAX& str=ves*&

Add the following masking rule to protect the string in bold:

.*UnifiedSearchAjaxServlet\?.+?(str=.+?)$

Specifying Management Console module logging settings

In Logging Configuration, you can specify whether to enable logging for a specific Management Console module. After enabling logging for a module, an administrator can define the following settings:

 Logging pattern. A string which specifies the format for logging events. By default, the pattern is

%d{HH:mm:ss.SSS} [%thread %-5level %logger{36}] - %msg%n , where:

o %d{HH:mm:ss.SSS} specifies the date format of the logging event, in hours, minutes, seconds, and time zone, for example, 14:06:49.812.

o %thread outputs the name of the thread that generated the logging event.

About logging 56 o %-5level specifies the number of characters to indent the logging event.

o %logger{36} outputs the logger name. The value in brackets specifies maximum number of characters for the name.

o %msg%n outputs the log content.

For more information on available conversion patterns, refer to the Logback documentation.

 Logging threshold: The logging level. The following levels can be specified, ordered from least logging to most logging:

o OFF. Turns off the logging. This setting is not recommended.

o ERROR. Logs information about exceptions that prevent processing from completing, for example, the Blue Coat Cloud Data Protection Server is unable to connect to xactly.com.

o WARN. Logs information about security exceptions, processing exceptions that do not cause errors, and other non-error conditions.

o INFO. Logs information related to measuring the time it takes the application to run processes, and other general information.

o DEBUG. Logs information related to general processing of the application.

o TRACE. The most detailed level of logging.

For more information on available logging levels, refer to the Logback documentation.

 Maximum log file size and number of backup files: The maximum file size for a logging file and the maximum number of backup log files which are stored. For more information, refer to About the maximum log file size and number of backup files.The following image shows the Logging Configuration section for a module in the Management Console.

 Log masking rules: Each rule is a regular expression that matches the patterns for data that you want to mask in the logs. In all logs captured at levels below TRACE, the protected assets are masked and are not logged in clear text. For more information on how to create masking rules,

About logging 57 read About log cleansing section in this document.

To specify logging settings

1. To enable logging for the module, in Logging and in Enable Logging, select the checkbox.

2. To change the logging level, in Logging Threshold, enter an appropriate logging level.

3. To change the maximum number of backup log files, in Max number of log file backups, provide a new value.

4. To specify the format for logging events, in Logging Pattern, provide variables to define the pattern.

5. To change the maximum log file size, in Max log file size, provide a new value in MB.

6. In Log files directory, specify the folder where the log file for the given module is stored. The following image shows that the module's log is stored in logs folder. If a logs folder does not exist, it is created at the the installation root folder of Container.

7. To add the log entries to console log, in Append to console, select the checkbox .

8. To create separate log file to store error log statements, in Extract error log statements into a separate log file, select the checkbox.

9. In Blocked Loggers, leave the value blank.

10. In Log masking rules, you can accept the default values. To add a new rule, add a regular expression that matches the patterns for data that you want to mask in the logs.

About logging 58

Updating log file locations from properties files

1. If you have performed a clean install of 4.2 release, you can change the location of log files at any time by updating the location in the following files:

clustermanager.properties container.properties mc.properties

To update the log file location, open the properties file and update the following parameter:

log.directory=logs

By default the log files are stored in logs folder at the installation folder.

2. If you have upgraded to 4.2 release, you can change the location of log files by updating the following files.

a. To update the log file location for the Cluster Manager, open

clustermanager.properties and update the following parameter:

log.directory=logs

b. To update the log file location for the Container, open isb.properties and update the following parameter:

log.directory=logs

c. To update the log file location for the Management Console, open isb.properties and update the following parameter:

log.directory=logs

By default the log files are stored in logs folder at the installation folder.

Updating logging parameters in properties files

You can update the logging parameters for Cluster Manager, Container, and Management Console. The logging parameters are available to be configured in:

 clustermanager.properties, container.properties, and mc.properties files for a clean install

About logging 59

 clustermanager.properties and isb.properties for Container and Management Console after an upgrade

You can update the following parameters in properties files:

log.extractErrors=true log.level=INFO

log.pattern=%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n log.toConsole=false

 If extractErrors is set to true, Blue Coat Cloud Data Protection Server creates a separate log file to store error log statements.

 level can be set to OFF, ERROR, WARN, INFO, DEBUG, or TRACE.

 pattern is a string which specifies the format for logging events.

 If toConsole is set to true, log entries are added to console.out file.

Glossary 60

In document Blue Coat Cloud Data Protection Server Administration Guide (Page 58-66)