Logging
The XML Interface accepts requests to log message to the CipherTrust Manager Logs.
RecordEventRequest
Submit a message to be recorded.
<RecordEventRequest>
<ID>...</ID>
<MessageSize>...</MessageSize>
<Message>...</Message>
</RecordEventRequest>
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
MessageSize | Contains the size of the data in the Message element. |
Message | Contains the text of the message to be recorded. |
Note
The CipherTrust Manager logs generated using the RecordEventRequest
can be accessed in the keysecure.system.log
file via ssh at the following location: /opt/keysecure/logs
.
You can also download the logs from UI.
The client needs to send the log message and message size.
RecordEventResponse
Server response to a RecordEventRequest.
<RecordEventResponse>
<ID>...</ID>
<Success>true</Success>
</RecordEventResponse>
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
Success | Indicates whether the operation was successful. true indicates success. false indicates failure. When the operation is unsuccessful, the response element contains the FatalError and ErrorString elements to illustrate why the failure occurred and help you troubleshoot. For a list of possible error IDs and strings, see Error Messages. |
Viewing and Setting Log Level
You can view or change the log level of NAE service using the "ksctl" CLI tool.
There are two subcommands in the logs command:
getlevel
: used for viewing the current log level of a servicesetlevel
: used for setting log level of a service
Using getlevel
To view the current log level for NAE service, use the following request in CLI:
Request
ksctl logs getlevel --service nae
Response
{
"level": "INF",
"service": "nae"
}
Using setlevel
Note
Debug-level logging can generate a significant amount of detailed information that can impact the application's performance. Therefore, it is recommended not to configure the log level to "debug" mode.
To set current log level to debug for NAE service, use the following request in CLI:
Request
ksctl logs setlevel --service nae --level debug
Response
{
"level": "DBG",
"service": "nae"
}
Supported levels are:
error
orERR
info
orINF
debug
orDBG
Note
To view the logs, go to
/opt/keysecure/logs
directory on appliance.To download the logs, use ksctl logs download command.
Only users with administrator privileges can change or set the log level.
Note
Any ssl
connection related error message can be filtered from the log file based on ERR
and tls
tags.