Activating Logging

Logging is activated by setting up redirection of SafeNet ProtectToolkit-C host library calls sent from the application so that they are instead delivered to the logger. This procedure differs between Windows and UNIX systems. To activate logging, consult the section below applicable to your operating system.

Windows Systems

To activate logging on a Windows-based system, SafeNet ProtectToolkit-C host library calls are redirected to the logger by replacing the path to the SafeNet ProtectToolkit-C host library (Cryptoki provider) that was added to the Path environment variable during installation, with the path to the logger. The SafeNet ProtectToolkit-C host library and the logger are both named cryptoki.dll so the application does not detect any difference and is unaffected by this change.

The path to the logger that must replace the host library path is:

<installation directory>\bin\logger

For example, if the installation path is:

C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\hsm

Replace it with:

C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\logger

To access the Path environment variable for editing, follow standard procedure for your system. Typically, the following steps are followed:

1.Right click My Computer on the desktop and select Properties.

2.In the System Properties dialog box, select the Advanced tab and click the Environment Variables button. 

3.In the Environment Variables dialog box, locate and select the Path variable under System Variables and select the Edit button. 

4.In the Edit System Variable dialog box, make the change to the Variable Value as outlined above and click the OK button. Close all other dialog boxes to complete the operation.

UNIX Systems

To activate logging on a UNIX based system, SafeNet ProtectToolkit-C host library calls are redirected to the logger by:

1.Reassigning the libcryptoki.so (libcryptoki.sl for HP-UX on PA-RISC, libcryptoki.a for AIX) symbolic link from the SafeNet ProtectToolkit-C host library (Cryptoki provider) that was set up during installation to the logger shared library liblogger.so (liblogger.sl for HP-UX on PA-RISC, liblogger.a for AIX).

2.Including the logger library in the LD_LIBRARY_PATH (SHLIB_PATH for HP-UX on PA-RISC, LIBPATH on AIX) environment variable.

The application does not detect any difference and is unaffected by this change.

For example, use the following commands to reassign the libcryptoki.so symbolic link:

# cd /opt/safenet/protecttoolkit5/ptk/lib # ln –sf liblogger.so libcryptoki.so

Storing SafeNet ProtectToolkit-C Host Library File Details

To store the name of the SafeNet ProtectToolkit-C host library file and the path to it for use by the logger when forwarding redirected calls, create the configuration item:

ET_PTKC_LOGGER_PKCS11LIB

and set its value to that of the full path required. For example: C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\hsm\cryptoki.dll should be added for Windows systems.

This change can be made at the temporary, user or system levels on both UNIX and Windows platforms. Refer to the Configuration Items section in the SafeNet ProtectToolkit-C Administration Manual for more information.

NOTE   There are no default values for this item so this step must be completed, otherwise calls cannot be forwarded and the system will fail.

Storing Log File Details

By default log entries are written to a text file named ctlog.log. The full path is:

>\ctlog.log on Windows systems or

>$HOME/ctlog.log on UNIX systems

To change the file name and or location to something other than the default, create the configuration item, ET_PTKC_LOGGER_FILE, and set its value to that of the full path required.

This change can be made at the temporary, user or system levels on both UNIX and Windows platforms. Refer to the Configuration Items section in the SafeNet ProtectToolkit-C Administration Manual for more information.

Changing Detail Recorded by the Logger

The table below lists the configuration items that control the level of detail recorded by the logger. The meaning of each configuration item is given, along with the default values that apply in the absence of each particular configuration item.

To change the level of detail recorded, override any of the default values shown. To do this, create the corresponding configuration item and set its value to either TRUE or FALSE as required.

The changes can be made at the temporary, user or system levels on both UNIX and Windows platforms. Refer to the Configuration Items section in the SafeNet ProtectToolkit-C Administration Manual for more information.

Configuration Item

Meaning

ET_PTKC_LOGGER_LOGPID

If TRUE, the calling process ID (PID) is included in log messages. Default=TRUE

ET_PTKC_LOGGER_LOGTID

If TRUE, the thread ID (TID) is included in log messages. Default=TRUE

ET_PTKC_LOGGER_LOGTIME

If TRUE, the date and time of each message is included in the log. Default=TRUE

ET_PTKC_LOGGER_LOGMEM

If TRUE, all numeric data, buffer addresses and the contents of buffer addresses at the input and output of functions (excluding PIN values)is included in log messages. If FALSE then the contents of buffer addresses at the input and output of functions is omitted. Numeric data and buffer addresses are retained. Default=TRUE

ET_PTKC_LOGGER_LOGPIN

If TRUE, the PIN values passed to C_Login, that are used to login to tokens, are included in log messages. Default=FALSE