KB Article #182269

SERVER LOGS: Increasing logging to Debug

Problem

In some specific cases it might be beneficial to collect debug logs for services in SecureTransport, which can be used to troubleshoot complex issues. This article will provide a guideline how to do this efficiently.


Caution! Before proceeding with the steps described here, it is recommended that you first redirect the logs to file. For more information refer to the Admin Guide - redirecting Log4j to files


IMPORTANT! Increasing log levels to debug is not intended as a monitoring or a health-check procedure. It must not be used on regular basis and must be done only if a complex issue is observed and requested by Axway Support or Axway RnD.


Resolution

We will go through a couple of example scenarios where one might need to get more information - debugging a server-initiated issue and a client-initiated one. For the sake of this article and the screenshots in it, the logs will not be redirected to files.


Debugging a server-initiated issue

In this example scenario, ST reached out to a remote server and tries to pull a file. The file is present but there is no transfer occurring from ST's perspective and there is no inbound transfer in File Tracking.


A server-initiated pull resulted in a WARN and ERROR messages



The following classes are showing the WARN and ERROR messages




Custom loggers created to increase logging to debug


After identifying the classes that show the messages of interest, custom loggers need to be created in the tm-log4j.xml file located in the $FILEDRIVEHOME/conf folder.


Make a backup copy of the file before editing it!


The classes we want loggers for are the ones below:


com.tumbleweed.st.server.tm.agents.PermissionsCheckAgent
com.valicert.brules.executionengine.engine.AgentJob


The rule of thumb is that one should try to create debug loggers for the right-most class, however not all classes do contain debug loggers. In other words com.tumbleweed.st.server.tm.agents.PermissionsCheckAgent on debug might not show anything useful, but com.tumbleweed.st.server.tm.agents would. The same for goes for com.valicert.brules.executionengine.engine.AgentJob and com.valicert.brules.executionengine.engine.


Furthermore, if you increase logs to debug on low lever classes, such as com.tumbleweed or com.axway - there might be too much unnecessary debug data in the logs that will make troubleshooting the issues harder, not easier.


<!-- Custom debug loggers -->
<Logger name="com.tumbleweed.st.server.tm.agents" level="DEBUG" additivity="false">
    <AppenderRef ref="ServerLog"/>
    <!--<AppenderRef ref="Stdout" />-->
    <!--<AppenderRef ref="Stderr" />-->
</Logger>
<Logger name="com.valicert.brules.executionengine" level="DEBUG" additivity="false">
    <AppenderRef ref="ServerLog"/>
    <!--<AppenderRef ref="Stdout" />-->
    <!--<AppenderRef ref="Stderr" />-->
</Logger>


New loggers should be placed at the bottom of the file, right above the last two closing tags - </Loggers> and </Configuration>



Debug log messages now present for the classes we are interested in


After saving the tm-log4j.xml file, the changes will automatically take effect in a couple of minutes. Trying to perform the same transfer now results in this output:



Identify cause for the issue


In this case the issue was caused by incorrect OS permissions of the /home/test/ar folder. The debug logs showed that we need permissions of UID/GID 12345/12345, however the actual folder was owned by a different UID/GID combination, therefore access was denied.


Debugging a client-initiated issue

In this example scenario, a client tries to login over HTTP but the login is denied. This time the logs show errors from both the HTTPD and TM components.


The logs show two errors of interest related to the client action



The following classes are showing the ERROR messages, note the component is different this time




Custom loggers created to increase logging to debug


After identifying the classes that show the messages of interest, custom loggers need to be created in the tm-log4j.xml and httpd-log4j.xml files located in the $FILEDRIVEHOME/conf folder.


Make a backup copy of the files before editing them!


The classes we want loggers for are the ones below, one per component:


TM Component, Class: com.tumbleweed.st.server.tm.agents.AccountInitializationAgent
HTTPD Component, Class: com.axway.st.server.httpd.login.LoginAuthenticator


The rule of thumb is that one should try to create debug loggers for the right-most class, however not all classes do contain debug loggers. In other words com.tumbleweed.st.server.tm.agents.AccountInitializationAgent on debug might not show anything useful, but com.tumbleweed.st.server.tm.agents would. The same for goes for com.axway.st.server.httpd.login.LoginAuthenticator and com.axway.st.server.httpd.login.


Furthermore, if you increase logs to debug on low lever classes, such as com.tumbleweed or com.axway - there might be too much unnecessary debug data in the logs that will make troubleshooting the issues harder, not easier.


With all of the above in mind, we create one custom logger per respective log4j file. In the tm-log4j.xml:


<!-- Custom TM debug loggers -->
<Logger name="com.tumbleweed.st.server.tm.agents" level="DEBUG" additivity="false">
    <AppenderRef ref="ServerLog"/>
    <!--<AppenderRef ref="Stdout" />-->
    <!--<AppenderRef ref="Stderr" />-->
</Logger>



Now in the httpd-log4j.xml:


<!-- Custom HTTPD debug loggers -->
<Logger name="com.axway.st.server.httpd.login" level="DEBUG" additivity="false">
    <AppenderRef ref="ServerLog"/>
    <!--<AppenderRef ref="Stdout" />-->
    <!--<AppenderRef ref="Stderr" />-->
</Logger>



New loggers should be placed at the bottom of the file, right above the last two closing tags - </Loggers> and </Configuration>


Debug log messages now present for the classes we are interested in


After saving the tm-log4j.xml file, the changes will automatically take effect in a couple of minutes, however the changes in httpd-log4j.xml require a restart of the HTTP daemon. Now we get the following output with debug messages for both TM and HTTPD components:



Keep in mind that when troubleshooting client-initiated issues, the changes to protocol daemon log4j file might have to be done on Edge servers. This is because the client in question can be connecting to an Edge server, thus the protocol related logs will be there.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.