9.1 Registry logging
You can use the registry method of configuring logging for the following components:
-
AccessProfileImport
-
ADDeletionSync
-
ADDeletionSync
-
AdjudicationEquifax
-
AdjudicationOPM
-
AMAGPACSConnector
-
ASyncImport
-
BOL_Authentication
-
BOL_Certificates
-
BOL_Core
-
BOL_DeviceManagement
-
BOL_DevicePolicy
-
BOL_Devices
-
BOL_ImportFromCard
-
BOL_Jobs
-
BOL_LDAP
-
BOL_Notifications
-
BOL_People
-
CardScriptExtensions
-
CBPACSConnector
-
CertificateRevocationConnector
-
CertificateSrv
-
eActivIDSDSProcessor
-
eBureauSrv
-
ECardPrintX
-
eConfiguration
-
eCS
-
Edefice_CS
-
Edefice_DAL
-
EdeficeBOL_PKI
-
EdeficeSmartCard
-
eDirectory
-
eEMVDataProcessor
-
eJobMaintenanceProcessor
-
eJobServer
-
eKeySrv
-
eKeySrvPool
-
Entrust_Admin
-
EntrustJTKConnector
-
ePkiConfig
-
eStaleJobProcessor
-
GEFCPACSConnector
-
GEPACSConnector
-
GPOBureauMessage
-
HSMTestUtility
-
ImportProcessor
-
JobBatch
-
LUNAKeySrv
-
MicrosoftConnector
-
MicrosoftKeyStore
-
MifareCom
-
NCKeySrv
-
OfflineRevocationConnector
-
OpenPlatformSecurity
-
PivDataProcessor
-
PivTransport
-
PreciseConnector
-
ResyncByCounter
-
SecugenConnector
-
SymantecLH
-
SymantecMPKIHelper
-
SunOne
-
THNGHooks
-
Unicert
Note: Not all of these components may be available on your system, depending on which edition of MyID you are using.
You can also set up logging for any component that ends BureauTransport; for example, GenBureauTransport.
You can set up logging for the Notifications component, but this is the older component – for the current Notifications system, see section 9.2, Log4Net.
You can set up logging for the eSCardCOM component, but only after installing a debug version of the DLL. For example, for MyID PIV 9.0 SP1, the diagnostic patch D901MP316 is available.
To set up logging for a component:
-
Set the following in the MyID application server's registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Trace
If the Trace key does not exist, you must create it.
-
In the Trace key, create a DWORD value with the name of the component from the list above; for example, TPMManager. Set the value to 1 to enable logging, and 0 to disable logging.
-
In the Trace key, create a key with the name of the component; for example, TPMManager. Within this key, create a string value called Location and set this to the full path of the file to which you want to send the log information.
Note: You must ensure that the MyID named COM user has the necessary permissions to create and write to the log file. You can create a file then give the user write permissions if you prefer not to give the user create permissions.
Important: Disable the logging when you have completed diagnosing the issues, as the log file may become very large. Alternatively, you can configure a maximum file size and a backup location for your log files; see section 9.1.1, Maximum log size and backups.
9.1.1 Maximum log size and backups
You can configure a maximum log file size. When MyID attempts to write to the log file, if the current file size exceeds the maximum configured, MyID clears the log and starts again. Optionally, you can configure MyID to back up the old log file before clearing it.
Note: These settings are applied for all modules that use this logging method.
To configure a maximum log size and backups:
-
Within the Trace key in the MyID application server's registry, create a DWORD value named LogFileSize.
Set the value to the maximum size (in KB) of the log file.
-
Within the Trace key in the MyID application server's registry, create a DWORD value named CreateBackups.
Set the value to 1 to enable backups, and 0 to disable backups.
-
Within the Trace key in the MyID application server's registry, create a String value named BackupLocation.
Set the value to the name of the folder to which you want to copy the backup log files.
You can specify a backup location on a file server rather than on the local application server; however, you must ensure that the MyID COM user has write access to this folder. Backup log files are copied to this folder with an appended timestamp in their filenames.
9.1.2 Bureau logging
Logging for the Bureau server components is a variation on the standard registry method.
To set up logging for the bureau components:
-
Set the following in the MyID application server's registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Trace
If the Trace key does not exist, you must create it.
-
In the Trace key, create the following keys:
-
eBureauSrv
-
Boewe
-
-
Inside each of the above keys, create a string value called Logfile and set this to the full path of the file to which you want to send the log information.
Note: You must ensure that the MyID named COM user has the necessary permissions to create and write to the log file. You can create a file then give the user write permissions if you prefer not to give the user create permissions.
Important: Disable the logging when you have completed diagnosing the issues, as the log file may become very large.