4.2 Entrust JASTK logging

This section contains information on enabling logging for the Entrust JASTK components.

Important: Disable the logging when you have completed diagnosing the issues, as the log files may become very large.

4.2.1 Setting up logging in the connector properties file

You can configure the log level, log file, and log format for MyID's logging of the JASTK connector using the properties file; by default, this file is:

C:\Program Files\Intercede\MyID\Components\Java\jastkconnector.properties

Use a text editor to edit the file. You can set edit the following lines:

• .level= OFF

  The global setting for log level.

  Note: If you set the .level value to anything other than OFF, but keep the java.util.logging.FileHandler.level set to OFF, the log file is created, but nothing is written to it.

• java.util.logging.FileHandler.pattern = c:/logs/myid_%u_%g.log

  The location and filename to use for the log.

  Where:

  • %u is a unique number to resolve conflicts between simultaneous Java processes.

  • %g is the generation number to distinguish between rotating logs.

• java.util.logging.FileHandler.limit = 10000000

  The maximum size of the file, in bytes. If this is 0, there is no limit. Logs larger than limit roll over to the next log file.

• java.util.logging.FileHandler.count = 1

  The number of log files to use in the log file rotation.

• java.util.logging.FileHandler.level = OFF

  The level of logging you want. Specify one of the following, from least to most output:

  • OFF

  • SEVERE

  • WARNING

  • INFO

  • CONFIG

  • FINE

  • FINER

  • FINEST

  • ALL

• #java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n

  Uncomment this line (#) if you want to specify the format for the log entries. You can use the following codes:

  • %0$ – format – the format string.

  • %1$ – date – the date and time of the log message.

  • %2$ – source – a string representing the caller, if available; otherwise, the logger's name.

  • %3$ – logger – the logger's name.

  • %4$ – level – the log level.

  • %5$ – message – the formatted log message.

  • %6$ – thrown – the thrown error including the backtrace, if any.

  For dates, you can use Java printf formatting; for example:

  • %1$tc

    Tue Mar 22 13:11:31 PDT 2024

  • %1$tb %1$td

    Mar 22

  • %1$tl:%1$tM:%1$tS %1$Tp

    1:11:31 PM

4.2.2 Entrust JASTK logging

You can enable logging for the Entrust JASTK component. On the application server, open regedit and browse to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Connector\EntrustJASTKConnector

This key contains the following values:

• JavaLocation – an existing value containing the path to the MyID Java components.

• LogFile – a String value containing the path of the JASTK log file.

• LogLevel – a DWORD value containing the logging level to use.

  The available logging levels, from least to most output, are:

  • 0 – off.

  • 1 – basic.

  • 2 – network, cache, and basic.

  • 3 – security, network and basic.

  • 4 – extension, security, network and basic.

  • 5 – LiveConnect, extension, security, network, temp, basic, and Deployment Rule Set.

• CFGLogFile – a String value containing the path to the CFG log file.

• CFGLogLevel – a DWORD value containing the logging level to use for the CFG log.

  The available logging levels, from least to most output, are:

  • 0 – turns off logging. This is the default value for this configuration.

  • 1-2 – errors and exceptions.

  • 3-4 – debug messages.

  • 5-7 – trace messages.

  • 8-9 – protocol I/O.

If the entries do not exist, you can create them.

For example:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Connector\EntrustJASTKConnector]
"JavaLocation"="C:\\Program Files\\Intercede\\MyID\\Components\\Java"
"LogFile"="c:\\logs\\java.log"
"LogLevel"=dword:00000005
"CFGLogFile"="c:\\logs\\java_xap.log"
"CFGLogLevel"=dword:00000004

To disable logging, you can set the LogLevel or CFGLogFile to 0, or remove the LogFile or CFGLogFile entry.

Note: The difference between providing no values and a LogLevel or CFGLogFile setting of 0 is that the Java tracing will create or reset the existing log file to a file of length 0, and not produce any logging.

Note: Issuing a single certificate with a LogLevel of 4 produces a file over 500 KB; leaving the diagnostic running has implications for disk space.

4.2.3 Entrust JASTK Connector logging

You can also set up logging for the Entrust JASTK Connector component, which may provide some additional information.

To set up logging for the Entrust JASTK Connector component, open regedit and browse to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Trace\EntrustJastkConnector

If the key does not exist, you can create it.

Create a String value with the path to the log file.

For example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Trace\EntrustJastkConnector]
"Location"="c:\\logs\\jastk.log"

Note: You must ensure that the MyID named COM user has the necessary permissions to create and write to the log file. You can create a file then give the user write permissions if you prefer not to give the user create permissions.

Important: Disable the logging when you have completed diagnosing the issues, as the log file may become very large.