Entrust JTK logging

9.4 Entrust JTK logging

You can enable logging for the Entrust JTK component. On the MyID application server, open regedit and browse to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Connector\EntrustJTK

This key contains the following values:

JavaLocation – an existing value containing the path to the MyID Java components.
LogLevel – a DWORD value containing the logging level to use.
LogFile – a String value containing the path of the JTK log file.

If the LogLevel or LogFile entries do not exist, you can create them.

For example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Connector\EntrustJTK]
"JavaLocation"="C:\\Program Files\\Intercede\\MyID\\Components\\Java"
"LogFile"="c:\\logs\\jtklog.log"
"LogLevel"=dword:00000004

In this example, the LogFile has been set to the logs folder on drive C:, and in a file named jtklog.log.

Note: Do not use the same log file as you are using for any other logging.

The logging level is set to 4. According to the Oracle documentation for logging, the available logging levels are:

0 – off
1 – basic
2 – network, cache, and basic
3 – security, network and basic
4 – extension, security, network and basic
5 – LiveConnect, extension, security, network, temp, basic, and Deployment Rule Set

The above example will log extension, security, network, and basic calls.

To disable logging, you can set the LogLevel to 0, or remove the LogFile entry.

For example:

or:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\Connector\EntrustJTK]
"JavaLocation"="C:\\Program Files\\Intercede\\MyID\\Components\\Java"

Note: The difference between providing no values and a LogLevel setting of 0 is that the Java tracing will create or reset the existing log file to a file of length 0, and not produce any logging.

Note: Issuing a single certificate with a LogLevel of 4 produces a file over 500 KB; leaving the diagnostic running has implications for disk space.