Introduction
The JobScheduler Web Services provide extensive logging for the JOC Cockpit, including the compliance-conform Audit Log. Logging can be configured for each operating area independently, allowing logging performance to be optimized in line with administration requirements.The Apache Log4j logging utility is used in the Web Services.
Log File Location
All JOC Cockpit log files are stored in a common logs
folder.
If the Jetty Web Server provided with the JOC Cockpit installation is installed in its default location then the JOC Cockpit log files will be found in the jetty_base/logs directory. The default paths to this directory are:
/home/[user]/sos-berlin.com/joc/jetty_base/logs
on Linux systems andC:\ProgramData\sos-berlin.com\joc\jetty_base\logs
on Windows.
For more information see the Jetty Installation & Configuration section of the JOC Cockpit - Installation article.
Logging Configuration
Logging for the JOC Cockpit is configured in a log4j.properties
file, which can be found in the jetty_base/resources/joc
directory.
Note the following:
- There is also a
log4j.properties
file in thejetty/resources
directory. This is a Jetty configuration file and should not be used to configure logging for the JOC Cockpit.. - The
log4j.properties
file is overwritten during installation so system administrators wishing to change, for example, the location or name of the Audit Log file, will need to take suitable precautions whilst updating the JOC Cockpit.
Assign changes in the log4j properties file
Running stand alone
Changes made to this log4j.properties
file are effective immediately after saving the file. It is not necessary to restart the the JOC Cockpit.
Running in a cluster
When running JOC in a cluster
- consider every joc4j properties file on each cluster node. Avoid having different configurations on different nodes.
- restart all cluster member after making the changes.
Default Logging Configuration
By default the JOC Cockpit contains logging configuration information for the following operating areas.
The following code block shows the default log4j configuration:
#the following line should remain at top of this file log4j.reset=true #root logger with console appender. All other loggers inherit from this logger. log4j.rootLogger=info, stdout log4j.appender.stdout = org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout = org.apache.log4j.EnhancedPatternLayout log4j.appender.stdout.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %-16.16t %-44.70c{1.} - %m%n #Set the following loggers to 'debug' to debug the JOC Cockpit log4j.logger.com.sos = info log4j.logger.org.hibernate.SQL = info #Apache and Apache Shiro Logs log4j.logger.org.apache.http = error log4j.logger.org.apache.commons = error log4j.logger.org.apache.shiro = info log4j.logger.org.apache.shiro.session.mgt = error #Logger for hibernate log4j.logger.org.hibernate.hql = error log4j.logger.org.hibernate.event = error log4j.logger.org.hibernate.cfg = error log4j.logger.org.hibernate.type = error log4j.logger.org.hibernate.id = error log4j.logger.org.hibernate.orm.deprecation = error log4j.logger.org.hibernate.engine.transaction.internal.TransactionImpl = info #Logger for audit log log4j.logger.JOCAuditLog=info, audit log4j.additivity.JOCAuditLog = false log4j.appender.audit = org.apache.log4j.FileAppender log4j.appender.audit.layout = org.apache.log4j.EnhancedPatternLayout log4j.appender.audit.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short} #filename of audit log log4j.appender.audit.File = ${jetty.base}/logs/JOCAuditLog.log
Note:
- A number of logger settings are set by default to the error level.This has been done to reduce the amount of information logged.
The Logging Functions
General Log Files
YYYY_MM_DD.stderrout.log
- This log rotates per restart of the JOC Cockpit and per day. It shows startup messages and error messages. This file should not grow in a considerable way as it is used mainly for error messages.
sos_joc-stderr.YYYY-MM-DD.log
and sos_joc-stdout.YYYY-MM-DD.log
- This log is used on Windows systems and contains messages about the Windows Service start/stop.
start.log
- This log is used on Linux systems.
Audit Log
-
JOCAuditLog.log
- This file includes the same information that is visible in the JOC Cockpit from the Audit Log View. All interventions that modify the status of jobs, job chains and orders are written to this file.
- This file is important for compliance purposes and is not rotated.
- Growth should not be harmful as one line of log output is created per user action.
- This file includes the same information that is visible in the JOC Cockpit from the Audit Log View. All interventions that modify the status of jobs, job chains and orders are written to this file.
Certificate Handling
Log information for certificate handling - including handshakes - can be activated as follows:
On Linux Systems:
- The following information has to be added to the
/etc/default/joc
file. -Djavax.net.debug=ssl
On Windows systems:
- In Jetty Home (e.g.
C:\Program Files\sos-berlin.com\joc
) in theservice ./jetty/bin
subfolder:- start the sos_jocw.exe application
- select the Java tab
- in the Java Options field:
- add
-Djavax.net.debug=ssl
- add
Certificate Handling log information is written to the YYYY_MM_DD.stderrout.log
file described above.
Installation
-
Install*.log
- The log output that is created by the installer.
Security: Authentication and Session Information
This logger records authentication. i.e. logging any log in and log out operations, as well as session information, in particular for distributed sessions, when a number of JOC Cockpit instances is clustered in an environment.
The following information has to be added to the log4j.properties
file.
- Logger für Security
#logger for security log4j.logger.com.sos.auth=debug, shiro log4j.additivity.com.sos.auth= false log4j.appender.shiro = org.apache.log4j.FileAppender log4j.appender.shiro.layout = org.apache.log4j.EnhancedPatternLayout log4j.appender.shiro.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short} #filename of shiro log log4j.appender.shiro.File = ${jetty.base}/logs/JOCShiroLog.log
JOC in cluster, Distributed Sessions.
To activate Distributed Session management for running JOC in a cluster, you have to add
sessionDAO = com.sos.auth.shiro.SOSDistributedSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
to the [main]
section of the shiro ini file. See the JOC Cockpit - Clustering article for more information. When this is done the JOCShiroLog.log
file will also contain the debug output from the session management coming von the class com.sos.auth.shiro.SOSDistributedSessionDAO
The last line of the configuration above causes the security log file to be generated in the jetty_base/logs/
directory with the name JOCShiroLog.log
.
JOC cluster fail-over
The hand over is logged in the classe com.sos.auth.rest.SOSPermissionsCreator.
Therefore the log4j.logger.com.sos.auth property will also log this debug output.
Database processing: Logging Database debug lines
This logger records database access debug lines.
The following information has to be added to the log4j.properties
file.
#logger for db log4j.logger.com.sos.hibernate=debug, db log4j.additivity.com.sos.hibernate= false log4j.appender.db = org.apache.log4j.FileAppender log4j.appender.db.layout = org.apache.log4j.EnhancedPatternLayout log4j.appender.db.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short} #filename of db log log4j.appender.db.File = ${jetty.base}/logs/JOCDBLog.log
Enabling the JETTY request log
It is possible to enable the requests log for the JOC Webservice. That means that the requests for the JOC server will be logged.
This will be done by calling the script
./install/install_jetty_base requestlog
which executes
java -jar "%JOC_JETTY_HOME%\start.jar" -Djetty.home="%JOC_JETTY_HOME%" -Djetty.base="%JOC_JETTY_BASE%" --add-to-start=requestlog
This call will modify the file $joc_home/jetty_base/start.ini
with
--module=requestlog
To deactivate the request log the file $jetty_home/start.ini
must be changed manually.
Enabling and access the JOC log
The JOC log will be enabled in the JOC GUI.
- Login to the JOC GUI
- Click "Logging" in the drop down menu in the upper right corner
- Enable the severities the log should contain