JOC Cockpit - Logging

Introduction

The JobScheduler Web Services provide extensive logging for the JOC Cockpit, including the compliance-conform Audit Log. Logging can be configured for each operating area independently, allowing logging performance to be optimized in line with administration requirements.The Apache Log4j logging utility is used in the web services.

Log File Location

All JOC Cockpit log files are stored in a common logs folder.

If the Jetty web server provided with the JOC Cockpit installation is installed in its default location then the JOC Cockpit log files will be found in the jetty_base/logs directory. The default paths to this directory are:

/home/[user]/sos-berlin.com/joc/jetty_base/logs on Linux systems and
C:\ProgramData\sos-berlin.com\joc\jetty_base\logs on Windows.

For more information see the Jetty Installation & Configuration section of the JOC Cockpit - Installation article.

Logging Configuration

Logging for the JOC Cockpit is configured in a log4j.properties file, which can be found in the jetty_base/resources/joc directory.

Note the following:

There is also a log4j.properties file in the jetty/resources directory. This is a Jetty configuration file and should not be used to configure logging for the JOC Cockpit..
The log4j.properties file is overwritten during installation so system administrators wishing to change, for example, the location or name of the Audit Log file, will need to take suitable precautions whilst updating the JOC Cockpit.

Assigning changes to the log4j properties file

Running stand alone

Changes made to this log4j.properties file are effective immediately after saving the file. It is not necessary to restart the the JOC Cockpit.

Running in a cluster

When the JOC Cockpit is running in a cluster:

Changes have to be made to the joc4j properties file on each cluster node. Avoid having different configurations at different nodes.
Restart all cluster members after making changes.

Default Logging Configuration

The following code block shows the default log4j logging configuration for the JOC Cockpit :

The JOC Cockpit default log4j.properties configuration

log4j.reset=true

#root logger with console appender. All other loggers inherit from this logger. 
log4j.rootLogger=info, stdout
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout = org.apache.log4j.EnhancedPatternLayout
log4j.appender.stdout.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %-16.16t %-44.70c{1.} - %m%n

#General Log Files - et the following loggers to 'debug' to debug the JOC Cockpit 
log4j.logger.com.sos = info
log4j.logger.org.hibernate.SQL = info

#Apache and Apache Shiro Logs 
log4j.logger.org.apache.http = error
log4j.logger.org.apache.commons = error
log4j.logger.org.apache.shiro = info
log4j.logger.org.apache.shiro.session.mgt = error

#Logger for hibernate
log4j.logger.org.hibernate.hql = error
log4j.logger.org.hibernate.event = error
log4j.logger.org.hibernate.cfg = error
log4j.logger.org.hibernate.type = error
log4j.logger.org.hibernate.id = error
log4j.logger.org.hibernate.orm.deprecation = error
log4j.logger.org.hibernate.engine.transaction.internal.TransactionImpl = info

#Logger for audit log
log4j.logger.JOCAuditLog=info, audit
log4j.additivity.JOCAuditLog = false

log4j.appender.audit = org.apache.log4j.FileAppender
log4j.appender.audit.layout = org.apache.log4j.EnhancedPatternLayout
log4j.appender.audit.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short}
#filename of audit log
log4j.appender.audit.File = ${jetty.base}/logs/JOCAuditLog.log

##logger for security
#log4j.logger.com.sos.auth=debug, shiro
#log4j.additivity.com.sos.auth= false
#log4j.appender.shiro = org.apache.log4j.FileAppender
#log4j.appender.shiro.layout = org.apache.log4j.EnhancedPatternLayout
#log4j.appender.shiro.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n
##filename of shiro log
#log4j.appender.shiro.File = ${jetty.base}/logs/JOCShiroLog.log

##logger for db
#log4j.logger.com.sos.hibernate=debug, db
#log4j.additivity.com.sos.hibernate= false
#log4j.appender.db = org.apache.log4j.FileAppender
#log4j.appender.db.layout = org.apache.log4j.EnhancedPatternLayout
#log4j.appender.db.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n
##filename of db log
#log4j.appender.db.File = ${jetty.base}/logs/JOCDBLog.log

Note:

A number of logger settings are set by default to the error level.This has been done to reduce the amount of information logged.

The Logging Functions

General Log Files

YYYY_MM_DD.stderrout.log
- This log rotates per restart of the JOC Cockpit and per day. It shows startup messages and error messages. This file should not grow in a considerable way as it is used mainly for error messages.
sos_joc-stderr.YYYY-MM-DD.log and sos_joc-stdout.YYYY-MM-DD.log
- This log is used on Windows systems and contains messages about the Windows Service start/stop.
start.log
- This log is used on Linux systems.

Audit Log

JOCAuditLog.log
- This file includes the same information that is visible in the JOC Cockpit from the Audit Log View. All interventions that modify the status of jobs, job chains and orders are written to this file.
- This file is important for compliance purposes and is not rotated.
- Growth should not be harmful as one line of log output is created per user action.

Certificate Handling

Log information for certificate handling - including handshakes - can be activated as follows:

On Linux Systems:

The following information has to be added to the /etc/default/joc file.
Set up logging for SSL handshakes
```
-Djavax.net.debug=ssl
```

On Windows systems:

In Jetty Home (e.g. C:\Program Files\sos-berlin.com\joc) in the service ./jetty/bin subfolder:
- start the sos_jocw.exe application
- select the Java tab
- in the Java Options field:
  - add -Djavax.net.debug=ssl

Certificate handling log information is written to the YYYY_MM_DD.stderrout.log file described above.

Installation

Install*.log
- The log output that is created by the installer.

Security: Authentication and Session Information

This logger records authentication. i.e. logging any log in and log out operations, as well as session information, in particular for distributed sessions, when a number of JOC Cockpit instances is clustered in an environment.

The following information has to be added to the log4j.properties file.

Set up logger for authentication and session management

#logger for security
log4j.logger.com.sos.auth=debug, shiro
log4j.additivity.com.sos.auth= false
log4j.appender.shiro = org.apache.log4j.FileAppender
log4j.appender.shiro.layout = org.apache.log4j.EnhancedPatternLayout
log4j.appender.shiro.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short}
#filename of shiro log
log4j.appender.shiro.File = ${jetty.base}/logs/JOCShiroLog.log

JOC Cockpit cluster for distributed sessions

To activate distributed session management for running JOC Cockpit in a cluster, you have to add

sessionDAO = com.sos.auth.shiro.SOSDistributedSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO

to the [main] section of the shiro ini file. See the JOC Cockpit - Clustering article for more information. When this is done the JOCShiroLog.log file will also contain the debug output from the session management coming von the class com.sos.auth.shiro.SOSDistributedSessionDAO

The last line of the configuration above causes the security log file to be generated in the jetty_base/logs/ directory with the name JOCShiroLog.log.

JOC Cockpit cluster fail-over

The hand over is logged in the class com.sos.auth.rest.SOSPermissionsCreator.Therefore the log4j.logger.com.sos.auth property will also log this debug output.

Database processing: Logging Database debug lines

This logger records database access debug lines.

The following information has to be added to the log4j.properties file.

Set up logger for database operations

#logger for db
log4j.logger.com.sos.hibernate=debug, db
log4j.additivity.com.sos.hibernate= false
log4j.appender.db = org.apache.log4j.FileAppender
log4j.appender.db.layout = org.apache.log4j.EnhancedPatternLayout
log4j.appender.db.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short}
#filename of db log
log4j.appender.db.File = ${jetty.base}/logs/JOCDBLog.log

Enabling the JETTY request log

It is possible to enable the requests log for the JOC Cockpit web service. This means that the requests for the JOC Cockpit will be logged.

This will be done by calling the script

./install/install_jetty_base requestlog
which executes

java -jar "%JOC_JETTY_HOME%\start.jar" -Djetty.home="%JOC_JETTY_HOME%" -Djetty.base="%JOC_JETTY_BASE%" --add-to-start=requestlog
This call will modify the file $joc_home/jetty_base/start.ini

with

--module=requestlog

Content of $joc_home/jetty_base/start.ini

 --module=requestlog

## Logging directory (relative to $jetty.base)
# jetty.requestlog.dir=logs

## File path
# jetty.requestlog.filePath=${jetty.requestlog.dir}/yyyy_mm_dd.request.log

## Date format for rollovered files (uses SimpleDateFormat syntax)
# jetty.requestlog.filenameDateFormat=yyyy_MM_dd

## How many days to retain old log files
# jetty.requestlog.retainDays=90

## Whether to append to existing file
# jetty.requestlog.append=true

## Whether to use the extended log output
#jetty.requestlog.extended=true

## Whether to log http cookie information
# jetty.requestlog.cookies=true

## Timezone of the log entries
# jetty.requestlog.timezone=GMT

## Whether to log LogLatency
# jetty.requestlog.loglatency=false

To deactivate the request log the file $jetty_home/start.ini must be changed manually.

Enabling and access the JOC Cockpit log

The JOC Cockpit log is enabled with the JOC Cockpit user interface.

Login to the JOC Cockpit
Click "Logging" in the drop down menu in the upper right corner
Enable the log levels that the log should include.

Space shortcuts

Page tree