Layer7 API Management

Enable Logging of STDOUT and STDERR streams. 

05-28-2018 01:38 AM


The API Gateway documentation describes how to redirect stdout/stderr to log files, here : 

  Working with Log Sinks and Debug Logs - CA API Gateway - 9.2 - CA Technologies Documentation 


The API Gateway does not print very much at all to STDOUT or STDERR, but there are some cases where added modules do log to the stdout/stderr streams.  

Two notable cases are :

  • SSL tracing, and
  • CA Single Sign On (SSO) debug tracing. 


For another article I needed to describe setting up the CA Single Sign On debug tracing.    And here, with screenshots I show how we followed the documentation to setup the logging for stdout/stderr following the API Gateway documentation.


There is also as special note at the end for enabling where we needed to add a different setting to get it to work. 


So the steps we followed from the documentation went like this : 


1. Edit Cluster wide settings : 


Add entries to set STDOUT and STDERR logging level to FINE in the log.levels key: 

Added each on separate line in the value part. 


Add log.stderrLevel = FINE and log.stdoutLevel=FINE to cluster wide properties: 



2. Add stdout/stderr log: 


From the menu pick the Logging / Manage Log menu item : 



Then "create" a new log with name stdout, type File, that matches the logs for packages STDOUT and STDERR.


The packages are added via Add Filter, selecting Filter Type then entering STDOUT and STDERR.


3 restart service

You can do this from the main menu, or from the cmd line as : 

service ssg restart 


4. Check for the logs 

Logon to  the the gateway, check the directory /opt/SecureSpan/Gateway/default/var/logs


There should be a new stdoutlog_0_0.log 



Generally it will be zero length, unless you have something that explicitly writes to the System.out  and System.err.  That may be the SSL debug as described in the documentation, or a custom module, or as per the referenced link the CA SSO module.



5. Note: for Gateway SSL Debuging


I am not showing the ssl trace logging here, as we were focussed on the CA SSO logging, but we did try it as prequel to getting the CA SSO logging working. 


The Gateway documentation mentions that you just need to set the cluster wide property : 

io.debutgSsl=true (in addition to the above setup for the stdout/stderr logging).


As per : 


That should be all you need, but we found we had to explicitly set the setting :  (or to ssl or any of its other allowable entries).

directly in the startup properties file before we could see the SSL trace log.



That was done via; 

vi /opt/SecureSpan/Gateway/node/default/etc/conf/



And the gateway service was restarted via : 

service ssg restart


This was with Gateway 9.2 and may not apply to later versions of the Gateway, as the intent was that the io.debugSsl was the only setting that should be needed. 



Cheers - Mark

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.