EFT.log File

EFT can be instructed to log specific or all HTTP request headers. When this following registry value is set to 1, all HTTP request headers will be logged:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Globalscape Inc.\EFT 4.0\EFTClient]

"log_request"=dword:1

1 = enable "all request header" logging

0 = disable "all request header" logging [default]

For this registry key to work, a file called logging.cfg in the EFT installation folder (e.g., C:\ProgramData\Globalscape\EFT Server Enterprise\logging.cfg) must be configured to log at the DEBUG level. With this logging file, EFT logs requests that require authentication and those that cause session-checking failures. (If you don't see the ProgramData folder in Windows Explorer, click View > Options > Change folder and view options. In the Folder Options dialog box, click the View tab, click Show hidden files, folders, and drives, then click OK.)

The information is logged to a file named EFT.log in the EFT installation folder. If you want to save EFT.log to a different location, change the reference at the bottom of the logging.cfg file to the location [AppDataPath] that you prefer:

log4cplus.appender.R.File=${AppDataPath}\EFT.log

It is not necessary to restart the EFT server service after editing the logging.cfg file.

Logger Hierarchy

All loggers inherit from the root logger; i.e., this is the default level that applies to all loggers:

log4cplus.rootLogger=WARN, R

Each logger's level can be set independently. Children inherit their parents setting unless set explicitly. For example, you can set Events and its children to a different level than the others:

log4cplus.logger.Events=TRACE

To enable trace level folder monitor logging for the site "My Site" the logger entry would be:

log4cplus.logger.Events.FolderMonitor.My_Site=TRACE

To turn on logging for a specific event rule, you can append the event rule name (spaces replaced with underscores _) after the site name. The logger name will have this format:

log4cplus.logger.Events.[optional event sub logger].[site name].[event rule name]

For example, to enable trace level logging for the folder monitor rule "My Folder Monitor" for the site "My Site" the logger entry would be:

log4cplus.logger.Events.FolderMonitor.My_Site.My_Folder_Monitor=TRACE

Notes:

The logger hierarchy in EFT includes the following events:

#log4cplus.logger.Administrator=TRACE

#log4cplus.logger.Administrator.Permissions=TRACE

#log4cplus.logger.AdminSupport=TRACE

#log4cplus.logger.AdvancedProperties=INFO

#log4cplus.logger.ARM=TRACE

#log4cplus.logger.ARM.Queue=TRACE

#log4cplus.logger.AS2=TRACE

#log4cplus.logger.AUD.Read=TRACE

#log4cplus.logger.AUD.Write=TRACE

#log4cplus.logger.AuthManager=TRACE

#log4cplus.logger.AuthManager.RADIUS=TRACE

#log4cplus.logger.AuthManager.RADIUS.Packet=TRACE

#log4cplus.logger.AuthManager.RSA=TRACE

#log4cplus.logger.AWE=TRACE

#log4cplus.logger.Backup=TRACE

#log4cplus.logger.CFG.Read=TRACE

#log4cplus.logger.CFG.Write=TRACE

#log4cplus.logger.ClientManager=TRACE

#log4cplus.logger.ClientTransfers=TRACE

#log4cplus.logger.CmdAccess=TRACE

#log4cplus.logger.Common=TRACE

#log4cplus.logger.DMZSupport=TRACE

#log4cplus.logger.Events=TRACE

#log4cplus.logger.Events.AS2=TRACE

#log4cplus.logger.Events.Client=TRACE

#log4cplus.logger.Events.Conn=TRACE

#log4cplus.logger.Events.FolderMonitor=TRACE

#log4cplus.logger.Events.FS=TRACE

#log4cplus.logger.Events.Server=TRACE

#log4cplus.logger.Events.Site=TRACE

#log4cplus.logger.Events.Clustered=TRACE

#log4cplus.logger.Events.ContentIntegrityControl=TRACE

#log4cplus.logger.Events.Workspaces=TRACE

#log4cplus.logger.Events.FolderActions=TRACE

#log4cplus.logger.Events.FileActions=TRACE

#log4cplus.logger.Events.CompressDecompressActions=TRACE

#log4cplus.logger.Events.CompressDecompressServer=TRACE

#log4cplus.logger.Events.WebServices=TRACE

#log4cplus.logger.Events.S3=TRACE

#log4cplus.logger.Events.AzureStorage=TRACE

#log4cplus.logger.Events.Cloud=TRACE

#log4cplus.logger.FileSystem=TRACE

#log4cplus.logger.FTP=TRACE

#log4cplus.logger.HTTP=TRACE

#log4cplus.logger.HTTP.Handler=TRACE

#log4cplus.logger.HTTP.SessionManager=TRACE

#log4cplus.logger.IPAccess=TRACE

#log4cplus.logger.PathManager=TRACE

#log4cplus.logger.PGP.Adapter=TRACE

#log4cplus.logger.Registration=TRACE

#log4cplus.logger.Reporting=TRACE

#log4cplus.logger.Reports=TRACE

#log4cplus.logger.Server.Startup=TRACE

#log4cplus.logger.Server.Stop=TRACE

#log4cplus.logger.Service=TRACE

#log4cplus.logger.SFTP=TRACE

#log4cplus.logger.SMTP=TRACE

#log4cplus.logger.SSL=TRACE

#log4cplus.logger.Status Viewer=TRACE

#log4cplus.logger.Timer=TRACE

#log4cplus.logger.Cluster=TRACE

#log4cplus.logger.Cluster.SharedFiles=TRACE

#log4cplus.logger.Cluster.ChangeQueue=TRACE

#log4cplus.logger.Cluster.SyncStatus=TRACE

#log4cplus.logger.Workspaces=TRACE

#log4cplus.logger.Workspaces.Invite=TRACE

#log4cplus.logger.SAMLSSO=TRACE

#log4cplus.logger.Cloud=TRACE

#log4cplus.logger.Admin.API=TRACE

#log4cplus.logger.Remote.Agent=TRACE

#log4cplus.logger.CAPTCHA=TRACE

#log4cplus.logger.EncryptedFolders=TRACE

To enable other loggers, type log4cplus.logger.<name_of_event_to_log>=<log_level>. For example:

log4cplus.logger.Server.Startup=TRACE

SQL Lite Statement Auditing

log4cplus.logger.SQLite=WARN

# SQLite Statement Auditing

#log4cplus.logger.SQLite=TRACE, SQLiteFileAppender

#log4cplus.logger.SQLite.Prepare=TRACE, SQLiteFileAppender

#log4cplus.logger.SQLite.Execute=TRACE, SQLiteFileAppender

#log4cplus.logger.SQLite.Deallocate=OFF, SQLiteFileAppender

#log4cplus.additivity.SQLite=false

 

# Log to a file called "SQLite.log" in the ProgramData folder.

#log4cplus.appender.SQLiteFileAppender=log4cplus::RollingFileAppender

#log4cplus.appender.SQLiteFileAppender.File=${AppDataPath}\SQLite-${COMPUTERNAME}.log

#log4cplus.appender.SQLiteFileAppender.MaxFileSize=20MB

#log4cplus.appender.SQLiteFileAppender.MaxBackupIndex=5

#log4cplus.appender.SQLiteFileAppender.layout=log4cplus::PatternLayout

#log4cplus.appender.SQLiteFileAppender.layout.ConversionPattern=[%d{%y-%m-%d %H:%M:%S}][%-5p][%c{2}] - %m%n

Cloud Logging

To enable AWS-related logging, in logging.cfg, look for the following section, and change OFF to ON:

#  Turn off AWS logging for traditional deployments

#

log4cplus.logger.Cloud.AWS=OFF

File System Logging

A File System Logging appender can be used to log file system activities to a separate file for debug diagnostics, as shown below.

#log4cplus.appender.FileSys=log4cplus::RollingFileAppender

#log4cplus.appender.FileSys.File=${AppDataPath}\EFT-FileSystem.log

#log4cplus.appender.FileSys.MaxFileSize=20MB

#log4cplus.appender.FileSys.MaxBackupIndex=5

#log4cplus.appender.FileSys.layout=log4cplus::TTCCLayout

#log4cplus.logger.FileSystem=DEBUG, FileSys

#log4cplus.additivity.FileSystem=false

DEBUG will capture all activity and time taken.

It is not recommended to use TRACE, as this will create quite a bit of unusable chatter in the log.

Log Levels

EFT.log organizes logging levels as a hierarchy: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF. When you specify a logging level, each of the lower levels is also included. That is, if you specify DEBUG level, you also get INFO, WARN, ERROR, and FATAL logs. However, if you specify INFO, you will not log DEBUG or TRACE level activities.

The log reference to "Timeout" is not actually a problem, it is by design in our software. Our auditing mechanism periodically disconnects and reconnects to the database server in order to avoid complications of long-running open connections; in particular, drivers in Oracle 11g and earlier are notorious for having slow memory leaks that caused problems over time. Thus, our system has a timeout value (default to 180 seconds) where we disconnect and reconnect to ensure clean processing. The 180 seconds is currently hardcoded into our system.

For example, these log entries are fully expected and do NOT indicate any error:

06-10-15 11:36:29,997 [1848] INFO ARM <SQL Queue Reader> - Timeout: closing the database connection [timeout = L180 seconds]

06-10-15 11:36:32,774 [1848] INFO ARM <SQL Queue Reader> - Database connection closed. Reconnecting...

06-10-15 11:36:32,852 [1848] INFO ARM <SQL Queue Reader> - Reconnection successful

Appenders

Appenders determine where the output of the logging goes. Each logger can have more than one appender and inherits appenders from parents by default. Appenders have an associated layout that determines the content of the log lines. EFT uses a RollingFileAppender with the TTCCLayout. With this layout, the log contains the name of the logger, date/time, thread id, the log line itself, and other things.

The file logging.cfg in the EFT installation folder provides details of how EFT uses Log4Cplus. For more information about Log4Cplus, refer to http://log4cplus.sourceforge.net/docs/html/classlog4cplus_1_1PropertyConfigurator.html21e8e6b1440cc7a8a47b8fd14c54b239

The following appenders are enabled by default:

log4cplus.appender.RootFileAppender=log4cplus::RollingFileAppender

log4cplus.appender.RootFileAppender.File=${AppDataPath}\EFT.log

# Each log file will grow up to 20MB in size

log4cplus.appender.RootFileAppender.MaxFileSize=20MB

# Once a log file reaches the maximum file size it will be renamed to a backup

# file. Up to 5 backup files will be kept.

log4cplus.appender.RootFileAppender.MaxBackupIndex=5

# The TTCCLayout outputs time, thread, logger, nested diagnostic context, and log line

log4cplus.appender.RootFileAppender.layout=log4cplus::TTCCLayout

High Availability Logging

This section of the logging.cfg is disabled (commented out) by default. Log HA activities to a separate file for debug diagnostics by enabling the following section of the file (at the bottom of the file):

#log4cplus.appender.HAAppender=log4cplus::RollingFileAppender

#log4cplus.appender.HAAppender.File=${AppDataPath}\EFT-HA.log

#log4cplus.appender.HAAppender.MaxFileSize=20MB

#log4cplus.appender.HAAppender.MaxBackupIndex=5

#log4cplus.appender.HAAppender.layout=log4cplus::TTCCLayout

#log4cplus.logger.Cluster=TRACE, HAAppender

#log4cplus.logger.Events.Clustered=TRACE, HAAppender