Configure Logging for the Java Agent

By default, the Java AgentClosed The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. places its log files in the C:\CMS\logs directory on Windows and the /opt/keyfactor-java-agent/logs directory on Linux, generates logs at the Info logging level and stores seven 3 MB logs before deleting them (how long this will be will depend on the logging level and the volume of usage the Java Agent is receiving).

If you wish to change these defaults after the installation is complete on Windows:

  1. On the Java Agent machine where you wish to adjust logging, open a text editor (e.g. Notepad) using the “Run as administrator” option.
  2. In the text editor, browse to open the log4j2.xml file in the config directory under the directory in which you installed the Java Agent. By default, the file is located in the following directory:

    C:\Program Files\Keyfactor\Keyfactor Java Agent\config

  3. Your log4j2.xml file may have a slightly different layout than shown here, but it will contain the four fields highlighted in the below figure. The fields you may wish to edit are:
    fileName="C:\CMS\logs\CMS-Java.txt"

    The path and file name of the active Java Agent log file.

    Important:  If you choose to change the path for storage of the log files, you will need to create the new directory (e.g. D:\KeyfactorLogs) and grant the service account under which the Keyfactor Java Agent service is running full control permissions on this directory.
    size="3 MB"

    The maximum file size of each log file. After a log file reaches the maximum size, it is rotated to an archive file name and a new log file is generated.

    max="7"

    The number of archive files to retain before deletion.

    level="info"

    The level of log detail that should be generated. The default info level logs error and some informational data but at a minimal level to avoid generating large log files. For troubleshooting, it may be desirable to set the logging level to debug or trace. Available log levels (in order of increasing verbosity) are:

    • OFF – No logging
    • FATAL – Log severe errors that cause early termination
    • ERROR – Log severe errors and other runtime errors or unexpected conditions that may not cause early termination
    • WARN – Log errors and use of deprecated APIs, poor use of APIs, almost errors, and other runtime situations that are undesirable or unexpected but not necessarily wrong
    • INFO – Log all of the above plus runtime events (startup/shutdown)
    • DEBUG – Log all of the above plus detailed information on the flow through the system
    • TRACE – Maximum log information—this option can generate VERY large log files

    Figure 543: Configure Logging for Keyfactor Java Agent on Windows

If you wish to change these defaults after the installation is complete on Linux:

  1. On the Java Agent machine where you wish to adjust logging, open a command shell and change to the directory in which the Java Agent is installed. By default this is /opt/keyfactor-java-agent.
  2. In the command shell in the directory in which the Java Agent is installed, change to the config directory.
  3. Using a text editor, open the log4j2.xml file in the config directory. Your log4j2.xml file may have a slightly different layout than shown here, but it will contain the four fields highlighted in the below figure. The fields you may wish to edit are:
    fileName="/opt/keyfactor-java-agent/logs/CMS-Java.txt"

    The path and file name of the active Java Agent log file.

    Important:  If you choose to change the path for storage of the log files, you will need to create the new directory (e.g. /opt/javalogs) and grant the service account under which the Keyfactor Java Agent service is running full control permissions on this directory.
    size="3 MB"

    The maximum file size of each log file. After a log file reaches the maximum size, it is rotated to an archive file name and a new log file is generated.

    max="7"

    The number of archive files to retain before deletion.

    level="info"

    The level of log detail that should be generated. The default INFO level logs error and some informational data but at a minimal level to avoid generating large log files. For troubleshooting, it may be desirable to set the logging level to DEBUG or TRACE. Available log levels (in order of increasing verbosity) are:

    • OFF – No logging
    • FATAL – Log severe errors that cause early termination
    • ERROR – Log severe errors and other runtime errors or unexpected conditions that may not cause early termination
    • WARN – Log errors and use of deprecated APIs, poor use of APIs, almost errors, and other runtime situations that are undesirable or unexpected but not necessarily wrong
    • INFO – Log all of the above plus runtime events (startup/shutdown)
    • DEBUG – Log all of the above plus detailed information on the flow through the system
    • TRACE – Maximum log information—this option can generate VERY large log files
  4. Figure 544: Configure Logging for Keyfactor Java Agent on Linux