Author: Kevin Price Last Update: Nov 03, 2006
By default, the Globus web services container logs only to the console and does not log DNs of successful authorizations. This document described how to enable logging to Syslog and logging of DNs.
All Globus logging goes through log4j, Apache's logging package. The behavior of logging for the container is controlled in the file $GLOBUS_LOCATION/container-log4j.properties.
Enabling logging of DNs is as simple as commenting out one line in the container-log4j.propreties file. In the default file, you will see the following:
Simply comment out the indicated line and DNs will be logged for every authorization.
To see a lot of information about what is going on in the Globus authorization system, you can enable debugging for that system. This can be accomplished by adding the following line to the container-log4j.propreties file.
Logging to Syslog with log4j involves adding another appender to log4j and enabling network logging in syslogd. (Unfortunately, log4j does not currently support a mechanism for non-network logging using Syslog.)
To add a Syslog appender, first edit the line:
So that it reads:
Then add the following lines to the configuration file after the A1 appender configuration:
In order to enable network logging in syslogd, you must make certain it is invoked with the -r option. This option will tell syslogd to accept logging messages from the network.
Under most systems, this configuration can be found in /etc/sysconfig/syslog or in /etc/conf.d/syslog. The exact location may vary based on your system.
As an added security measure, the syslogd network port can be firewalled to prevent people from logging remotely. Syslogd typically operates using port 514/udp. Exactly how to firewall this port depend on your machine.
Changes made to the log4j configuration do not take effect until the container is restarted. The restart procedure for your container may differ, but the standard restart procedure is: