Setting up debug logging

You can change the default setting that IBM Security Guardium Key Lifecycle Manager uses to collect debug information. Debug log files provide additional information to analyze and troubleshoot IBM Security Guardium Key Lifecycle Manager problems.

About this task

Your role must have the permission to the configure action.

Enabling debug logging
Note: Enabling debug logging might affect IBM Security Guardium Key Lifecycle Manager performance. Enable this option only under the guidance of your IBM® support representative.

For instructions, see To enable debug logging.

Modifying debug file size or number

You can change the default size of a debug file and the number of debug files that can be created.

For instructions, see To modify debug file size or number.

Disabling debug logging

Disable the debug logging as soon as the need for debug logs are no longer needed.

For instructions, see To disable debug logging.

Procedure

  • To enable debug logging
    • By graphical user interface
      1. Log on to the graphical user interface.
      2. Click IBM Security Guardium Key Lifecycle Manager > Configuration > Audit and Debug.
      3. To log debug information about all events, select the Enable debug check box.
        Note: By default, the Enable debug check box is clear. In this case, only debug information about system health issues that are critical are logged, which corresponds to the following property value in the SKLMConfig.properties file:
        debug=severe
      4. Click OK.
    • By REST interface
      1. Open a REST client.
      2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      3. To enable debug logging, specify a new value for the debug property. Send the following HTTP request:
        PUT https://localhost:port/SKLM/rest/v1/configProperties
        { "debug": "all"}
        Sample response:
        [{"property":"debug","status":"CTGKM0606I Update successful, change will take effect immediately"}]
  • To modify debug file size or number
    1. Go to SKLM_DATA/config directory and open the log4j2.xml file for editing.
    2. Change the relevant attribute values:
      For example:
      <Policies>
      <SizeBasedTriggeringPolicy size="150MB"/>
      </Policies>
      <DefaultRolloverStrategy max="120"/>
    3. Save and close the file.
    4. Restart the IBM Security Guardium Key Lifecycle Manager server.
  • To disable debug logging
    • Using graphical user interface
      1. Log on to the graphical user interface.
      2. Click IBM Security Guardium Key Lifecycle Manager > Configuration > Audit and Debug.
      3. To disable debug logging, clear the Enable debug check box.
        Note: Even if you disable debug logging, debug information about system health issues that are critical are logged, which corresponds to the following property value in the SKLMConfig.properties file:
        debug=severe
      4. Click OK.
      Table 1. Topic change log
      Date Change description
      28 Sept 2021 Corrected the disabling debug logging section.
      10 Sept 2021 Initial version.