Skip to main content

Logging Configuration

A log directory is created under the installation directory to store all log files. Logs are rotated into 50 days' worth of gzipped dated archives.

Application Log

The last active application log is found at ./log/clm-server.log and archived logs are compressed with name pattern of clm-server-yyyy-MM-dd.log.gz. The application log can be customized in the logging section of the config.yml file.

IQ Server 1.43 and newer uses Dropwizard 1.3.x logging configuration.

IQ Server 1.42 and older uses Dropwizard 0.6.2 configuration.

Request Log

The last active request log is found at ./log/request.log and archived logs are compressed with the name pattern of request-yyyy-MM-dd.log.gz. The request log can be customized in the requestLog section of the config.yml file.

IQ Server 1.43 and newer uses Dropwizard 1.3.x requestLog configuration.

IQ Server 1.42 and older uses Dropwizard 0.6.2 configuration.

Request Log Line Formats

As of IQ Server 1.43, the request log line format is configurable using patterns defined by the Logback Access PatternLayout class.

The Sonatype preferred format renders timestamps with the same timezone as the application log to ease comprehension during comparison.

Preferred request.log line format

logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\""

Concise config.yml example of specifying request.log line format

server:
  requestLog:
     appenders:
       - type: file
         logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\""
         currentLogFilename: ./log/request.log
         archivedLogFilenamePattern: ./log/request-%d.log.gz
         archivedFileCount: 50

Default request.log line format if unspecified

logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\""

IQ Server 1.43 and 1.44 default request.log line format if unspecified Expand source

logFormat: "%clientHost %l %user [%t{dd/MMM/yyyy:HH:mm:ss Z,UTC}] \"%requestURL\" %statusCode %bytesSent \"%header{Referer}\" \"%header{User-Agent}\" %elapsedTime"

IQ Server 1.42 and earlier request.log line format with a simulated dispatch time

# specifying log format only works in version 1.43 or newer
# this example is intended for matching closely what previous versions rendered
logFormat: "%clientHost %l %user [%t{dd/MMM/yyyy:HH:mm:ss Z,UTC}] \"%requestURL\" %statusCode %bytesSent %elapsedTime %elapsedTime"

Example: Inspecting Reverse Proxy Authentication Headers

Reverse Proxy Authentication requires a header to be sent to IQ server that specifies a user id.

Verify that the configured usernameHeader name is being sent with the correct value with every inbound request by including the configured header name in the logFormat value:

Example logFormat value printing the configured usernameHeader value

logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\" %header{REMOTE_USER}"

Example: Inspecting Reverse Proxy HTTPS Headers

When fronted by a reverse proxy terminating TLS connections, reverse proxies must send special x-forwarded header(s) to IQ Server for requests to work properly.

Verify that related x-forwarded headers are being sent with the expected values by editing the logFormat pattern value:

Example logFormat value printing x-forwarded headers

logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\" %header{host} %header{x-forwarded} %header{x-forwarded-host} %header{x-forwarded-proto}"

Audit Log

Audit logging is available starting with IQ Server release 52 and is unique compared to application and request logging in thateach line or entry is a JSON object. This allows for easy line-by-line parsing by external tools for inspection, analysis, and extraction of desired data.

By default, audit events are logged to their own file and are not appended to the application log. The last active audit log is found at ./log/audit.log and archived audit logs are compressed with the name pattern of audit-yyyy-MM-dd.log.gz. Audit logging can be customized in the logging section of your config.yml file beneath the base audit logger com.sonatype.insight.audit .

Note

Audit logging only occurs at the INFO level. Thus setting an audit logger level to ALL, TRACE, or DEBUG has no effect, and setting it to WARN, ERROR or OFF will disable it.

Policy Violation Log

Policy violation logging is available starting with IQ Serverrelease 60. Like the audit log, each line or entry is a JSON object. This allows for easy line-by-line parsing by external tools for inspection, analysis, and extraction of desired data.

By default, policy violation logging is disabled. It can be enabled and customized in the logging section of your config.yml file beneath the policy violation logger com.sonatype.insight.policy.violation. Policy violation events are logged independently and are not appended to the application log.

Note

Policy violation logging only occurs at the INFO level. Thus setting the policy violation logger level to ALL, TRACE, or DEBUG has no effect, and setting it to WARN, ERROR or OFF will disable it.

Using the following suggested configuration

Suggested policy violation logger configuration

logging:
  loggers:
    "com.sonatype.insight.policy.violation":
      appenders:
        - type: file
          # The file to which policy violations will be logged.
          currentLogFilename: ./log/policy-violation.log
          # When the policy violation log file rotates, the archived policy violation log will be renamed to this
          # and gzipped. The %d is replaced with the previous day (yyyy-MM-dd). Custom rolling windows can be created
          # by passing a SimpleDateFormat-compatible format as an argument: "%d{yyyy-MM-dd-hh}".
          #
          # If archive is true, this must be specified.
          archivedLogFilenamePattern: ./log/policy-violation-%d.log.gz
          # The number of archived policy violation log files to keep.
          archivedFileCount: 50

The last active policy violation log is found at ./log/policy-violation.log and archived policy violation logs are compressed with the name pattern of policy-violation-yyyy-MM-dd.log.gz.