WAS v8.5 > Troubleshoot > Use sensitive log and trace guardMaintain sensitive log and trace guard lists
Sensitive log and trace guard uses lists that declare which loggers can potentially log or trace sensitive information, and the levels at which the sensitive information would be logged.
The application server has a private default list of sensitive loggers and their corresponding levels which it will block whenever the sensitive log and trace guard feature is enabled. The application server also provides a sensitive log and trace guard property file, and a sensitive log and trace guard API for declaring new logger restrictions if you discover other loggers which log or trace sensitive information.
If you attempt to add loggers to the list that have already been declared, the sensitive log and trace guard will use the more restrictive logger setting of the already declared and newly specified levels. For example, if the server is already configured to only allow logger com.xyz.myLogger to log at level FINE, and you attempt to declare the same logger should only be allowed to log at level FINEST, the server will ignore the update, but if you attempt to declare the same logger should only be allowed to log at level INFO, then the server will reconfigure the sensitive log and trace guard to use level INFO for that logger.
- To declare new logger restrictions using a properties file...
PROFILE/config/cells/cellname/ras.rawtracelist.properties
This file is in the cell-scoped configuration for each profile. If edited on the deployment manager the file is automatically synchronized with all nodes in the cell. If edited on a specific node, it will be replaced the next synchronization.
- To declare new logger restrictions programatically...
com.ibm.websphere.logging.RawTraceList API
We can...
- Add individual entries
- Add an array of entries using the PatternLevel object
- Pass in an input stream in the same format as the properties file
Reference:
Sensitive log and trace guard
Log level settings
Programming Interfaces (APIs)