Get instant help with our new Documentation AI Assistant. Select the Redwood logo in the bottom right to begin.

Setting logging preferences

MFT Server logs all User activity to a log (text) file, a JDBC accessible database, or the system database. You choose where to log the data based on your preference. This is configured in the [Domain] > AUDIT > Logging module. Additionally, you can log the same User activity to a Syslog or Extension (Splunk) service. Each option is described below.

System Database Log

Related topic: Restoring a Database Log

File Log

For on-prem environments only

Log to file — This option logs all server activity to a file in the specified directory. The default directory is MFT Server installation/logs/domain,where multiple domain directories may exist if multiple domains have been created.

Note: The default directory is identified (in part) using built-in variables, which are enclosed in percent signs.

clip0012

Directory — Identifies where the log files are stored.

File rotation — Identifies the frequency to rotate log files.

Database Log

Log to database — Logs all server activity to a JDBC-accessible database. When selected, you can opt to let the system create the database for you, or you can create the database and the necessary tables on your database server.

If you wish to create the database yourself, example database schema for MySQL, Microsoft SQL Server, Oracle and PostgreSQL is provided in etc/mysql-log.sql, etc/mssql-log.sql, etc/oracle-log.sql, and etc/postgresql-log.sql respectively. The etc directory is a subdirectory of the MFT Server installation directory.

Note: JSCAPE SaaS does not support using an Oracle database.

Libraries for JDBC drivers must be placed in the libs/jdbc directory of your MFT Server installation, and the MFT Server Service must be restarted for the database to be accessible to MFT Server.

Alternatively, you can populate the required database fields and then click Create DB. The system creates the database for you.

clip0063

JDBC URL — Identifies the JDBC URL used to connect to the database. The above image depicts a MySQL database connection. Contact your database vendor for access to JDBC libraries and assistance in specifying the JDBC URL.

Username — Identifies the user name to connect with when authenticating the database.

Password — Identifies the password to connect with when authenticating with the database.

Pool — Identifies the maximum number of connections in the database pool.

Pool timeout — Identifies the maximum amount of time (in minutes) that the database connection can live in the pool without activity.

Clear records older than [x] days — If selected, MFT Server will clear records in the database logs when their age exceeds x number of days

Test Parameters — Tests the database connection using the specified settings.

Create DB — When clicked, the system will create the logging database for you based on the fields you entered.

System Database Log

Log to - system database. This option logs all server activity to the MFT Server system database. This means the system database and the user activity (for all domains) are stored in the same database. This option is not supported if you use the embedded (H2) database bundled with MFT Server.

Syslog

For on-prem environments only

This option logs all activity to a Syslog daemon in addition to your existing file log or database. You must have an existing Syslog daemon running to use the Syslog option. This may be a local or remote Syslog daemon.

Note: Syslog is a standard protocol used for logging system messages. It allows different devices and software applications to send log messages to a centralized server, making monitoring and managing system activities easier.

Enable Syslog — When selected, MFT Server sends domain-level logs to a Syslog service.

SERVER

Host -— Identifies the IP address of the Syslog daemon.

Port — Identifies the port of the Syslog daemon. When Enable SSL/TLS over TCP is selected, the default port is 6514. When Enable SSL/TLS over TCP is not selected, the default port is 514.

Enable SSL/TLS over TCP — When selected, the data is transferred using SSL/TLS over TCP.

Note: TLS must be enabled on the Syslog server, and a server certificate must be generated for this feature to work. For example, using Syslog Watcher Manager, navigate to Configure and click Add TLS Interface. Keep the default port of 6514. You have the option to generate a self-signed certificate using Syslog Watcher Manager. Alternatively, you can obtain a certificate from a Certificate Authority (CA). It depends on your specific needs and security requirements.

Client Key — Identifies the Syslog server certificate. Import the previously created certificate by selecting Keys > Client Keys > Import > Import File. Enter a Key alias name, then enter the certificate file name.

MESSAGE

Facility — Identifies the Syslog facility to use.

Process name — Identifies the process name tag to apply to all log messages sent to the Syslog daemon.

Output format — Identifies the format, which is Legacy or raw. This field determines how the data will look when sent to the Syslog daemon. The legacy format is how the data was originally formatted, whereas raw is newer and uses a different format.

Extensions

For on-prem environments only

Log to Splunk HTTP Event Collector - If selected, this option logs all domain logging activity to a Splunk HTTP Event Collector (HEC). To use this option, you must have a Splunk HEC installation. This option works in addition to your existing log settings configured within [Domain] > AUDIT > Logging > Service and [Domain] > AUDIT > Logging > Syslog (if enabled).

clip0402

Log to — Splunk HTTP Event Collector. When selected, MFT server streams domain-level logging data to a Splunk deployment.

Host — Identifies the IP or hostname of the Splunk Enterprise or Splunk Cloud Platform server.

Port — Identifies the port of the Splunk deployment. The default is 8088.

Timeout — Identifies the connection timeout, in seconds. The default is 30.

Access token — Identifies the token used by MFT Server to authenticate the connection to Splunk HEC. Your Splunk administrator or a designated token administrator should generate and provide you with a valid token.

Source — Identifies the source value to assign to the event data. This typically identifies the application from which the data is coming (e.g., MFT Server).

Source Type — Identifies the source type value to assign to the event data. This typically identifies the type of data coming from the source. (e.g., Domain logs).

Use SSL Connection — If selected, an SSL connection is used to connect to the Splunk deployment.

Index — Identifies the name of the Splunk index.

Test Parameters — When clicked, this tests the connection from the MFT Server to the Splunk deployment.

Note: If a failure occurs in logging the data to the Splunk HEC, you can be alerted about this condition using a Trigger with an Event type of Log Extension Failure.

Settings

Max buffer size — Identifies the maximum number of records stored in the buffer.

clip0065

Restoring a Database Log

If the database server cannot be contacted, logging data is directed to a temporary file located in the backup directory of your MFT Server installation. To move the contents of this temporary log file to your database, use the js-backuplog command and provide the domain name you wish to restore. The js-backuplog executable is located in your MFT Server installation directory.

Example

js-backuplog -domain localhost

The above command moves the contents of the temporary log file for the domain named localhost to the log database assigned to this domain.

Spotted a typo or can’t find help on a certain subject? Reach out to the Documentation team at docsupport@redwood.com.

Home | Company | Products | Solutions | Purchase | Support | Services | Blog

© 2025 Redwood Software, Inc.