16-20 Oracle Fusion Middleware Security and Administrators Guide for Web Services Using Message Logs for Web Services Message logs enable you to access the contents of the SOAP message requests and responses for ADF and WebCenter Web services and clients. Messages logs are stored in a log file separate from the diagnostic messages, by default. The following sections describe how to view and manage message log files: ■ Configuring Message Logs ■ Viewing Message Logs ■ Filtering Message Logs Configuring Message Logs You configure message logs for a Web service or client in one of the following ways: ■ Attach a policy that contains a logging assertion to the Web service or client. There is one predefined logging assertion template: oraclesecurity_log_template, described in oraclesecurity_log_template on page C-95. This template is configured to log the entire SOAP message for the Web service request and response. By default, all predefined Web service security policies use this logging assertion to capture the entire SOAP message before and after the primary security assertion is executed. By default, the log assertion is not enforced. You must enable it in order for the SOAP message to be logged in message logs, as described in Enabling or Disabling Assertions Within a Policy on page 7-25. It is recommended that the logging assertion be enabled for debugging and auditing purposes only. ■ Attach the oraclelog_policy policy to the Web service or client. For more information, see oraclelog_policy on page B-30. ■ Create your own logging policy or assertion template to further refine the elements of the SOAP message that are logged for the Web service request and response. For example, you may wish to view only the SOAP body of the request message. To create a new policy, following the procedure described in Creating Web Service Policies on page 7-4. You may wish to create a copy of the oraclesecurity_log_ template assertion template and configure it for use in the new policy. For more information about creating a new assertion template, see Creating an Assertion Template on page 7-9. Table 16–1 Startup Properties for Logging Oracle WSM Debug Messages Startup Property Description -Dxml.debug.verify=true Logs the sequence of bytes produced during a signature verification failure. Verification errors are output to stderr and the diagnostic log file when the log level is set to at least ERROR. -Dxml.debug.digest=true Verifies that the sequence of bytes produced during signature generation canonicalization and signature verification match. Verification errors are output to stderr and the diagnostic log file when the log level is set to at least FINE. -Dxml.debug.decrypt Logs the sequence of bytes produced following a decryption failure before XML parsing. Verification errors are output to stderr and the diagnostic log file.