Anyone know where the the Auth logs for Cribl Stream/Edge are located?
Anyone know where the the Auth logs for cribl are? Can't seem to find them in my workers...
Best Answer
-
For the ui? They are in the api logs.
0
Answers
-
For the ui? They are in the api logs.
0 -
Ah, perfect, thanks Brandon.
0 -
If people are logging into the leader though then there won't be anything events on workers.
0 -
My issue with the logs is that they're not very specific. "Authentication Provider Error" doesn't tell me where the failure is: 1. Host unreachable/not found 2. Bind user can't bind 3. LDAP user/group search path invalid Also, if there's secure ldap specified I would assume that you would see the `provider` key as `ldaps:hostname:port` , not `ldap:hostname:port`, but that's trivial
0 -
Is there a way to increase the log fidelity to see that get logged?
0 -
turn on debug level logging for the auth-related channels on the appropriate node(s)
0 -
there is usually sufficient detail in the regular level logs. There can be multiple events generated so you may not be looking at the right one.
0 -
Thanks Brandon, I'll try that. Much appreciated
0 -
Not any more logs output at debug level, I turned on debug for `auth` and `localauth` and `LDAPMapper`, so maybe silly level?
0 -
Actually Silly doesn't really reveal much either
0 -
Yeah this is crazy, it shows nothing on the logs even when the log level is silly. I don't understand, I thought this was supposed to be the way to see why this was failing?
0 -
Log levels can't show what the Engineering team hasn't built. Silly log level isn't being used ubiquitously across the code base, for example. If you provide the errors you do see then maybe we can help, otherwise a support case is recommended.
0