We have updated our Terms of Service, Code of Conduct, and Addendum.

Anyone know where the the Auth logs for Cribl Stream/Edge are located?

Options
Gayathri Pandyaram
Gayathri Pandyaram Posts: 9 mod
edited September 2023 in General Discussions

Anyone know where the the Auth logs for cribl are? Can't seem to find them in my workers...

Best Answer

Answers

  • Brandon McCombs
    Brandon McCombs Posts: 150 mod
    Answer ✓
    Options

    For the ui? They are in the api logs.

  • Gayathri Pandyaram
    Options

    Ah, perfect, thanks Brandon.

  • Brandon McCombs
    Options

    If people are logging into the leader though then there won't be anything events on workers.

  • Gayathri Pandyaram
    Options

    My issue with the logs is that they're not very specific. "Authentication Provider Error" doesn't tell me where the failure is: 1. Host unreachable/not found 2. Bind user can't bind 3. LDAP user/group search path invalid Also, if there's secure ldap specified I would assume that you would see the `provider` key as `ldaps:hostname:port` , not `ldap:hostname:port`, but that's trivial

  • Gayathri Pandyaram
    Options

    Is there a way to increase the log fidelity to see that get logged?

  • Brandon McCombs
    Options

    turn on debug level logging for the auth-related channels on the appropriate node(s)

  • Brandon McCombs
    Options

    there is usually sufficient detail in the regular level logs. There can be multiple events generated so you may not be looking at the right one.

  • Gayathri Pandyaram
    Options

    Thanks Brandon, I'll try that. Much appreciated

  • Gayathri Pandyaram
    Options

    Not any more logs output at debug level, I turned on debug for `auth` and `localauth` and `LDAPMapper`, so maybe silly level?

  • Gayathri Pandyaram
    Options

    Actually Silly doesn't really reveal much either

  • Gayathri Pandyaram
    Options

    Yeah this is crazy, it shows nothing on the logs even when the log level is silly. I don't understand, I thought this was supposed to be the way to see why this was failing?

  • Brandon McCombs
    Options

    Log levels can't show what the Engineering team hasn't built. Silly log level isn't being used ubiquitously across the code base, for example. If you provide the errors you do see then maybe we can help, otherwise a support case is recommended.