How to enable debugging for "tonicd" in Security Analytics ?
Enable ‘debug’ in syslog-ng, and change “log_threshold” to 10 in /etc/tonic.d/tonic.conf
The logging in tonic is much more fine grained. Instead of just a ‘be quiet’ and ‘be super noisy’ setting, there are several levels that can be set. The “log_threshold” setting in /etc/tonic.d/tonic.conf is the global setting for tonic logging. A log_threshold of 6 will log all messages of priority INFO and higher (warning, error, critical). A log_threshold of 10 will include DEBUG level messages. All logging goes to syslog.
The file /var/run/tonic/info/dmesg contains startup messages not found in syslog, since the logging plugin has not been loaded at that time. If something unexpected is observed missing from tonic, check the dmesg file first to see if something failed to load or connect.
The /var/run/tonic/info directory also tracks various statistics and can be used for troubleshooting.