Enable Debug Logging for LDAP Configuration
search cancel

Enable Debug Logging for LDAP Configuration

book

Article ID: 288015

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Instructions to enable debug logging for LDAP configurations

Environment

  • EDR Server: 7.7.0 and higher
  • LDAP

Resolution

    1. Make a copy of the coreservices-logger.conf 
      cp /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.orig
    2. Open the /etc/cb/coreservices-logger.conf file
    3. Append cb.auth and cb.flask.blueprints.api_routes_ldap to the list keys under [loggers] section:  
      [loggers]
keys=root, gunicorn.access, cb.auth, cb.flask.blueprints.api_routes_ldap
    4. Copy/paste the following snippet anywhere below with the other [logger_*] configurations:  
      [logger_cb.flask.blueprints.api_routes_ldap] 
level=DEBUG 
handlers=debug_syslog 
qualname=cb.flask.blueprints.api_routes_ldap 
propagate=1

[logger_cb.auth]
level=DEBUG
handlers=debug_syslog
propagate=0
qualname=cb.auth
    5. Save the file cb-coreservices will automatically re-read the logger configuration after a few minutes (no need to restart). Verify the change in /var/log/cb/coreservices/debug.log after swapping the debug level:  
      tail -f /var/log/cb/coreservices/debug.log
2017-02-28 09:04:36 [2420] <warning> cb.utils.cb_logging - Detected new logger config, '/etc/cb/coreservices-logger.conf'. reloading...
    6. Reproduce the authentication issue. Subsequent attempts to login via SSO/SAML (either IdP or SP initiated) will now be logged with increased verbosity.
    7. Restore the original file 
      mv /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.conf.sso ; mv /etc/cb/coreservices-logger.conf.orig /etc/cb/coreservices-logger.conf
Powered by Wolken Software