Enable Debug Logging for LDAP Configuration
search cancel

Enable Debug Logging for LDAP Configuration

book

Article ID: 288015

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Instructions to enable debug logging for LDAP configurations

Environment

  • EDR Server: 7.7.0 and higher
  • LDAP

Resolution

    1. Make a copy of the coreservices-logger.conf
      cp /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.orig
    2. Open the /etc/cb/coreservices-logger.conf file
    3. Append cb.auth and cb.flask.blueprints.api_routes_ldap to the list keys under [loggers] section: 
      [loggers]
      keys=root, gunicorn.access, cb.auth, cb.flask.blueprints.api_routes_ldap
    4. Copy/paste the following snippet anywhere below with the other [logger_*] configurations: 
      [logger_cb.flask.blueprints.api_routes_ldap] 
      level=DEBUG 
      handlers=debug_syslog 
      qualname=cb.flask.blueprints.api_routes_ldap 
      propagate=1
      
      [logger_cb.auth]
      level=DEBUG
      handlers=debug_syslog
      propagate=0
      qualname=cb.auth
    5. Save the file cb-coreservices will automatically re-read the logger configuration after a few minutes (no need to restart). Verify the change in /var/log/cb/coreservices/debug.log after swapping the debug level: 
      tail -f /var/log/cb/coreservices/debug.log
      2017-02-28 09:04:36 [2420] <warning> cb.utils.cb_logging - Detected new logger config, '/etc/cb/coreservices-logger.conf'. reloading...
    6. Reproduce the authentication issue. Subsequent attempts to login via SSO/SAML (either IdP or SP initiated) will now be logged with increased verbosity.
    7. Restore the original file
      mv /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.conf.sso ; mv /etc/cb/coreservices-logger.conf.orig /etc/cb/coreservices-logger.conf