ElectricBrain | OpenSearch Logging

OpenSearch Logging

OpenSearch's documentation on logging is pretty good. But....

At a certain point the reader is confronted with the rather unhelpful advice:
"The easiest way to identify modules is not from the logs, which abbreviate the path (for example, o.o.i.r), but from the OpenSearch source code."

LOL - yeah right :-)

In a desperate attempt to debug the LDAP integration the advice was followed. Unfortunately this would-be integration expert was confronted with what seemed to be sea of code. After about an hour of staring into the abyss it was decided an alternative approach needed tobe followed.

Essentially the nuclear approach was taken. The file /usr/share/opensearch/config/log4j2.properties was finally modified temporarily to glean the identity of the correct module.

rootLogger.level = info

was changed to "debug". The documentation discourages this because lots and lots of stuff is blurted out. Nevertheless desperation calls for desperate means. Also in Docker under Portainer only the last 100 (by default) are retained, so managing the voluminous output seems doable for a short time. Then attempting the failing LDAP login produces the full name of the module which can be used in:

Caused by: org.opensearch.OpenSearchSecurityException: Jaques Dubois not found
	at org.opensearch.security.auth.internal.InternalAuthenticationBackend.authenticate(InternalAuthenticationBackend.java:98) ~[opensearch-security-1.2.4.0.jar:1.2.4.0]
	at org.opensearch.security.auth.BackendRegistry$9.call(BackendRegistry.java:674) ~[opensearch-security-1.2.4.0.jar:1.2.4.0]
	at org.opensearch.security.auth.BackendRegistry$9.call(BackendRegistry.java:668) ~[opensearch-security-1.2.4.0.jar:1.2.4.0]

Armed with a module name, the appropriate log level can be set and the global level returned to the original setting (of "INFO")

PUT /_cluster/settings
{
 "persistent" : {
    "logger.org.opensearch.security.auth" : "DEBUG"
 }
}

which yelds the result:

{
  "acknowledged" : true,
  "persistent" : {
    "logger" : {
      "org" : {
        "opensearch" : {
          "security" : {
            "auth" : "DEBUG"
          }
        }
      }
    }
  },
  "transient" : { }
}