Enable Debug Logs
Enable Debug and Trace Logs¶
It is possible to troubleshoot Choreo Connect using debug logs and trace logs. Debug logs can be enabled in all three components and access logs can be enabled at the Router and Enforcer to trace requests from the Router to the Enforcer. The following sections will guide you through how to enable debug and access logs in each component.
Set the log level as
DEBG in the
log_config.toml as described in Adapter log configurations to enable debug logs in the Adapter.
If you need debug logs to be only enabled in package level, set the log level as
DEBG only in the relavant package level configuration.
log4j2.properties file and make the value of
DEBUG will enable debug logs as well as access logs in enforcer. Refer enforcer log configurations for more details.
If you want to enable debug logs and access logs seperately, you need to define a new logger. For more information refer to Configuring Log4j2 Loggers.
The access log format will be as follows. It will print the server time, trace Id from Envoy, gRPC service method, gRPC status code, and response time according to the above configuration.
[2022-04-03 18:29:45,032] - [id: 0xe5e8976f, L:/172.20.0.4:8081 - R:/172.20.0.5:48158] INBOUND HEADERS: streamId=5 headers=GrpcHttp2RequestHeaders[:path: /envoy.service.auth.v3.Authorization/Check, :authority: ext-authz, :method: POST, :scheme: http, te: trailers, grpc-timeout: 20000m, content-type: application/grpc, x-envoy-internal: true, x-forwarded-for: 172.20.0.5, x-envoy-expected-rq-timeout-ms: 20000] padding=0 endStream=false
Perform the relavant configurations in the
log_config.toml according to the instructions given in Router Access Logging.
In order to enable debug logs, follow the instructions provided in Router Debug Logs.
To enable wire logs, follow the instructions provided in Router Wire Logs.
The admin interface can be used to view statistics, envoy configurations, etc. For more information, please follow Envoy admin interface Configure host and port for the envoy admin interface and expose it.
This endpoint is not protected with authentication, hence ensure to restrict access to this address in your network infrastructure.
For example, provide following to the docker-compose.yaml in the directory
router: environment: - ROUTER_ADMIN_HOST=0.0.0.0 - ROUTER_ADMIN_PORT=9000 ports: - "9000:9000"