Enable Debug Logs

Enable Debug and Trace Logs

It is possible to troubleshoot Choreo Connect using debug logs and trace logs. Debug logs can be enabled in all three components and access logs can be enabled at the Router and Enforcer to trace requests from the Router to the Enforcer. The following sections will guide you through how to enable debug and access logs in each component.


Set the log level as DEBG in the log_config.toml as described in Adapter log configurations to enable debug logs in the Adapter.

If you need debug logs to be only enabled in package level, set the log level as DEBG only in the relavant package level configuration.


Configure log4j2.properties file and make the value of rootLogger.level as DEBUG will enable debug logs as well as access logs in enforcer. Refer enforcer log configurations for more details.


If you want to enable debug logs and access logs seperately, you need to define a new logger. For more information refer to Configuring Log4j2 Loggers.

The access log format will be as follows. It will print the server time, trace Id from Envoy, gRPC service method, gRPC status code, and response time according to the above configuration.

[2022-04-03 18:29:45,032] - [id: 0xe5e8976f, L:/ - R:/] INBOUND HEADERS: streamId=5 headers=GrpcHttp2RequestHeaders[:path: /envoy.service.auth.v3.Authorization/Check, :authority: ext-authz, :method: POST, :scheme: http, te: trailers, grpc-timeout: 20000m, content-type: application/grpc, x-envoy-internal: true, x-forwarded-for:, x-envoy-expected-rq-timeout-ms: 20000] padding=0 endStream=false


Perform the relavant configurations in the log_config.toml according to the instructions given in Router Access Logging.

In order to enable debug logs, follow the instructions provided in Router Debug Logs.

Admin portal

The admin interface can be used to view statistics, envoy configurations, etc. For more information, please follow Envoy admin interface Configure host and port for the envoy admin interface and expose it.


This endpoint is not protected with authentication, hence ensure to restrict access to this address in your network infrastructure.

For example, provide following to the docker-compose.yaml in the directory <CHOREO-CONNECT_HOME>/docker-compose/<choreo-connect>/.

      - ROUTER_ADMIN_PORT=9000
      - "9000:9000"