The following article will give you a technical guide on how to increase logging levels for dependencies related to the Shibboleth Identity Provider.
All Identity provider dependencies must be installed and in some kind of functioning state. This is important in identifying the issue itself as if the particular dependency you are altering the logging level is not starting or functioning there will not be any logging information whatsoever.
DetailsIf you are having any issues with the functioning of your IdP, the first indication of any present or intermittent issues should be available by increasing the verbosity of the logging and then inspecting the various log files for any inconsistencies.
- Log levels that Apache recognises, from most important to least:
emerg: Emergency situations where the system is in an unusable state.
- alert: Severe situation where action is needed promptly.
- crit: Important problems that need to be addressed.
- error: An Error has occurred. Something was unsuccessful.
- warn: Something out of the ordinary happened, but not a cause for concern.
- notice: Something normal, but worth noting has happened.
- info: An informational message that might be nice to know.
- debug: Debugging information that can be useful to pinpoint where a problem is occurring.
- trace[1-8]: Tracing information of various levels of verbosity that produces a large amount of information.
To change the level of logging, simply edit the below file with the desire level of logging that you prefer.
sudo nano /etc/apache2/apache2.conf
. . .
. . .
Restart Apache and all changes should be updated.
tail -100f /var/log/apache2/access.log
The logback system defines 5 logging levels (TRACE, DEBUG, INFO, WARN, ERROR). As you progress from the highest level (ERROR) to the lowest level (TRACE) the amount of information logged increases (dramatically so on the DEBUG and TRACE levels). Each level also logs all messages of the levels above it. For example, INFO also logs WARN and ERROR messages.
Increase the verbosity of logging for your IdP, edit the file $SHIB_HOME/conf/logback.xml
At the very top of the file, change the lines as follows, so that the logging level is set to DEBUG, which is the most verbose logging level.
<!-- Logs IdP, but not OpenSAML, messages -->
<logger name="edu.internet2.middleware.shibboleth" level="DEBUG"/>
<!-- Logs OpenSAML, but not IdP, messages -->
<logger name="org.opensaml" level="DEBUG"/>
<!-- Logs LDAP related messages -->
<logger name="edu.vt.middleware.ldap" level="DEBUG"/>
tail -100f $SHIB_HOME/logs/idp-process.log
To change the level of logging within Jetty simple edit the following files within the Jetty Configuration and restart the Jetty Service.
Changing log level in etc/jetty.xml
<Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
You can use etc/jetty-logging.xml to take all System.out and System.err output (from any source) and route it to a rolling log file. To do so, include etc/jetty-logging.xml on Jetty startup.
java -jar start.jar etc/jetty-logging.xml