The following article will give you a technical guide on how to increase logging levels for dependencies related to the Shibboleth Identity Provider.
All Identity provider dependencies must be installed and in some kind of functioning state. This is important in identifying the issue itself as if the particular dependency you are altering the logging level is not starting or functioning there will not be any logging information whatsoever.
DetailsIf you are having any issues with the functioning of your IdP, the first indication of any present or intermittent issues should be available by increasing the verbosity of the logging and then inspecting the various log files for any inconsistencies.
Log levels that Apache recognises, from most important to least:
emerg: Emergency situations where the system is in an unusable state.
alert: Severe situation where action is needed promptly.
crit: Important problems that need to be addressed.
error: An Error has occurred. Something was unsuccessful.
warn: Something out of the ordinary happened, but not a cause for concern.
notice: Something normal, but worth noting has happened.
info: An informational message that might be nice to know.
debug: Debugging information that can be useful to pinpoint where a problem is occurring.
trace[1-8]: Tracing information of various levels of verbosity that produces a large amount of information.
When you specify a log level, you are not choosing to log the messages labeled in that category, you are choosing the least important level that you wish to log.
This means that any levels above the selected level are also logged. For example, if you choose the "warn" log level, messages tagged with warn, error, crit, alert, and emerg will all be logged.
To change the level of logging, simply edit the below file with the desire level of logging that you prefer.
sudo nano /etc/apache2/apache2.conf
. . .
. . .
Restart Apache and all changes should be updated.
tail -100f /var/log/apache2/access.log
Increase the verbosity of logging for your IdP, edit the file $SHIB_HOME/conf/logging.xml. At the very top of the file, change the lines as follows, so that the logging level is set to DEBUG,
which is the most verbose logging level.
<!-- Logs IdP, but not OpenSAML, messages -->
<logger name="edu.internet2.middleware.shibboleth" level="DEBUG"/>
<!-- Logs OpenSAML, but not IdP, messages -->
<logger name="org.opensaml" level="DEBUG"/>
<!-- Logs LDAP related messages -->
<logger name="edu.vt.middleware.ldap" level="DEBUG"/>
tail -100f $SHIB_HOME/logs/idp-process.log
To change the level of logging within Jetty simple edit the following files within the Jetty Configuration and restart the Jetty Service.
Changing log level in etc/jetty.xml
<Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
You can use etc/jetty-logging.xml to take all System.out and System.err output (from any source) and route it to a rolling log file. To do so, include etc/jetty-logging.xml on Jetty startup.
java -jar start.jar etc/jetty-logging.xml