--- title: Debugging ACI issues for PingDirectory description: If the PingDirectory server doesn't behave as expected for its access control configuration, you can use the Debug ACI Logger to get detailed information about the server's access control decisions. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_security_guide:pd_sec_debug_aci_issues canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_debug_aci_issues.html revdate: September 13, 2023 --- # Debugging ACI issues for PingDirectory If the PingDirectory server doesn't behave as expected for its access control configuration, you can use the Debug ACI Logger to get detailed information about the server's access control decisions. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Do not enable this logger on a production server unless instructed to do so by Ping Identity Support. The server can write huge amounts of data to this file on a busy production server.Learn more in [Troubleshooting ACI evaluation for PingDirectory](../troubleshooting_the_pingdirectory_suite_of_products/pd_ds_troubleshoot_aci_eval.html). | To enable the Debug ACI Logger, run the following command: ``` $ bin/dsconfig set-log-publisher-prop \ --publisher-name "Debug ACI Logger" \ --set enabled:true ``` After you enable this logger, it records information about its access control decisions to the `logs/debug-aci` file.