Using the debug log publisher
To obtain more information for troubleshooting without a restart, use the server’s built-in debugging support.
About this task
This topic applies only to the PingDirectoryProxy server. |
To use the debug log publisher:
Steps
-
To enable the debug log publisher and set the debug target, run the following configuration changes:
-
Run
dsconfig
with thecreate-debug-target
option.Example:
dsconfig create-debug-target \ --publisher-name "File-Based Debug Logger" \ --target-name com.unboundid.directory.server.extensions.TLSConnectionSecurityProvider \ --set debug-level:verbose
-
Run
dsconfig
with theset-log-publisher-prop
option.Example:
dsconfig set-log-publisher-prop \ --publisher-name "File-Based Debug Logger" \ --set enabled:true
Result:
The
logs/debug
file captures a substantial amount of information about the TLS-related processing that the server is performing. Although this file doesn’t provide as much detail as the Java virtual machine’s (JVM) built-in debugging information, it might help to pinpoint the cause of the problem and to identify potential solutions.
-
-
To disable the debug log publisher and remove the debug target, run the following configuration changes:
-
Run
dsconfig
with theset-log-publisher-prop
option.Example:
dsconfig set-log-publisher-prop \ --publisher-name "File-Based Debug Logger" \ --set enabled:false
-
Run
dsconfig
with thedelete-debug-target
option.Example:
dsconfig delete-debug-target \ --publisher-name "File-Based Debug Logger" \ --target-name com.unboundid.directory.server.extensions.TLSConnectionSecurityProvider
To troubleshoot TLS communication with a non-Java client that does not offer its own TLS debugging mechanism, and if the server-side debugging support is insufficient, use a network protocol analyzer to capture the communication between the client and the server and to examine its content. The free, open-source Wireshark utility is a graphical tool that runs on a variety of platforms and provides support for understanding TLS communication. Even if you can’t decipher the encrypted content, you can view at least some of the handshake messages.
More of the handshake is encrypted in TLS 1.3 than in earlier versions of the protocol. Although this change improves security and privacy, it might interfere with troubleshooting attempts.
-