Server Logs

HYPR and underlying dependencies produce their own logs

The following table assumes that HYPR is installed in the /opt/hypr directory. If that's not the case, replace /opt/hypr with your <install dir>




  • Fine grained application sever log driven by Java log4j logging framework
  • Includes trace Ids for co-relating log lines belonging to a request
  • Granularity and location can be customized via a custom log4j file
  • Recommended for lower level troubleshooting when the cause is not obvious from error codes





  • Pre-defined, high level events indicating milestones in request processing are logged
  • Structured log containing data in key=value format. Format is supported by log aggregators such as Slunk and Datadog
  • Recommended for driving monitoring/analytics such as successful logins, failed logins, admin activity and such



The key(s) in key=value pairs follow cameCase and are standardized. The most common keys are listed below.

isSuccessfulFlag indication the success/failure of this event
eventNamePre-defined event name
rpAppIdId of the application defined via ControlCenter
machineIdId of the entity requesting authentication. Typically a website or a workstation
machineUserNameHandle to identify the user in the real world - example: corporate email, employee Id etc
deviceIdId for the mobile device (90%) or another hardware device (Yubi key) which stores the private key/authenticator - does the authentication
traceIdTrace id of the request which can be cross referenced with the ControlCenter.log. This provides detailed logs for all processing related to this event

API response time


  • Log of execution time for each http request processed
  • Log line is added for each http request processed
  • Can be used to graph request processing times on monitoring dashboards



Customizing logging

  • HYRR services logging is controlled via the log4j2.xml file
  • Default configuration is embedded but can be externalized. The installer ships with the default log4j2.xml for convenience; CC/log4j2.xml
  • To take full control of the logging, you can override the packaged log4j2.xml with a custom config file. Pass the following parameter at the Java command line. This can be done by setting the CC_ADDITIONAL_STARTUP_PARAMS in the file
export CC_ADDITIONAL_STARTUP_PARAMS="--logging.config=file:/opt/hypr/CC/customLog4j2.xml"

Changing log location

Log file location can be changed by modifying the filename attribute in the log4j2.xml


Changing log file format

Format can be changed by modifying the PatternLayout attribute in the log4j2.xml
See supported layouts for more details





  • Default Hashicorp Vault log. Contains high level info on Vault activity. Useful for troubleshooting
  • Verbosity of the log may be changed by setting the VAULT_LOG_LEVEL env variable in Supported values are trace, debug, info, warn and err
  • Location may be changed by setting the VAULT_LOG_DIR env variable in
  • See for more info

Redis server


  • Contain info on startup/shutdown, configuration warnings and runtime errors
  • Verbosity of the log may be changed by setting loglevel in redis/redis-4.0.13/redis.[master | slave | sentinel].4013.conf. Supported values are debug, verbose, notice and warning
  • Location may be changed by setting the REDIS_LOG_DIR env variable in

Redis sentinel


  • Contain info on the server being monitored by this sentinel, failover activity and runtime errors
  • Location may be changed by setting the REDIS_LOG_DIR env variable in