Server logs

HYPR and underlying dependencies produce their own logs

The following table assumes that HYPR is installed in the /opt/hypr directory. If that's not the case, replace /opt/hypr with your <install dir>

HYPR

Debug

/opt/hypr/logs/ControlCenter.log

  • Fine grained application sever log driven by Java log4j logging framework
  • Includes trace Ids for co-relating log lines belonging to a request
  • Granularity and location can be customized via a custom log4j file
  • Recommended for lower level troubleshooting when the cause is not obvious from error codes

Example

Events

/opt/hypr/logs/ControlCenterEvents.log

  • Pre-defined, high level events indicating milestones in request processing are logged
  • Structured log containing data in key=value format. Format is supported by log aggregators such as Slunk and Datadog
  • Recommended for driving monitoring/analytics such as successful logins, failed logins, admin activity and such

Example

The key(s) in key=value pairs follow cameCase and are standardized. The most common keys are listed below.

Key

Description

isSuccessful

Flag indication the success/failure of this event

eventName

Pre-defined event name

rpAppId

Id of the application defined via ControlCenter

machineId

Id of the entity requesting authentication. Typically a website or a workstation

machineUserName

Handle to identify the user in the real world - example: corporate email, employee Id etc

deviceId

Id for the mobile device (90%) or another hardware device (Yubi key) which stores the private key/authenticator - does the authentication

traceId

Trace id of the request which can be cross referenced with the ControlCenter.log. This provides detailed logs for all processing related to this event

API response time

/opt/hypr/logs/api-access.log

  • Log of execution time for each http request processed
  • Log line is added for each http request processed
  • Can be used to graph request processing times on monitoring dashboards

Example

Customizing logging

  • HYRR services logging is controlled via the log4j2.xml file
  • Default configuration is embedded but can be externalized. The installer ships with the default log4j2.xml for convenience; CC/log4j2.xml
  • To take full control of the logging, you can override the packaged log4j2.xml with a custom config file. Pass the following parameter at the Java command line. This can be done by setting the CC_ADDITIONAL_STARTUP_PARAMS in the envOverrides.sh file
export CC_ADDITIONAL_STARTUP_PARAMS="--logging.config=file:/opt/hypr/CC/customLog4j2.xml"

Changing log location

Log file location can be changed by modifying the filename attribute in the log4j2.xml

<FileName>logs/ControlCenter.log</FileName>

Changing log file format

Format can be changed by modifying the PatternLayout attribute in the log4j2.xml
See supported layouts for more details

Nginx

/opt/hypr/nginx/nginx-1.16.1/logs/error.log
/opt/hypr/nginx/nginx-1.16.1/logs/access.log

Vault

/opt/hypr/vault/vault-0.10.3/logs/vault.log

  • Default Hashicorp Vault log. Contains high level info on Vault activity. Useful for troubleshooting
  • Verbosity of the log may be changed by setting the VAULT_LOG_LEVEL env variable in envOverrides.sh. Supported values are trace, debug, info, warn and err
  • Location may be changed by setting the VAULT_LOG_DIR env variable in envOverrides.sh
  • See https://learn.hashicorp.com/tutorials/vault/troubleshooting-vault#server-log-level for more info

Redis server

/opt/hypr/redis/redis-4.0.13/logs/redis.log

  • Contain info on startup/shutdown, configuration warnings and runtime errors
  • Verbosity of the log may be changed by setting loglevel in redis/redis-4.0.13/redis.[master | slave | sentinel].4013.conf. Supported values are debug, verbose, notice and warning
  • Location may be changed by setting the REDIS_LOG_DIR env variable in envOverrides.sh

Redis sentinel

/opt/hypr/redis/redis-4.0.13/logs/redis-sentinel.log

  • Contain info on the server being monitored by this sentinel, failover activity and runtime errors
  • Location may be changed by setting the REDIS_LOG_DIR env variable in envOverrides.sh

Updated about a month ago

Server logs


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.