Server Logs

HYPR and underlying dependencies produce their own logs

The following table assumes that HYPR is installed in the /opt/hypr directory. If that's not the case, replace /opt/hypr with your <install dir>

HYPR

Debug

/opt/hypr/logs/ControlCenter.log

  • Fine grained application sever log driven by Java log4j logging framework
  • Includes trace Ids for co-relating log lines belonging to a request
  • Granularity and location can be customized via a custom log4j file
  • Recommended for lower level troubleshooting when the cause is not obvious from error codes

Example

17321732

Events

/opt/hypr/logs/ControlCenterEvents.log

  • Pre-defined, high level events indicating milestones in request processing are logged
  • Structured log containing data in key=value format. Format is supported by log aggregators such as Slunk and Datadog
  • Recommended for driving monitoring/analytics such as successful logins, failed logins, admin activity and such

Example

16921692

The key(s) in key=value pairs follow cameCase and are standardized. The most common keys are listed below.

KeyDescription
isSuccessfulFlag indication the success/failure of this event
eventNamePre-defined event name
rpAppIdId of the application defined via ControlCenter
machineIdId of the entity requesting authentication. Typically a website or a workstation
machineUserNameHandle to identify the user in the real world - example: corporate email, employee Id etc
deviceIdId for the mobile device (90%) or another hardware device (Yubi key) which stores the private key/authenticator - does the authentication
traceIdTrace id of the request which can be cross referenced with the ControlCenter.log. This provides detailed logs for all processing related to this event

API response time

/opt/hypr/logs/api-access.log

  • Log of execution time for each http request processed
  • Log line is added for each http request processed
  • Can be used to graph request processing times on monitoring dashboards

Example

17221722

Customizing logging

  • HYRR services logging is controlled via the log4j2.xml file
  • Default configuration is embedded but can be externalized. The installer ships with the default log4j2.xml for convenience; CC/log4j2.xml
  • To take full control of the logging, you can override the packaged log4j2.xml with a custom config file. Pass the following parameter at the Java command line. This can be done by setting the CC_ADDITIONAL_STARTUP_PARAMS in the envOverrides.sh file
export CC_ADDITIONAL_STARTUP_PARAMS="--logging.config=file:/opt/hypr/CC/customLog4j2.xml"

Changing log location

Log file location can be changed by modifying the filename attribute in the log4j2.xml

<FileName>logs/ControlCenter.log</FileName>

Changing log file format

Format can be changed by modifying the PatternLayout attribute in the log4j2.xml
See supported layouts for more details

Nginx

/opt/hypr/nginx/nginx-1.16.1/logs/error.log
/opt/hypr/nginx/nginx-1.16.1/logs/access.log

Vault

/opt/hypr/vault/vault-0.10.3/logs/vault.log

  • Default Hashicorp Vault log. Contains high level info on Vault activity. Useful for troubleshooting
  • Verbosity of the log may be changed by setting the VAULT_LOG_LEVEL env variable in envOverrides.sh. Supported values are trace, debug, info, warn and err
  • Location may be changed by setting the VAULT_LOG_DIR env variable in envOverrides.sh
  • See https://learn.hashicorp.com/tutorials/vault/troubleshooting-vault#server-log-level for more info

Redis server

/opt/hypr/redis/redis-4.0.13/logs/redis.log

  • Contain info on startup/shutdown, configuration warnings and runtime errors
  • Verbosity of the log may be changed by setting loglevel in redis/redis-4.0.13/redis.[master | slave | sentinel].4013.conf. Supported values are debug, verbose, notice and warning
  • Location may be changed by setting the REDIS_LOG_DIR env variable in envOverrides.sh

Redis sentinel

/opt/hypr/redis/redis-4.0.13/logs/redis-sentinel.log

  • Contain info on the server being monitored by this sentinel, failover activity and runtime errors
  • Location may be changed by setting the REDIS_LOG_DIR env variable in envOverrides.sh