-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Doc] kerberos debug instructions #15779
Changes from all commits
4705f39
7992eaa
3f1ad7b
bc56cb8
bab1004
ce9dc31
0a22870
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -163,4 +163,29 @@ https://github.com/logstash-plugins/logstash-input-kafka/issues/210 | |
* If (and only if) upgrading is not possible, set `consumer_threads` to `1`. | ||
|
||
|
||
[discrete] | ||
[[ts-kafka-kerberos-debug]] | ||
===== Setting up debugging for Kerberos SASL | ||
|
||
You can set up your machine to help you troubleshoot authentication failures in the Kafka client. | ||
|
||
* In `config/jvm.options`, add: | ||
+ | ||
[source,txt] | ||
----- | ||
-Dsun.security.krb5.debug=true | ||
----- | ||
|
||
* In `config/log4j2.properties`, add: | ||
+ | ||
[source,txt] | ||
----- | ||
logger.kafkainput.name = logstash.inputs.kafka | ||
logger.kafkainput.level = debug | ||
kaisecheng marked this conversation as resolved.
Show resolved
Hide resolved
|
||
logger.kafkaoutput.name = logstash.outputs.kafka | ||
logger.kafkaoutput.level = debug | ||
logger.kafka.name = org.apache.kafka | ||
logger.kafka.level = debug | ||
----- | ||
|
||
NOTE: Logging entries for Kerberos are NOT sent through Log4j but go directly to the console. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The heading implies that we're giving steps for debugging, but we're only helping the user set up debugging. Can we provide more information, even something as simple as reworking the note to say, "Go to the console to see your log entries"? Another approach would be to change the heading to "Setting up debugging for Kerberos SASL" to set expectations for what's in the topic. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for catching and fixing this, @kaisecheng :-D