Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Doc] kerberos debug instructions #15779

Merged
merged 7 commits into from
Jan 12, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions docs/static/troubleshoot/ts-kafka.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -163,4 +163,29 @@ https://github.com/logstash-plugins/logstash-input-kafka/issues/210
* If (and only if) upgrading is not possible, set `consumer_threads` to `1`.


[discrete]
[[ts-kafka-kerberos-debug]]
===== Setting up debugging for Kerberos SASL

You can set up your machine to help you troubleshoot authentication failures in the Kafka client.

* In `config/jvm.options`, add:
+
[source,txt]
-----
-Dsun.security.krb5.debug=true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching and fixing this, @kaisecheng :-D

-----

* In `config/log4j2.properties`, add:
+
[source,txt]
-----
logger.kafkainput.name = logstash.inputs.kafka
logger.kafkainput.level = debug
kaisecheng marked this conversation as resolved.
Show resolved Hide resolved
logger.kafkaoutput.name = logstash.outputs.kafka
logger.kafkaoutput.level = debug
logger.kafka.name = org.apache.kafka
logger.kafka.level = debug
-----

NOTE: Logging entries for Kerberos are NOT sent through Log4j but go directly to the console.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The heading implies that we're giving steps for debugging, but we're only helping the user set up debugging. Can we provide more information, even something as simple as reworking the note to say, "Go to the console to see your log entries"?

Another approach would be to change the heading to "Setting up debugging for Kerberos SASL" to set expectations for what's in the topic.