Troubleshooting
Problem
Resolving The Problem
IBM Security SOAR
You can configure IBM Security SOAR to output different logging levels to the client.log
- Create /crypt/logback-custom.xml (sudo vi /crypt/logback-custom.xml)
- Add content in line with the following examples depending on the problem that requires debugging
- Save /crypt/logback-custom.xml
- Set the permissions by running sudo chown root:co3 /crypt/logback-custom.xml
- Restart IBM Resilient by running sudo systemctl restart resilient.service
- Debug output is sent to /usr/share/co3/logs/client.log
<included> <logger name="<PACKAGE>" level="<LOGGING LEVEL>"> <appender-ref ref="Co3File" /> </logger> </included>
Output levels:
• FATAL
• ERROR
• WARN
• INFO
• DEBUG
• TRACE
The following are examples that you can use to enable debugging for specific problems.
SAML
Pre-v40
<included> <logger name="org.opensaml.saml2.binding.decoding" level="TRACE"> <appender-ref ref="Co3File"/></logger> </included>
v40 and later
<included> <logger name="com.co3.saml" level="DEBUG"> <appender-ref ref="Co3File" /> </logger> <logger name="org.opensaml.saml.saml2.binding.decoding" level="TRACE"> <appender-ref ref="Co3File"/> </logger> </included>
Threat Service
<included> <logger name="com.co3.threat" level="DEBUG"> <appender-ref ref="Co3File" /> </logger> </included>
<included> <logger name="org.apache.http.wire" level="DEBUG" additivity="false"> <appender-ref ref="Co3File" /> </logger> </included>
LDAP
<included> <logger name="com.co3.ldap" level="DEBUG"> <appender-ref ref="Co3File" /> </logger> </included>
Email notifications
<included> <logger name="com.co3.notifier" level="DEBUG"> <appender-ref ref="Co3File" /> </logger> </included>
Scheduling
<included> <logger name="com.co3.schedule" level="DEBUG"> <appender-ref ref="Co3File" /> </logger> </included>
IBM Security SOAR Messaging service
You can enable DEBUG logging for the Resilient Messaging to output to /var/log/resilient-messaging/resilient-messaging.log
- Create /crypt/resilient-messaging-custom.xml (sudo vi /crypt/resilient-messaging-custom.xml)
- Add the following content
- Save /crypt/resilient-messaging-custom.xml
- Restart IBM Resilient by running sudo systemctl restart resilient-messaging
- Debug output is sent to /var/log/resilient-messaging/resilient-messaging.log
<configuration>
<root level="DEBUG">
<appender-ref ref="ResilientMessagingFile" />
</root>
</configuration>
You can enable DEBUG logging for the Resilient inbound email engine to output to /var/log/resilient-email/resilient-email.log
(note: does not increase the scripting service logging)
- Create /crypt/resilient-email-custom.xml (sudo vi /crypt/resilient-email-custom.xml)
- Add the following content
<included> <logger name="com.resilient.email" level="DEBUG"> <appender-ref ref="ResilientEmailFile" /> </logger> </included> - Save /crypt/resilient-email-custom.xml
- Restart IBM Resilient by running sudo systemctl restart resilient-email
- Debug output is sent to /var/log/resilient-email.log
-
Remove resilient-email-custom.xml and restart the resilient-email service to restore default logging level (INFO)
IBM Security SOAR Scripting service
- Create /crypt/resilient-scripting-custom.xml (sudo vi /crypt/resilient-scripting-custom.xml)
- Add the following content
<included> <logger name="com.resilient.scripting" level="DEBUG"> <appender-ref ref="ResilientScriptingFile" /> </logger> </included> - Save /crypt/resilient-scripting-custom.xml
- Restart IBM Resilient by running sudo systemctl restart resilient-scripting
- Debug output is sent to /var/log/resilient-scripting.log
- Remove resilient-scripting-custom.xml and restart the resilient-scripting service to restore default logging level (INFO)
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
20 July 2021
UID
ibm11488891