Increase log verbosity

Graylog Central (peer support)
1

Hello,

Is-it possible to increase log verbosity to troubleshoot LDAP authentication ?

Currently the LDAP is working when Graylog is connected directly to the LDAP server.
But if Graylog is connected to the HAPROXY which has LDAP servers in their backends it does not work.

Thanks.

2

Hello,
Are you refering to something like this?

image
image1862×591 50.8 KB

3
  1. Go to web interface System - Logging and change log level from info to debug, in desired sections:
  • Graylog
  • Sockets
  • Indexer
  • Authentication (in case of LDAP)

  1. Then check normal graylog logs file:
    sudo tail -f /var/log/graylog-server/server.log

  2. Revert back if not needed anymore.

4

I changed the authentication verbosity to TRACE. However when I check my LDAP connection with the button “Test server connection”, I don’t see anything in TRACE level in the log file.

The only thing I have is:

2021-05-06T12:16:57.728+02:00 ERROR [LdapNetworkConnection] Bind failed : timeout occurred
2021-05-06T12:16:57.731+02:00 ERROR [LdapNetworkConnection] The response queue has been emptied, no response was found.
org.apache.directory.api.ldap.model.exception.LdapException: TimeOut occurred
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1306) [graylog.jar:?]
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1145) [graylog.jar:?]
at org.graylog2.security.ldap.LdapConnector.connect(LdapConnector.java:142) [graylog.jar:?]
at org.graylog2.security.ldap.LdapConnector.connect(LdapConnector.java:103) [graylog.jar:?]
at org.graylog2.rest.resources.system.ldap.LdapResource.testLdapConfiguration(LdapResource.java:133) [graylog.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?]
at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?]
at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) [graylog.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at java.lang.Thread.run(Unknown Source) [?:?]

5

Probably LDAP server connection is not working, due to timeout. How did you configure graylog LDAP settings and haproxy?

6

Test telnet on port 636 from the graylog server: OK

Config LDAP in Graylog:

Server Type: LDAP
Server Address ldaps://directory.xxxxxx.xx 636
Options: SSL + Allow self-signed certificates
System Username cm=xxx,ou=xxx,dc=xxx,dc=com

Config haproxy:

frontend front-ldap
bind 0.0.0.0:636 ssl crt /etc/ssl/private/xxxxxx.pem no-sslv3
mode tcp
maxconn 1000
log global
timeout client 3000s
option tcplog
option dontlognull
default_backend bck-ldap

backend bck-ldap
server xxx xx.xx.xx.xx:636 check inter 30s rise 2 fall 3 fastinter 1s ssl ca-file /etc/ssl/certs/xxxxxx.crt
server xxx xx.xx.xx.xx:636 check inter 30s rise 2 fall 3 fastinter 1s ssl ca-file /etc/ssl/certs/xxxxxx.crt
balance static-rr
mode tcp
fullconn 100
option ldap-check
timeout server 50s
timeout connect 10s

7

Which graylog version do you use?

8

I am using the version 3.3.12-1.

9

Try to use ldapsearch if it works from graylog box:

LDAPTLS_REQCERT=never ldapsearch -H "ldaps://dc.example.com:636" -x -W -D "user@example.com" -b "dc=example,dc=com" "(&(objectCategory=person)(objectClass=user))"
10 
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (&(objectCategory=person)(objectClass=user))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.