From 081d8fc15cc31d8956c4310955e7700059f05428 Mon Sep 17 00:00:00 2001 From: kaisecheng <69120390+kaisecheng@users.noreply.github.com> Date: Fri, 12 Jan 2024 13:11:12 +0000 Subject: [PATCH] [Doc] kerberos debug instructions (#15779) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: João Duarte Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com> --- docs/static/troubleshoot/ts-kafka.asciidoc | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/static/troubleshoot/ts-kafka.asciidoc b/docs/static/troubleshoot/ts-kafka.asciidoc index e5b4fa3d389..e8c2007be1d 100644 --- a/docs/static/troubleshoot/ts-kafka.asciidoc +++ b/docs/static/troubleshoot/ts-kafka.asciidoc @@ -163,4 +163,29 @@ https://github.com/logstash-plugins/logstash-input-kafka/issues/210 * If (and only if) upgrading is not possible, set `consumer_threads` to `1`. +[discrete] +[[ts-kafka-kerberos-debug]] +===== Setting up debugging for Kerberos SASL + +You can set up your machine to help you troubleshoot authentication failures in the Kafka client. + +* In `config/jvm.options`, add: ++ +[source,txt] +----- +-Dsun.security.krb5.debug=true +----- + +* In `config/log4j2.properties`, add: ++ +[source,txt] +----- +logger.kafkainput.name = logstash.inputs.kafka +logger.kafkainput.level = debug +logger.kafkaoutput.name = logstash.outputs.kafka +logger.kafkaoutput.level = debug +logger.kafka.name = org.apache.kafka +logger.kafka.level = debug +----- +NOTE: Logging entries for Kerberos are NOT sent through Log4j but go directly to the console.