Description
This article describes how to use nacdebug logger types. Debug logger commands are used for listing loggers and setting their log levels.
Scope
FortiNAC v9.x.
Solution
Any specific logger can be enabled in the desired level with the following command:
nacdebug -logger org.apache.sshd -level xxxx
Valid log levels include:
To check all the available loggers and their status:
nacdebug -loggers
To disable the logger:
nacdebug -logger org.apache.sshd
For example:
nacdebug -logger org.apache.sshd -level FINEST
output.master logs example:
org.apache.sshd.client.SshClient FINEST :: 2023-05-07 17:10:30:729 :: #884 :: addSessionListener(SshClient[64a7e2be])[org.apache.sshd.common.session.helpers.SessionTimeoutListener@1136e0eb] registered
org.apache.sshd.common.util.threads.SshdThreadFactory FINEST :: 2023-05-07 17:10:30:729 :: #884 :: newThread(java.lang.ThreadGroup[name=ORB ThreadGroup 0,maxpri=10])[sshd-SshClient[64a7e2be]-timer-thread-1] runnable=java.util.concurrent.ThreadPoolExecutor$Worker@25254f50[State = -1, empty queue]
org.apache.sshd.common.io.nio2.Nio2Connector FINEST :: 2023-05-07 17:10:30:729 :: #884 :: Creating Nio2Connector
org.apache.sshd.client.config.hosts.DefaultConfigFileHostEntryResolver FINE :: 2023-05-07 17:10:30:730 :: #884 :: resolveEffectiveHost(fortinac@10.0.0.1:22) => null
org.apache.sshd.client.SshClient FINE :: 2023-05-07 17:10:30:730 :: #884 :: connect(fortinac@10.0.0.1:22) no overrides
org.apache.sshd.common.io.nio2.Nio2Connector FINE :: 2023-05-07 17:10:30:730 :: #884 :: Connecting to /10.0.0.1:22
org.apache.sshd.common.io.nio2.Nio2Connector FINE :: 2023-05-07 17:10:30:730 :: #884 :: setOption(SO_REUSEADDR)[true] from property=socket-reuseaddr
There are loggers for master and nessus, meaning the appropriate log file should be checked.
Restarting the VM will restore these values to default:
nacdebug -loggers | grep -v INHERITED
loaderName loggerName loggerLevel
____________ ____________________________ ___________
MasterLoader '' INFO
MasterLoader net.sf.ehcache SEVERE
MasterLoader org.hibernate SEVERE
MasterLoader org.snmp4j WARNING
Nessus '' INFO
Nessus org.hibernate SEVERE
To enabling debug logging in a plugin, specify it by name as follows:
nacdebug -name DirectoryAuthentication true
Setting DirectoryAuthentication debug to true
The following command will also enable one or more loggers:
nacdebug -loggers | grep -v INHERITED
loaderName loggerName loggerLevel
____________ ____________________________ ___________
MasterLoader yams.DirectoryAuthentication FINER
Other examples of loggers:
Information for licensing (entitlementstool):
nacdebug -logger yams.FCPClient -level FINEST
tf output.master
yams.FCPClient FINE :: 2023-07-24 09:51:13:560 :: #847 :: HTTP/1.1 200 OK
yams.FCPClient FINE :: 2023-07-24 09:51:13:560 :: #847 :: FCPPackage [objects=[FCPObject [encryptedData=[80, ...
Radius log detailed for a specific MAC address:
nacdebug -logger 'yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine' -level FINE
tf output.master
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:814 :: #484 :: [Post-Auth] Process Started (16 attrs): nasIPAddr=10.0.0.1, srcIPAddr=192.168.1.102
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:815 :: #484 :: Device found for NAS-IP-Address [10.0.0.1]: ManagedElem: gw.eb.eu (10.0.0.1) [ID=32]
...
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINER :: 2023-11-06 12:00:37:821 :: #484 :: RadiusServer.getWiredPort: (gw.eb.eu/10.0.0.1) S108Exxxx:port4
...
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINEST :: 2023-11-06 12:00:37:843 :: #484 :: Response attrs = {Tunnel-Type=[VLAN] (RadAttr), Tunnel-Private-Group-Id=[532] (RadAttr), Tunnel-Medium-Type=[IEEE-802] (RadAttr)}
...
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:843 :: #484 :: Parse RFC5176 Attrs: attrList = 1,31
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:843 :: #484 :: Parse RFC5176 Attrs: client = 00:0A:CD:38:B5:CD
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:845 :: #484 :: Parse RFC5176 Attrs: saving attr [1] (User-Name) = gimi
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:847 :: #484 :: Parse RFC5176 Attrs: saving attr [31] (Calling-Station-Id) = 00-0A-CD-38-B5-CD (building CoA attributes)
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:847 :: #484 :: Adding client update to queue for client 00:0A:CD:38:B5:CD
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:847 :: #484 :: [Post-Auth] Returns: [Access-Accept]
The following is an example of integration with a Security Fabric (Connection) and the CFS process (Cooperative Security Fabric), which can be used to troubleshoot FortiNAC tags and dynamic addresses:
nacdebug -logger yams.fortinet.csf -level FINEST
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:031 :: #1395 :: ##send_hello()
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:031 :: #1395 :: >>> (/10.0.0.1:8013) decoded = CSFPacket [type=MSG_HELLO, stat=QUERY_SUCCESS, ttl=1, qid=22334477, data len = 58]
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:031 :: #1395 :: <<< (/10.0.0.1:8013) encoded = 010001223344770000003a00000049464e564d4341544d32333030313638350000000000666e6163000000000000000000000000000000000000000000000000000000000000000000
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:032 :: #1395 :: <<< (/10.0.0.1:8013) encoded = 010001223344770000003a000000494647564d3031544d3233303032383237000000000047570000000000000000000000000000000000000000000000000000000000000000000000
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:032 :: #1395 :: process_packet() from = /10.0.0.1:8013 type = MSG_HELLO, stat = QUERY_SUCCESS, path_len = 58
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:032 :: #1395 :: ##process_hello() /10.0.0.1:8013
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.