Troubleshooting#
For some issues, additional information in logs is needed to troubleshoot and understand the root causes. To gather and share this information, please carefully read and follow these steps.
Warning
ENABLING TRACE LOGS HAS A SIGNIFICANT IMPACT ON PERFORMANCE. DO NOT ENABLE IT ON PRODUCTION SERVERS.
Step 1: Stop TheHive Service#
First, stop TheHive service:
service thehive stop
Ensure the service is stopped with the following command:
service thehive status
Step 2: Renew application.log File#
Move the existing application.log file to a backup location:
mv /var/log/thehive/application.log /var/log/thehive/application.log.bak
Step 3: Update Log Configuration#
Edit the log configuration file /etc/thehive/logback.xml. Locate the line containing <logger name="org.thp" level="INFO"/> and update it to the following:
<logger name="org.thp" level="TRACE"/>
Save the file after making the changes.
Step 4: Restart TheHive Service#
Restart TheHive service:
service thehive start
A new log file /var/log/thehive/application.log will be created and will contain extensive logging information.
Step 5: Monitor and Save Logs#
Wait for the issue to occur or for the application to stop. Then, copy the log file to a safe location:
cp /var/log/thehive/application.log /root
Step 6: Share the Logs#
Create an issue on GitHub and include the following information:
- Context:
- Instance type (single node/cluster, backend type, index engine)
-
System details (Operating System, amount of RAM, number of CPUs for each server/node)
-
Symptoms:
-
Actions taken, how the situation occurred, and what happened
-
Log File:
- Attach the log file with trace information
Step 7: Revert Log Configuration#
To revert to the normal log configuration:
- Stop TheHive service.
- Edit the
logback.xmlfile to restore the previous log level configuration. - Restart TheHive service.
service thehive stop
# Restore the logback.xml file to previous state
service thehive start