Troubleshooting#
For some issues, we need extra information in logs to troubleshoot and understand to root causes. To gather and share this, please read carefully and follow these steps.
Warning
ENABLING TRACE LOGS HAS SIGNIFICANT IMPACT ON PERFORMANCES. DO NOT ENABLE IT ON PRODUCTION SERVERS.
Stop TheHive service and ensure it is stopped#
service thehive stop
Ensure the service is stopped with the following command:
service thehive status
Renew application.log file#
- in
/var/log/thehivemove the fileapplication.logtoapplication.log.bak
mv /var/log/thehive/application.log /var/log/thehive/application.log.bak
Update log configuration#
- Edit the file
/etc/thehive/logback.xml. Look for the line containing<logger name="org.thp" level="INFO"/>and update it to have following lines:
[..]
<logger name="org.thp" level="TRACE"/>
[..]
- Save the file.
Restart the service#
service thehive start
A new log file /var/log/thehive/application.log should be created and filed with a huge amount of logs.
Wait for the issue to appear and/or the application stop.
Save the logs#
Copy the log file in a safe place.
cp /var/log/thehive/application.log /root
Share it with us#
Create an issue on Github and please share context and symptoms with the log file. Please add information regarding:
- Context:
- instance (single node/cluster, backend type, index engine)
- System: Operating System, amount of RAM, #CPU for each server/node
- Symptoms:
- what you did, how you you come to this situation, what happened
- The log file with traces
Revert#
To get back a to normal log configuration, stop thehive, update logback.xml file with the previous configuration, and restart the application.