From 129922db0666e43255af01bf28db34fde06f1320 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Tue, 18 Feb 2025 10:07:30 +0100 Subject: [PATCH] Add info about the server-logs.xml file (#2125) --- .../pages/authentication-authorization/sso-integration.adoc | 4 ++++ modules/ROOT/pages/monitoring/logging.adoc | 3 ++- modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index 2ccaff90b..cd48d0c5c 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -402,7 +402,11 @@ server.jvm.additional=-Djavax.net.ssl.trustStorePassword=mypasword While setting up an OIDC integration, it is sometimes necessary to perform troubleshooting. In these cases, it can be useful to view the claims contained in the JWT supplied by the identity provider. + To enable the logging of these claims at `DEBUG` level in the security log, set xref:configuration/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] to be `true` and the security log level to `DEBUG`. +You can do this in _/conf/server-logs.xml_. + +If you need more information on how to set up and manage the security log, see xref:monitoring/logging.adoc#security-events-logging[Configure the security log]. [WARNING] ==== diff --git a/modules/ROOT/pages/monitoring/logging.adoc b/modules/ROOT/pages/monitoring/logging.adoc index bc6db2a4f..d4ba23bb0 100644 --- a/modules/ROOT/pages/monitoring/logging.adoc +++ b/modules/ROOT/pages/monitoring/logging.adoc @@ -60,7 +60,7 @@ and xref:configuration/configuration-settings.adoc#config_db.logs.query.threshol | `VERBOSE` | _security.log_ -| Logs information about security events. +| label:Enterprise[] Logs information about security events. | xref:configuration/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] | `true` @@ -662,6 +662,7 @@ For more details on loggers, see the https://logging.apache.org/log4j/2.x/manual [[garbage-collection-log-file-configuration]] == Configure the garbage collection log + The garbage collection log, or GC log for short, is special and cannot be configured with Log4j 2. The GC log is handled by the Java Virtual Machine(JVM) and must be passed directly to the command line. To simplify this process, Neo4j exposes the following settings in _neo4j.conf_: diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc index c4690a5da..99c3297e1 100644 --- a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc @@ -514,7 +514,11 @@ Neo4j Browser will try to reconnect and reflect the changed permissions faster t While setting up an OIDC integration, it is sometimes necessary to perform troubleshooting. In these cases, it can be useful to view the claims contained in the JWT supplied by the identity provider. + To enable the logging of these claims at `DEBUG` level in the security log, set xref:configuration/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] to `true` and the security log level to `DEBUG`. +You can do this in _/conf/server-logs.xml_. + +If you need more information on how to set up and manage the security log, see xref:monitoring/logging.adoc#security-events-logging[Configure the security log]. [WARNING] ==== @@ -523,6 +527,7 @@ Also, bear in mind that the set of claims provided by an identity provider in th ==== === How to debug further problems with the configuration + Apart from the logs available in _logs/debug.log_ and _logs/security.log_ in the Neo4j path, you can also use the web-development console in your web browser when doing the SSO authentication flow with Bloom or Neo4j Browser. This could reveal potential problems, such as the one presented below with an example identity provider and the Cross-Origin Request policy: