This is a cache of https://docs.openshift.com/acs/4.3/cli/debugging-issues.html. It is a snapshot of the page at 2024-11-28T17:58:13.897+0000.
Debugging issues | roxctl CLI | Red Hat Advanced Cluster Security for Kubernetes 4.3
×

Prerequisites

  • You have configured the ROX_ENDPOINT environment variable using the following command:

    $ export ROX_ENDPOINT=<host:port> (1)
    1 The host and port information that you want to store in the ROX_ENDPOINT environment variable.

Viewing the logs

You can use either the oc or kubectl command to view the logs for the Central pod.

Procedure
  • To view the logs for the Central pod by using kubectl, run the following command :

    $ kubectl logs -n stackrox <central_pod>
  • To view the logs for the Central pod by using oc, run the following command :

    $ oc logs -n stackrox <central_pod>

Viewing the current log level

You can change the log level to see more or less information in Central logs.

Procedure
  • Run the following command to view the current log level:

    $ roxctl central debug log

Changing the log level

Procedure
  • Run the following command to change the log level:

    $ roxctl central debug log --level=<log_level> (1)
    1 The acceptable values for <log_level> are Panic, Fatal, Error, Warn, Info, and Debug.

Retrieving debugging information

Procedure
  • Run the following command to gather the debugging information for investigating issues:

    $ roxctl central debug dump
  • To generate a diagnostic bundle with the RHACS administrator password or API token and central address, follow the procedure in Generating a diagnostic bundle by using the roxctl CLI.

roxctl central debug command overview

Debug the Central service.

Usage
$ roxctl central debug [flags]

roxctl central debug command options inherited from the parent command

The roxctl central debug command supports the following options inherited from the parent roxctl command:

Option Description

--ca string

Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the ROX_CA_CERT_FILE environment variable.

--direct-grpc

Set --direct-grpc for improved connection performance. Alternatively, by setting the ROX_DIRECT_GRPC_CLIENT environment variable to true, you can enable direct gRPC . The default value is false.

-e, --endpoint string

Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the ROX_ENDPOINT environment variable. The default value is localhost:8443.

--force-http1

Force the use of HTTP/1 for all connections. Alternatively, by setting the ROX_CLIENT_FORCE_HTTP1 environment variable to true, you can force the use of HTTP/1. The default value is false.

--insecure

Enable insecure connection options. Alternatively, by setting the ROX_INSECURE_CLIENT environment variable to true, you can enable insecure connection options. The default value is false.

--insecure-skip-tls-verify

Skip the TLS certificate validation. Alternatively, by setting the ROX_INSECURE_CLIENT_SKIP_TLS_VERIFY environment variable to true, you can skip the TLS certificate validation. The default value is false.

--no-color

Disable the color output. Alternatively, by setting the ROX_NO_COLOR environment variable to true, you can disable the color output. The default value is false.

-p, --password string

Specify the password for basic authentication. Alternatively, you can set the password by using the ROX_ADMIN_PASSWORD environment variable.

--plaintext

Use an unencrypted connection. Alternatively, by setting the ROX_PLAINTEXT environment variable to true, you can enable an unencrypted connection. The default value is false.

-s, --server-name string

Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the ROX_SERVER_NAME environment variable.

--token-file string

Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the ROX_API_TOKEN environment variable.

These options are applicable to all the sub-commands of the roxctl central debug command.

roxctl central debug db

Control the debugging of the database.

Usage
$ roxctl central debug db [flags]
Table 1. Options
Option Description

-t, --timeout duration

Specify the timeout for API requests representing the maximum duration of a request. The default value is 1m0s.

roxctl central debug log

Retrieve the current log level.

Usage
$ roxctl central debug log [flags]
Table 2. Options
Option Description

-l, --level string

Specify the log level to which you want to set the modules. Valid values include Debug, Info, Warn, Error, Panic, and Fatal.

-m, --modules strings

Specify the modules to which you want to apply the command.

--retry-timeout duration

Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is 20s.

-t, --timeout duration

Specify the timeout for API requests, which is the maximum duration of a request. The default value is 1m0s.

roxctl central debug dump

Download a bundle containing the debug information for Central.

Usage
$ roxctl central debug dump [flags]
Table 3. Options
Option Description

--logs

If set to true, logs are included in the Central dump. The default value is false.

--output-dir string

Specify the output directory for the bundle content. The default value is an automatically generated directory name within the current directory.

-t, --timeout duration

Specify the timeout for API requests, which is the maximum duration of a request. The default value is 5m0s.

roxctl central debug db stats

Control the statistics of the Central database.

Usage
$ roxctl central debug db stats [flags]

roxctl central debug authz-trace

Enable or disable authorization tracing in Central for debugging purposes.

Usage
$ roxctl central debug authz-trace [flags]
Table 4. Options
Option Description

-t, --timeout duration

Specify the timeout for API requests representing the maximum duration of a request. The default value is 20m0s.

roxctl central debug db stats reset

Reset the statistics of the Central database.

Usage
$ roxctl central debug db stats reset [flags]

roxctl central debug download-diagnostics

Download a bundle containing a snapshot of diagnostic information about the platform.

Usage
$ roxctl central debug download-diagnostics [flags]
Table 5. Options
Option Description

--clusters strings

Specify a comma-separated list of the Sensor clusters from which you want to collect the logs.

--output-dir string

Specify the output directory in which you want to save the diagnostic bundle.

--since string

Specify the timestamp from which you want to collect the logs from the Sensor clusters.

-t, --timeout duration

Specify the timeout for API requests, which specifies the maximum duration of a request. The default value is 5m0s.