Anyone know where the the Auth logs for Cribl Stream/Edge are located?

For the ui? They are in the api logs.

Ah, perfect, thanks Brandon.

If people are logging into the leader though then there won't be anything events on workers.

My issue with the logs is that they're not very specific. "Authentication Provider Error" doesn't tell me where the failure is:1. Host unreachable/not found2. Bind user can't bind3. LDAP user/group search path invalidAlso, if there's secure ldap specified I would assume that you would see the `provider` key as `ldaps:hostname:port` , not `ldap:hostname:port`, but that's trivial

Is there a way to increase the log fidelity to see that get logged?

turn on debug level logging for the auth-related channels on the appropriate node(s)

there is usually sufficient detail in the regular level logs. There can be multiple events generated so you may not be looking at the right one.

Thanks Brandon, I'll try that. Much appreciated

Not any more logs output at debug level, I turned on debug for `auth` and `localauth` and `LDAPMapper`, so maybe silly level?

Actually Silly doesn't really reveal much either

Yeah this is crazy, it shows nothing on the logs even when the log level is silly. I don't understand, I thought this was supposed to be the way to see why this was failing?

Log levels can't show what the Engineering team hasn't built. Silly log level isn't being used ubiquitously across the code base, for example. If you provide the errors you do see then maybe we can help, otherwise a support case is recommended.