Skip to main content
Pentaho Documentation

Increase Security Log Levels in the BA Server

The security logging facilities of the BA Server are set to ERROR by default, which is not always verbose enough for troubleshooting and testing. The below procedure explains how to increase the level of detail in the BA Server logs that deal with security-related messages.

  1. Stop the BA Server.
    sh /usr/local/pentaho/server/biserver-ee/stop-pentaho.sh
  2. Open the /pentaho/server/biserver-ee/tomcat/webapps/pentaho/WEB-INF/classes/log4j.xml file with a text editor.
  3. Use XML comments (<!-- -->) to disable all of the Threshold parameters in all of the appender elements.
  4. Change the priority value in the <root> section to one of: WARN, ERROR, FATAL, or DEBUG, depending on which level you prefer.
    <root>
      <priority value="DEBUG" />
      <appender-ref ref="PENTAHOCONSOLE"/>
      <appender-ref ref="PENTAHOFILE"/>
    </root>
  5. Add the following loggers directly above the root element:
    <!-- all Spring Security classes will be set to DEBUG -->
    <category name="org.springframework.security">
      <priority value="DEBUG" />
    </category>
    
    <!-- all Pentaho security-related classes will be set to DEBUG -->
    <category name="org.pentaho.platform.engine.security">
      <priority value="DEBUG" />
    </category>
    <category name="org.pentaho.platform.plugin.services.security">
      <priority value="DEBUG" />
    </category>
  6. Save and close the file, then edit the Spring Security configuration file that corresponds with your security back end in the /pentaho/server/biserver-ee/pentaho-solutions/system/ directory.

    The file will be one of:

    • applicationContext-spring-security-memory.xml
    • applicationContext-spring-security-jdbc.xml
    • applicationContext-spring-security-ldap.xml
  7. Find the daoAuthenticationProvider bean definition, and add the following property anywhere inside of it (before the </bean> tag):
    <property name="hideUserNotFoundExceptions" value="false" />
  8. Save the file and close the text editor.
  9. Start the BA Server.
    sh /usr/local/pentaho/server/biserver-ee/start-pentaho.sh

BA Server security logging is now globally set to DEBUG, which is sufficiently verbose for debugging security configuration problems. All BA Server messages will be collected in the /pentaho/server/biserver-ee/logs/pentaho.log file.

When you are finished configuring and testing the BA Server, you should adjust the log levels down to a less detailed level, such as ERROR, to prevent pentaho.log from growing too large.