search

rockcarver / frodo-cli

A CLI to manage ForgeRock platform deployments supporting Identity Cloud tenants, ForgeOps deployments, and classic deployments.
MIT License
19 stars 17 forks source link

Get Logs from ID cloud #452

Closed debasisdwivedy closed 1 week ago

debasisdwivedy commented 1 week ago

Frodo CLI version

Provide output of frodo -v You are running the homebrew release. cli: v2.1.0 lib: v2.2.0 node: v20.11.1

Describe the issue

I am trying to get the logs from ID Cloud using the command below:

frodo logs tail <HOSTNAME> <USERNAME> <PASSWORD> --debug --verbose

I am not able to get any logs and get the issue below:

FrodoCommand.handleDefaultArgsAndOpts: Handling default option 'verbose'. ConnectionProfileOps.getConnectionProfilesPath: start ConnectionProfileOps.getConnectionProfilesPath: end [profilesPath=/Users/<USER>/.frodo/Connections.json] ConnectionProfileOps.findConnectionProfiles: '<HOSTNAME>' identifies '<HOSTNAME>', including in result set Using log api credentials from command line. Tailing ID Cloud logs from the following sources: am-everything,idm-everything and levels [SEVERE,ERROR,FATAL] of <HOSTNAME>... HTTP client error Code: ERR_BAD_REQUEST Status: 401 FrodoCommand: running postAction hook: this command: tail, action command: tail cli.Console.cleanupProgressBars: start cli.Console.cleanupProgressBars: stopping 0 bars cli.Console.cleanupProgressBars: end FrodoCommand: running postAction hook: this command: log, action command: tail cli.Console.cleanupProgressBars: start cli.Console.cleanupProgressBars: stopping 0 bars cli.Console.cleanupProgressBars: end

How to get real time logs from the tenant? We do not want to use the API

Regards,

atomicsamurai commented 1 week ago

ID Cloud (now Advanced Identity Cloud - AIC) log API is the only way to access ID Cloud logs. While frodo-cli makes is easier to fetch/tail the logs continuously, it still uses the same API under the covers. You will need to create a log API key and secret and provide it to frodo-cli to tail the logs. You can do that in multiple ways:

  1. Specify the API key and secret on the command line, as below: 
    frodo logs tail -l 4 https://<tenant-fqdn>/am <log-api-key> <log-api-secret>
  2. Set FRODO_LOG_KEY and FRODO_LOG_SECRET shell environment variables before running frodo-cli, and run frodo-cli: 
    export FRODO_LOG_KEY=<log-api-key>
export FRODO_LOG_SECRET=<log-api-secret>
frodo logs tail -l 4 https://<tenant-fqdn>/am
  3. Create and save a connection
debasisdwivedy commented 1 week ago

Thanks.