How to enable debug logging for outgoing http connections in Jira
Purpose
How to enable debug logging for outgoing HTTP traffic for 2 major libraries: Apache HTTPClient (see https://hc.apache.org/httpcomponents-client-ga/) and Java HttpURLConnection (see sec HttpURLConnection). Please note that even article mentions JIRA, the same can be applied to other Atlassian products with some modifications.
Solution
- See below for examples on how to enable logging for different HTTP frameworks
- In general, it's not easy to guess which frameworks is used for specific JIRA functionality, so you would need to either review the source code or just enable both
Apache HTTPClient
From docs:
- The wire log is used to log all data transmitted to and from servers when executing HTTP requests. The wire log uses the org.apache.http.wire logging category. This log should only be enabled to debug problems, as it will produce an extremely large amount of log data.
- Because the content of HTTP requests is usually less important for debugging than the HTTP headers, the org.apache.http.headers logging category is for capturing HTTP headers only.
To enable specific logging you need to configure it in JIRA (see related Logging and profiling, Configuring Logging). Set DEBUG for
- org.apache.http.headers - for HTTP headers only
recommended - org.apache.http.wire - for all HTTP data
This will be very verbose output, make sure you have enough disk space for the logs
Java HttpURLConnection method
To enable logging for sun.net.www.protocol.http.HttpURLConnection you need to configure JULI logger for the corresponding method. To achieve that, you need to add the following into logging.properties and restart Jira:
For JIRA 7.x, please add the file File: <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes/logging.properties
handlers = com.atlassian.logging.log4j.juli.JuliToLog4jHandler, java.util.logging.ConsoleHandler
.handlers = com.atlassian.logging.log4j.juli.JuliToLog4jHandler
com.atlassian.logging.juli.AtlassianHandler.level = FINE
# Set threshhold to FINEST for Console
java.util.logging.ConsoleHandler.level = FINEST
java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
#
# Set logging for HttpURLConnection
sun.net.www.protocol.http.HttpURLConnection.level = FINEST
sun.net.www.protocol.http.HttpURLConnection.handlers = java.util.logging.ConsoleHandlerThe output will be redirected into this default console output. Typically, this is catalina.out.
For JIRA 8.x and later versions, please change the file <JIRA_INSTALL>/conf/logging.properties to add the com.atlassian.logging.log4j.juli.JuliToLog4jHandler handler, and then append the below lines at the end of the file to enable logging to the tomcat console.
The changes should look like below:
....
handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, com.atlassian.logging.log4j.juli.JuliToLog4jHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, com.atlassian.logging.log4j.juli.JuliToLog4jHandler
....
com.atlassian.logging.juli.AtlassianHandler.level = FINE
# Set threshhold to FINEST for Console
java.util.logging.ConsoleHandler.level = FINEST
java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
#
# Set logging for HttpURLConnection
sun.net.www.protocol.http.HttpURLConnection.level = FINEST
sun.net.www.protocol.http.HttpURLConnection.handlers = java.util.logging.ConsoleHandler
Once done with the changes, restart JIRA for the changes to take effect.
This will be very verbose output, make sure you have enough disk space for the logs. To make it less verbose, you can change the sun.net.www.protocol.http.HttpURLConnection.level from
FINEST to FINE
SSL Debug
In case a library uses HTTPS for outgoing connection, it might be useful to enable logging for SSL also.
The SunJSSE has a built-in debug facility and is activated by the System property
javax.net.debug
To achieve that, you need to add the following into JVM Args and restart Jira:
//all debugging messages:
-Djavax.net.debug=all
// Verbose handshake logging
-Djavax.net.debug=ssl:handshake:verbose
Related links for extra reading:
- src HttpURLConnection.java
- src Authenticator.java
- https://tomcat.apache.org/tomcat-8.5-doc/logging.html
- https://hc.apache.org/httpcomponents-client-ga/logging.html
- https://stackoverflow.com/questions/1445919/how-to-enable-wire-logging-for-a-java-httpurlconnection-traffic
- https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html
- https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
- https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https