Debug logging directive for outputting variable values and formatted strings to application logs
debug
The debug directive is used to output debug information to the application logs during AAA request processing. It helps troubleshoot policies by showing variable values and formatted strings at debug log level.
Syntax
The debug directive supports three forms:
1. Debug a variable getter
debug vars.test;
Outputs the variable path and its resolved values:
DEBUG Getter 'vars.test' -> Values ["test_value1"]
2. Debug a formatted string
debug "initial: %{vars.test}";
Outputs the format string and its evaluated result:
DEBUG Formatter 'initial: %{vars.test}' -> initial: test_value1
3. Debug with custom logger and context
debug {
log "AUTHENTICATION";
context "In authentication log %{vars.test}";
}
Sends the debug message to a specific AAA logger with a custom context message.
Examples
Basic variable debugging
aaa {
policy "DEFAULT" {
handler "AUTHENTICATION" {
authentication {
modify {
vars.username = aaa.identity;
}
# Debug the variable
debug vars.username;
# Debug with formatted string
debug "Processing user: %{vars.username}";
accept;
}
}
}
}
Debugging multivalue attributes
authentication {
# Debug array values
debug "The groups are %{user.group[*]} for user %{aaa.identity}";
debug "🔴 Caching groups %{cache.groups[aaa.identity]} for user %{aaa.identity}";
}
Debugging before and after modifications
authentication {
modify {
vars.test = "test_value1";
}
debug "initial: %{vars.test}";
modify {
vars.test = "test_value2";
}
debug "after: %{vars.test}";
accept;
}
Log Level
Debug messages are logged at the DEBUG log level. To see debug output, ensure your application logging is configured with loglevel debug;:
logging {
application {
console {
loglevel debug;
}
}
}