List of modules for which log4j2 logger can be set?

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 2.11 deployed with Helm in K8s

Describe the issue:

I’m trying to troubleshoot why certificate validation for a cross-cluster-replication is failing.
I want to activate logging to get more information, but I do not receive additional information, and I suspect it is because the logs/modules I’m trying to activate are not available.
In the example below I try to activate logging for security, LDAP, SSL.

I tried to look for information about for which modules the logging can be activated, but I could not find a list.
Does such list exist? (without having to dig into the code)

Configuration:

config:
  log4j2.properties: |
    status = error

    appender.console.type = Console
    appender.console.name = console
    appender.console.layout.type = PatternLayout
    appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n

    # Define the RollingFile appender
    appender.rolling.type = RollingFile
    appender.rolling.name = RollingFileAppender
    appender.rolling.fileName = /usr/share/opensearch/logs/opensearch.log
    appender.rolling.filePattern = /usr/share/opensearch/logs/opensearch-%d{yyyy-MM-dd}-%i.log.gz
    appender.rolling.layout.type = PatternLayout
    appender.rolling.layout.pattern = [%d{ISO8601}] [%p] [%c{1.}] [%t] [%node_name]%marker %msg%n
    appender.rolling.policies.type = Policies
    appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
    appender.rolling.policies.time.interval = 1
    appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
    appender.rolling.policies.size.size = 100MB

    rootLogger.level = info
    rootLogger.appenderRef.console.ref = console

    # Security plugin logging
    logger.security.name = securityLogger
    logger.security.level = trace
    logger.security.appenderRef.console.ref = console
    logger.security.appenderRef.rolling.ref = RollingFileAppender

    logger.ldap.name = ldapLogger
    logger.ldap.level = debug
    logger.ldap.appenderRef.rolling.ref = RollingFileAppender

    # Enable debug logging for SSL/TLS
    logger.ssl.name = org.opensearch.ssl
    logger.ssl.level = debug
    logger.ssl.appenderRef.rolling.ref = RollingFileAppender

Relevant Logs or Screenshots:

@Julio I understand that your main issue is certificate validation in CCR.
The certificate handshake should be visible in the default log settings. It should tell you why the SSL connection wasn’t set.

Did both clusters were signed by the same RootCA?

Hi,
The logs showed the handshake failed with some high level error information. In my case I was ‘blind’ without knowing if what I meant to configure was actually configured in the systems, if I had configured all I had to configure, if I had missconfigured something on the client side or in the server side… all I had is that something had gone wrong during the session establishment. It took me quite many try and error until I pinpointed the culprit.

@Julio Did you follow the OpenSearch documentation and set proper DNs in both clusters?

Did you use the same RootCA to create node certificates in all clusters?
If not, you’ll need to concatenate all RootCAs.

Yes, I got it to work. I configured the nodes_dn to match the value of subject in the certificate. And I included the CA certificates from each cluster in the truststore.