Live Debugger Setup

  • Latest Dynatrace
  • 2-min read
  • Published Jan 29, 2025

Requirements

  • Dynatrace SaaS environment with a Dynatrace Platform Subscription (DPS) that includes Code Monitoring.
  • OneAgent version 1.309+ with Java Live-Debugger and Node.js Live-Debugger OneAgent features enabled.
  • Monitoring Modes: Full-Stack, Infrastructure, or Discovery (with container code-module injection).
  • Code modules: Java and Node.js.

IAM service reference

All supported values for each IAM permission and condition are listed below. Use them to define access policies based on a fine-grained set of permissions and conditions that can be enforced per service. For more information, see Working with policies.

Permission
Description
state:user-app-states:read
Allows write required user settings
state:user-app-states:write
Allows write required user settings
settings:objects:read
Allows reading required client settings
settings:objects:write
Allows reading required client settings
app-settings:objects:read
Allows reading required settings, such as On-Prem Git servers
dev-obs:breakpoints:set
See Observability for Developers agents and place breakpoints.
dev-obs:breakpoints:manage
Manage Observability for Developers breakpoints.

Set breakpoints

Grants permission to set user-level Live Debugging breakpoints.

Conditions:

  • dev-obs:k8s.namespace.name - the name of the namespace that the pod is running in.

    operators: IN, NOT IN, startsWith, NOT startsWith, =, !=

  • dev-obs:dt.entity.process_group - the process group your application is a part of.

    operators: IN, NOT IN, startsWith, NOT startsWith, =, !=

  • dev-obs:dt.process_group.detected_name – the detected name of the process group your application is a part of.

    operators: IN, NOT IN, startsWith, NOT startsWith, =, !=

Example policies:

  • Allow setting breakpoints for all instances:

    ALLOW dev-obs:breakpoints:set;

  • Allow setting breakpoints for a particular host group:

    ALLOW dev-obs:breakpoints:set WHERE dev-obs:dt.process_group.detected_name = "my_process_group";

Read snapshots

Grants permission to read user-level Live Debugging snapshots.

Example policies:

  • Allow read snapshots: 
    ALLOW storage:application.snapshots:read;
    ALLOW storage:buckets:read WHERE storage:table-name = "application.snapshots";

Enable Live Debugging in ActiveGate

ActiveGate version 1.311+

An ActiveGate isn't strictly required for Live Debugging to work, but it significantly streamlines the process, especially in Kubernetes environments. It allows you to reduce your interaction with Dynatrace to one single point—available locally. Besides convenience, this solution optimizes traffic volume, reduces the complexity of the network and cost.

Host-Based Deployments

The Live Debugger module is enabled by default for host-based ActiveGate deployments starting from version 1.311+.

Kubernetes Operator Deployments

For Kubernetes Operator deployments, the Live Debugger module must be enabled via the ActiveGate capabilities section in the DynaKube configuration.

To enable the Live Debugger Module:

Set debugging capability in the DynaKube.yaml file.

activeGate:
   capabilities:
    - debugging

If you are using a proxy, configure it within the Environment ActiveGate as described in Proxy for ActiveGate.

Related tags
Application Observability