Configuring Server Logging - dogtagpki/pki GitHub Wiki
PKI uses java.util.logging (JUL) framework for server logging. The logging framework can be used to troubleshoot server code that is shared by all PKI subsystems (e.g. authentication, authorization).
The configuration is located at /var/lib/pki/pki-tomcat/conf/logging.properties which by default is a link to /usr/share/pki/server/conf/logging.properties.
By default the server will only log WARNING messages or higher (see Level):
.level = WARNING org.mozilla.jss.level = WARNING org.dogtagpki.level = WARNING com.netscape.level = WARNING netscape.level = WARNING
If the server is running in the background as a systemd service, the messages will be logged into the systemd journal. To view the systemd journal:
$ journalctl -fu [email protected]
If the server is being run on the foreground using the pki-server run command, the messages will appear on the console.
Note: The server may also generate the following files in /var/lib/pki/pki-tomcat/logs but they are not actually used:
-
catalina.YYYY-MM-DD.log -
host-manager.YYYY-MM-DD.log -
localhost.YYYY-MM-DD.log -
manager.YYYY-MM-DD.log
To change the server logging configuration, replace the logging.properties link with a copy of the default configuration:
$ rm -f /var/lib/pki/pki-tomcat/conf/logging.properties $ cp /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf $ chown pkiuser.pkiuser /var/lib/pki/pki-tomcat/conf/logging.properties
Edit /var/lib/pki/pki-tomcat/conf/logging.properties as needed. For example, to troubleshoot PKI issues:
org.dogtagpki.level = INFO com.netscape.level = INFO netscape.level = INFO
To troubleshoot JSS issues:
org.mozilla.jss.level = INFO
To troubleshoot RESTEasy issues:
org.jboss.resteasy = INFO
Finally, restart the server.