Configuring Server Logging - dogtagpki/pki GitHub Wiki
PKI uses java.util.logging (JUL) framework for server logging. The logging framework can be used to troubleshoot server code that is shared by all PKI subsystems (e.g. authentication, authorization).
The configuration is located at /var/lib/pki/pki-tomcat/conf/logging.properties
which by default is a link to /usr/share/pki/server/conf/logging.properties.
By default the server will only log WARNING
messages or higher (see Level):
.level = WARNING org.mozilla.jss.level = WARNING org.dogtagpki.level = WARNING com.netscape.level = WARNING netscape.level = WARNING
If the server is running in the background as a systemd service, the messages will be logged into the systemd journal. To view the systemd journal:
$ journalctl -fu [email protected]
If the server is being run on the foreground using the pki-server run
command, the messages will appear on the console.
Note: The server may also generate the following files in /var/lib/pki/pki-tomcat/logs
but they are not actually used:
-
catalina.YYYY-MM-DD.log
-
host-manager.YYYY-MM-DD.log
-
localhost.YYYY-MM-DD.log
-
manager.YYYY-MM-DD.log
To change the server logging configuration, replace the logging.properties
link with a copy of the default configuration:
$ rm -f /var/lib/pki/pki-tomcat/conf/logging.properties $ cp /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf $ chown pkiuser.pkiuser /var/lib/pki/pki-tomcat/conf/logging.properties
Edit /var/lib/pki/pki-tomcat/conf/logging.properties
as needed. For example, to troubleshoot PKI issues:
org.dogtagpki.level = INFO com.netscape.level = INFO netscape.level = INFO
To troubleshoot JSS issues:
org.mozilla.jss.level = INFO
To troubleshoot RESTEasy issues:
org.jboss.resteasy = INFO
Finally, restart the server.