Configuring Subsystem Debug Log - dogtagpki/pki GitHub Wiki
Each PKI subsystem provides a logging service using java.util.logging (JUL) framework. The logging service which can be used to troubleshoot issues in the subsystem (e.g. database access, certificate issuance, key archival).
For older versions see:
The logging configuration is located at:
-
/usr/share/pki/ca/webapps/ca/WEB-INF/classes/logging.properties
-
/usr/share/pki/kra/webapps/kra/WEB-INF/classes/logging.properties
-
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/classes/logging.properties
-
/usr/share/pki/tks/webapps/tks/WEB-INF/classes/logging.properties
-
/usr/share/pki/tps/webapps/tps/WEB-INF/classes/logging.properties
-
/usr/share/pki/acme/webapps/acme/WEB-INF/classes/logging.properties
The logging levels for PKI classes are overridden by the debug.level
parameter in:
Note: There is no CS.cfg
for ACME, so the logging level has to be configured in logging.properties
. This will be addressed in the future.
By default the subsystem will log INFO
messages or higher:
# in logging.properties org.dogtagpki.level = INFO com.netscape.level = INFO netscape.level = INFO # in CS.cfg debug.level=10
The debug.level
is mapped into JUL log level as follows:
PKI Log Level | SLF4J Log Level | JUL Log Level |
---|---|---|
0-1 (OBNOXIOUS) |
TRACE |
FINEST |
2-5 (VERBOSE) |
DEBUG |
FINE |
6-10 (INFORM) |
INFO |
INFO |
11-15 |
WARN |
WARNING |
>15 |
ERROR |
SEVERE |
The subsystem will store the messages in /var/lib/pki/pki-tomcat/logs/<subsystem>/debug.YYYY-MM-DD.log
which will be rotated daily and purged after 7 days.
To show the current debug level in subsystems other than ACME, execute the following command:
$ pki-server ca-config-show debug.level 10
For ACME, see the *.level
properties in /usr/share/pki/acme/webapps/acme/WEB-INF/classes/logging.properties
.
To change the debug level (e.g. to log FINE
messages or higher) in subsystems other than ACME, execute the following command:
$ pki-server ca-config-set debug.level 5
For ACME, change the *.level
properties in /usr/share/pki/acme/webapps/acme/WEB-INF/classes/logging.properties
.
Then restart the server.