Configuring Server Logging

Overview

PKI server provides a logging service using java.util.logging (JUL) framework. The logging service which can be used to troubleshoot issues on the server (e.g. authentication, authorization) that might be shared by all PKI subsystems.

The configuration is located at /var/lib/pki/pki-tomcat/conf/logging.properties which by default is a link to /usr/share/pki/server/conf/logging.properties.

By default the server will only log WARNING or SEVERE messages (see Level):

.level = WARNING

org.mozilla.jss.level = WARNING
org.dogtagpki.level = WARNING
com.netscape.level = WARNING
netscape.level = WARNING

If the server is running on the background as a systemd service, the messages will be logged into the systemd journal. To view the systemd journal:

$ journalctl -fu pki-tomcatd@pki-tomcat.service

If the server is being run on the foreground using the pki-server run command, the messages will appear on the console.

Note: The server may also generate the following files in /var/lib/pki/pki-tomcat/logs but they are not actually used:

• catalina.YYYY-MM-DD.log

• host-manager.YYYY-MM-DD.log

• localhost.YYYY-MM-DD.log

• manager.YYYY-MM-DD.log

Configuring Server Logging

To change the server logging configuration, replace the logging.properties link with a copy of the default configuration:

$ rm -f /var/lib/pki/pki-tomcat/conf/logging.properties
$ cp /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf
$ chown pkiuser.pkiuser /var/lib/pki/pki-tomcat/conf/logging.properties

Edit the logging.properties copy as needed. For example, to log INFO messages:

org.mozilla.jss.level = INFO
org.dogtagpki.level = INFO
com.netscape.level = INFO
netscape.level = INFO

Finally, restart the server.

See Also

• Apache Tomcat 9 Logging

• Systemd

• How To Use Journalctl to View and Manipulate Systemd Logs