Skip to content

Configuring Server Logging

Endi S. Dewata edited this page Feb 7, 2023 · 14 revisions

Overview

PKI uses java.util.logging (JUL) framework for server logging. The logging framework can be used to troubleshoot server code that is shared by all PKI subsystems (e.g. authentication, authorization).

The configuration is located at /var/lib/pki/pki-tomcat/conf/logging.properties which by default is a link to /usr/share/pki/server/conf/logging.properties.

By default the server will only log WARNING messages or higher (see Level):

.level = WARNING

org.mozilla.jss.level = WARNING
org.dogtagpki.level = WARNING
com.netscape.level = WARNING
netscape.level = WARNING

If the server is running in the background as a systemd service, the messages will be logged into the systemd journal. To view the systemd journal:

$ journalctl -fu pki-tomcatd@pki-tomcat.service

If the server is being run on the foreground using the pki-server run command, the messages will appear on the console.

Note: The server may also generate the following files in /var/lib/pki/pki-tomcat/logs but they are not actually used:

  • catalina.YYYY-MM-DD.log

  • host-manager.YYYY-MM-DD.log

  • localhost.YYYY-MM-DD.log

  • manager.YYYY-MM-DD.log

Configuring Server Logging

To change the server logging configuration, replace the logging.properties link with a copy of the default configuration:

$ rm -f /var/lib/pki/pki-tomcat/conf/logging.properties
$ cp /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf
$ chown pkiuser.pkiuser /var/lib/pki/pki-tomcat/conf/logging.properties

Edit /var/lib/pki/pki-tomcat/conf/logging.properties as needed. For example, to troubleshoot PKI issues:

org.dogtagpki.level = INFO
com.netscape.level = INFO
netscape.level = INFO

To troubleshoot JSS issues:

org.mozilla.jss.level = INFO

To troubleshoot RESTEasy issues:

org.jboss.resteasy = INFO

Finally, restart the server.

See Also

Clone this wiki locally