1pki-server-logging(5) PKI Server Logging Configuration pki-server-logging(5)
2
6 pki-server-logging - PKI Server Logging Configuration
7
10 /etc/pki/<instance>/logging.properties,
11 /var/lib/pki/<instance>/lib/log4j.properties, /etc/pki/<instance>/<sub‐
12 system>/CS.cfg
13
16 PKI server logging can be configured using the following logging frame‐
17 works:
18 - java.util.logging (JUL) (https://docs.oracle.com/javase/8/docs/api/java/util/logging/package-summary.html)
20 - Log4j (http://logging.apache.org/log4j/1.2/)
21 - Internal Logging
22 java.util.logging (JUL)
25 Tomcat uses JUL as the default logging framework. The configuration is
26 described in http://tomcat.apache.org/tomcat-7.0-doc/logging.html and
27 http://tomcat.apache.org/tomcat-8.0-doc/logging.html.
28 The default configuration is located at /usr/share/pki/server/conf/log‐
30 ging.properties. During server deployment a link will be created at
31 /etc/pki/<instance>/logging.properties.
32 By default only log messages with level WARNING or higher will be
34 logged on the console (i.e. systemd journal).
35 java.util.logging.ConsoleHandler.level = ALL
38 java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
39 java.util.logging.SimpleFormatter.format = %4$s: %5$s%6$s%n
40 .level = WARNING
42 .handlers = java.util.logging.ConsoleHandler
43 The systemd journal can be viewed with the following command:
45 $ journalctl -u pki-tomcatd@<instance>.service
47 For more information see the following documents:
49 - https://docs.oracle.com/javase/8/docs/api/java/util/logging/ConsoleHandler.html
51 - https://docs.oracle.com/javase/8/docs/api/java/util/logging/Level.html
52 - https://docs.oracle.com/javase/8/docs/api/java/util/logging/SimpleFormatter.html
53 - https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html
54 Log4j
57 The default Tomcat 7 classpath does include Log4j, but the server
58 itself is not configured to use Log4j for logging by default. However,
59 since the Log4j is in the classpath the RESTEasy will use Log4j for
60 logging automatically (see
61 https://docs.jboss.org/resteasy/docs/3.0.6.Final/userguide/html/Instal‐
62 lation_Configuration.html#RESTEasyLogging).
63 The default Log4j configuration is located at
65 /usr/share/pki/server/conf/log4j.properties. During server deployment
66 a link will be created at /var/lib/pki/<instance>/lib/log4j.properties.
67 By default only log messages with level WARN or higher will be logged
69 on the console (i.e. systemd journal).
70 log4j.appender.console = org.apache.log4j.ConsoleAppender
73 log4j.appender.console.Target = System.err
74 log4j.appender.console.layout = org.apache.log4j.PatternLayout
75 log4j.appender.console.layout.ConversionPattern = %p: %m%n
76 log4j.rootLogger = WARN, console
78 The default Tomcat 8 classpath does not include Log4j, so RESTEasy will
80 use JUL instead.
81 For more information see the following documents:
83 - http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/ConsoleAppender.html
85 - http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/Level.html
86 - http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PatternLayout.html
87 Internal Logging
90 Each PKI subsystem uses an internal logging framework for debugging
91 purposes.
92 The logging configuration is stored in /etc/pki/<instance>/<subsys‐
94 tem>/CS.cfg.
95 debug.enabled=true
98 debug.level=0
99 debug.filename=/var/lib/pki/<instance>/logs/<subsystem>/debug
100 debug.hashkeytypes=
101 debug.showcaller=false
102 The debug.enabled determines whether the debug log is enabled. By
104 default it is enabled.
105 The debug.level determines the amount of details to be logged. The
107 value ranges from 0 (most details) to 10 (least details). The default
108 is 0.
109 The debug.filename determines the debug log file location. By default
111 it is located at /var/lib/pki/<instance>/logs/<subsystem>/debug.
112 The debug.hashkeytypes is a comma-separated list of additional compo‐
114 nents to log. By default it's empty.
115 The debug.showcaller determines whether to include the caller informa‐
117 tion in the log message. By default it's disabled.
118
121 java.util.logging (JUL)
122 To customize JUL configuration, replace the link with a copy of the
123 default configuration:
124 $ rm -f /etc/pki/<instance>/logging.properties
126 $ cp /usr/share/pki/server/conf/logging.properties /etc/pki/<instance>
127 $ chown pkiuser.pkiuser /etc/pki/<instance>/logging.properties
128 Then edit the file as needed. For example, to troubleshoot issues with
130 PKI library add the following lines:
131 netscape.level = ALL
134 com.netscape.level = ALL
135 org.dogtagpki.level = ALL
136 To troubleshoot issues with RESTEasy add the following line (unless
138 Log4j is installed in Tomcat classpath):
139 org.jboss.resteasy.level = ALL
142 Then restart the server.
144 Log4j
147 To customize Log4j configuration, replace the link with a copy of the
148 default configuration:
149 $ rm -f /var/lib/pki/<instance>/lib/log4j.properties
151 $ cp /usr/share/pki/server/conf/log4j.properties /var/lib/pki/<instance>/lib
152 $ chown pkiuser.pkiuser /var/lib/pki/<instance>/lib/log4j.properties
153 Then edit the file as needed. For example, to troubleshoot issues with
155 RESTEasy add the following line (unless Log4j is not installed in Tom‐
156 cat classpath):
157 log4j.logger.org.jboss.resteasy = ALL
160 Then restart the server.
162 Internal Logging
165 To customize the internal logging configuration, edit the CS.cfg as
166 needed, then restart the server.
167
170 Dogtag Team <pki-devel@redhat.com>.
171
174 Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General
175 Public License, version 2 (GPLv2). A copy of this license is available
176 at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
177
180 pki-logging(5)
181version 10.3 November 3, 2016 pki-server-logging(5)