Skip to content

Configuring Subsystem Debug Log

Endi S. Dewata edited this page Oct 21, 2021 · 17 revisions

Overview

Each PKI subsystem provides a logging service using java.util.logging (JUL) framework. The logging service which can be used to troubleshoot issues in the subsystem (e.g. database access, certificate issuance, key archival).

For older PKI versions see also:

Configuration

The logging configuration is located at:

The logging levels for PKI classes are overridden by the debug.level parameter in:

Note: There is no CS.cfg for ACME, so the logging level has to be configured in logging.properties. This will be addressed in the future.

By default the subsystem will log INFO messages or higher:

# in logging.properties
org.dogtagpki.level = INFO
com.netscape.level = INFO
netscape.level = INFO

# in CS.cfg
debug.level=10

The debug.level is mapped into JUL log level as follows:

PKI Log Level SLF4J Log Level JUL Log Level

0-1 (OBNOXIOUS)

TRACE

FINEST

2-5 (VERBOSE)

DEBUG

FINE

6-10 (INFORM)

INFO

INFO

11-15

WARN

WARNING

>15

ERROR

SEVERE

The subsystem will store the messages in /var/log/pki/pki-tomcat/<subsystem>/debug.YYYY-MM-DD.log which will be rotated daily and purged after 7 days.

Displaying Current Debug Level

To show the current debug level in subsystems other than ACME, execute the following command:

$ pki-server ca-config-show debug.level
10

For ACME, see the *.level properties in /usr/share/pki/acme/webapps/acme/WEB-INF/classes/logging.properties.

Changing Debug Level

To change the debug level (e.g. to log FINE messages or higher) in subsystems other than ACME, execute the following command:

$ pki-server ca-config-set debug.level 5

For ACME, change the *.level properties in /usr/share/pki/acme/webapps/acme/WEB-INF/classes/logging.properties.

Then restart the server.

Clone this wiki locally