30.9. Troubleshooting SSSD
30.9.1. Checking SSSD Log Files
SSSD uses a number of log files to report information about its operation, located in the
/var/log/sssd/
directory. SSSD produces a log file for each domain, as well as an sssd_pam.log
and an sssd_nss.log
file.
Additionally, the
/var/log/secure
file logs authentication failures and the reason for the failure.
Increasing the log level can provide more information about problems with SSSD. To change the log level, set the
debug_level
parameter for each section in the sssd.conf
file for which to product extra logs. For example:
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
debug_level = 9
Level | Description |
---|---|
0 | Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. |
1 | Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. |
2 | Serious failures. An error announcing that a particular request or operation has failed. |
3 | Minor failures. These are the errors that would percolate down to cause the operation failure of 2. |
4 | Configuration settings. |
5 | Function data. |
6 | Trace messages for operation functions. |
7 | Trace messages for internal control functions. |
8 | Contents of function-internal variables that may be interesting. |
9 | Extremely low-level tracing information. |