30.9. Troubleshooting SSSD

download PDF

30.9.1. Checking SSSD Log Files

SSSD uses a number of log files to report information about its operation, located in the /var/log/sssd/ directory. SSSD produces a log file for each domain, as well as an sssd_pam.log and an sssd_nss.log file.
Additionally, the /var/log/secure file logs authentication failures and the reason for the failure.
Increasing the log level can provide more information about problems with SSSD. To change the log level, set the debug_level parameter for each section in the sssd.conf file for which to product extra logs. For example:
config_file_version = 2
services = nss, pam
domains = LDAP
debug_level = 9
Table 30.8. Debug Log Levels
Level Description
0 Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running.
1 Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly.
2 Serious failures. An error announcing that a particular request or operation has failed.
3 Minor failures. These are the errors that would percolate down to cause the operation failure of 2.
4 Configuration settings.
5 Function data.
6 Trace messages for operation functions.
7 Trace messages for internal control functions.
8 Contents of function-internal variables that may be interesting.
9 Extremely low-level tracing information.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.