C.2. Identity Management Log Files and Directories
| Directory or File | Description |
|---|---|
/var/log/ipaserver-install.log | The installation log for the IdM server. |
/var/log/ipareplica-install.log | The installation log for the IdM replica. |
/var/log/ipaclient-install.log | The installation log for the IdM client. |
/var/log/sssd/ | Log files for SSSD. |
~/.ipa/log/cli.log | The log file for errors returned by XML-RPC calls and responses by the ipa utility. Created in the home directory for the system user who runs the tools, who might have a different user name than the IdM user. |
/etc/logrotate.d/ | The log rotation policies for DNS, SSSD, Apache, Tomcat, and Kerberos. |
/etc/pki/pki-tomcat/logging.properties | This link points to the default Certificate Authority logging configuration at /usr/share/pki/server/conf/logging.properties. |
| Directory or File | Description |
|---|---|
/var/log/httpd/ | Log files for the Apache web server. |
/var/log/httpd/access_log | Standard access and error logs for Apache servers. Messages specific to IdM are recorded along with the Apache messages because the IdM web UI and the XML-RPC command-line interface use Apache. |
/var/log/httpd/error_log | |
| For details, see Log Files in the Apache documentation. | |
| Directory or File | Description |
|---|---|
/var/log/pki/pki-ca-spawn.time_of_installation.log | The installation log for the IdM CA. |
/var/log/pki/pki-kra-spawn.time_of_installation.log | The installation log for the IdM KRA. |
/var/log/pki/pki-tomcat/ | The top level directory for PKI operation logs. Contains CA and KRA logs. |
/var/log/pki/pki-tomcat/ca/ | Directory with logs related to certificate operations. In IdM, these logs are used for service principals, hosts, and other entities which use certificates. |
/var/log/pki/pki-tomcat/kra | Directory with logs related to KRA. |
/var/log/messages | Includes certificate error messages among other system messages. |
| For details, see Configuring Subsystem Logs in the Red Hat Certificate System Administration Guide. | |
| Directory or File | Description |
|---|---|
/var/log/dirsrv/slapd-REALM_NAME/ |
Log files associated with the Directory Server instance used by the IdM server. Most operational data recorded here are related to server-replica interactions.
|
/var/log/dirsrv/slapd-REALM_NAME/access |
Contain detailed information about attempted access and operations for the domain Directory Server instance.
|
/var/log/dirsrv/slapd-REALM_NAME/errors | |
/var/log/dirsrv/slapd-REALM_NAME/audit | Contains audit trails of all Directory Server operations when auditing is enabled in the Directory Server configuration. |
| For details, see Monitoring Server and Database Activity and Log File Reference in the Red Hat Directory Server documentation. | |
| Directory or File | Description |
|---|---|
/var/log/krb5kdc.log | The primary log file for the Kerberos KDC server. |
/var/log/kadmind.log | The primary log file for the Kerberos administration server. |
Locations for these files is configured in the krb5.conf file. They can be different on some systems. | |
| Directory or File | Description |
|---|---|
/var/log/messages |
Includes DNS error messages among other system messages.
DNS logging in this file is not enabled by default. To enable it, run the # /usr/sbin/rndc querylog command. To disable logging, run the command again.
|
| Directory or File | Description |
|---|---|
/var/log/custodia/ | Log file directory for the Custodia service. |
Additional Resources
- See Using the Journal in the System Administrator's Guide for information on how to use the
journalctlutility. You can usejournalctlto view the logging output ofsystemdunit files.
