12.11. Suivi des demandes des clients à l'aide de l'outil d'analyse des logs
The System Security Services Daemon (SSSD) includes a log parsing tool that can be used to track requests from start to finish across log files from multiple SSSD components.
12.11.1. How the log analyzer tool works
Using the log parsing tool, you can track SSSD requests from start to finish across log files from multiple SSSD components. You run the analyzer tool using the sssctl analyze
command.
The log analyzer tool helps you to troubleshoot NSS and PAM issues in SSSD and more easily review SSSD debug logs. You can extract and print SSSD logs related only to certain client requests across SSSD processes.
SSSD tracks user and group identity information (id
, getent
) separately from user authentication (su
, ssh
) information. The client ID (CID) in the NSS responder is independent of the CID in the PAM responder and you see overlapping numbers when analyzing NSS and PAM requests. Use the --pam
option with the sssctl analyze
command to review PAM requests.
Requests returned from the SSSD memory cache are not logged and cannot be tracked by the log analyzer tool.
Ressources supplémentaires
-
sudo sssctl analyze request --help
-
sudo sssctl analyze --help
-
sssd.conf
man page -
sssctl
man page
12.11.2. Running the log analyzer tool
This procedure describes how to use the log analyzer tool to track client requests in SSSD.
Conditions préalables
-
You must set
debug_level
to at least 7 in the [$responder] section, and [domain/$domain] section of the/etc/sssd/sssd.conf
file to enable log parsing functionality. -
Logs to analyze must be from a compatible version of SSSD built with
libtevent
chain ID support, that is SSSD in RHEL 8.5 and later.
Procédure
Run the log analyzer tool in list mode to determine the client ID of the request you are tracking, adding the
-v
option to display verbose output:# sssctl analyze request list -v
A verbose list of recent client requests made to SSSD is displayed.
NoteIf analyzing PAM requests, run the
sssctl analyze request list
command with the--pam
option.Run the log analyzer tool with the
show [unique client ID]
option to display logs pertaining to the specified client ID number:# sssctl analyze request show 20
If required, you can run the log analyzer tool against log files, for example:
# sssctl analyze request --logdir=/tmp/var/log/sssd
Ressources supplémentaires
-
sssctl analyze request list --help
-
sssctl analyze request show --help
-
sssctl
man page.