Provided by: pki-server_10.6.0-1ubuntu2_amd64 
NAME
pki-server-logging - PKI Server Logging Configuration
LOCATION
/etc/pki/<instance>/logging.properties, /var/lib/pki/<instance>/lib/log4j.properties,
/etc/pki/<instance>/<subsystem>/CS.cfg
DESCRIPTION
PKI server logging can be configured using the following logging frameworks:
- java.util.logging (JUL) (https://docs.oracle.com/javase/8/docs/api/java/util/logging/package-summary.html)
- Log4j (http://logging.apache.org/log4j/1.2/)
- Internal Logging
java.util.logging (JUL)
Tomcat uses JUL as the default logging framework. The configuration is described in
http://tomcat.apache.org/tomcat-7.0-doc/logging.html and
http://tomcat.apache.org/tomcat-8.0-doc/logging.html.
The default configuration is located at /usr/share/pki/server/conf/logging.properties.
During server deployment a link will be created at /etc/pki/<instance>/logging.properties.
By default only log messages with level WARNING or higher will be logged on the console
(i.e. systemd journal).
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format = %4$s: %5$s%6$s%n
.level = WARNING
.handlers = java.util.logging.ConsoleHandler
The systemd journal can be viewed with the following command:
$ journalctl -u pki-tomcatd@<instance>.service
For more information see the following documents:
- https://docs.oracle.com/javase/8/docs/api/java/util/logging/ConsoleHandler.html
- https://docs.oracle.com/javase/8/docs/api/java/util/logging/Level.html
- https://docs.oracle.com/javase/8/docs/api/java/util/logging/SimpleFormatter.html
- https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html
Log4j
The default Tomcat 7 classpath does include Log4j, but the server itself is not configured
to use Log4j for logging by default. However, since the Log4j is in the classpath the
RESTEasy will use Log4j for logging automatically (see
https://docs.jboss.org/resteasy/docs/3.0.6.Final/userguide/html/Installation_Configuration.html#RESTEasyLogging).
The default Log4j configuration is located at /usr/share/pki/server/conf/log4j.properties.
During server deployment a link will be created at
/var/lib/pki/<instance>/lib/log4j.properties.
By default only log messages with level WARN or higher will be logged on the console (i.e.
systemd journal).
log4j.appender.console = org.apache.log4j.ConsoleAppender
log4j.appender.console.Target = System.err
log4j.appender.console.layout = org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern = %p: %m%n
log4j.rootLogger = WARN, console
The default Tomcat 8 classpath does not include Log4j, so RESTEasy will use JUL instead.
For more information see the following documents:
- http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/ConsoleAppender.html
- http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/Level.html
- http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PatternLayout.html
Internal Logging
Each PKI subsystem uses an internal logging framework for debugging purposes.
The logging configuration is stored in /etc/pki/<instance>/<subsystem>/CS.cfg.
debug.enabled=true
debug.level=0
debug.filename=/var/lib/pki/<instance>/logs/<subsystem>/debug
debug.hashkeytypes=
debug.showcaller=false
The debug.enabled determines whether the debug log is enabled. By default it is enabled.
The debug.level determines the amount of details to be logged. The value ranges from 0
(most details) to 10 (least details). The default is 0.
The debug.filename determines the debug log file location. By default it is located at
/var/lib/pki/<instance>/logs/<subsystem>/debug.
The debug.hashkeytypes is a comma-separated list of additional components to log. By
default it's empty.
The debug.showcaller determines whether to include the caller information in the log
message. By default it's disabled.
CUSTOMIZATION
java.util.logging (JUL)
To customize JUL configuration, replace the link with a copy of the default configuration:
$ rm -f /etc/pki/<instance>/logging.properties
$ cp /usr/share/pki/server/conf/logging.properties /etc/pki/<instance>
$ chown pkiuser.pkiuser /etc/pki/<instance>/logging.properties
Then edit the file as needed. For example, to troubleshoot issues with PKI library add
the following lines:
netscape.level = ALL
com.netscape.level = ALL
org.dogtagpki.level = ALL
To troubleshoot issues with RESTEasy add the following line (unless Log4j is installed in
Tomcat classpath):
org.jboss.resteasy.level = ALL
Then restart the server.
Log4j
To customize Log4j configuration, replace the link with a copy of the default
configuration:
$ rm -f /var/lib/pki/<instance>/lib/log4j.properties
$ cp /usr/share/pki/server/conf/log4j.properties /var/lib/pki/<instance>/lib
$ chown pkiuser.pkiuser /var/lib/pki/<instance>/lib/log4j.properties
Then edit the file as needed. For example, to troubleshoot issues with RESTEasy add the
following line (unless Log4j is not installed in Tomcat classpath):
log4j.logger.org.jboss.resteasy = ALL
Then restart the server.
Internal Logging
To customize the internal logging configuration, edit the CS.cfg as needed, then restart
the server.
AUTHORS
Dogtag Team <pki-devel@redhat.com>.
COPYRIGHT
Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public License,
version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-
licenses/gpl-2.0.txt.
SEE ALSO
pki-logging(5)