Red Hat Training

A Red Hat training course is available for Red Hat Linux

C.2. Identity Management Log Files and Directories

Table C.9. IdM Server and Client Log Files and Directories

Directory or File Description
/var/log/ipaserver-install.log The installation log for the IdM server.
/var/log/ipareplica-install.log The installation log for the IdM replica.
/var/log/ipaclient-install.log The installation log for the IdM client.
/var/log/sssd/ Log files for SSSD.
~/.ipa/log/cli.log The log file for errors returned by XML-RPC calls and responses by the ipa utility. Created in the home directory for the system user who runs the tools, who might have a different user name than the IdM user.
/etc/logrotate.d/ The log rotation policies for DNS, SSSD, Apache, Tomcat, and Kerberos.

Table C.10. Apache Server Log Files

Directory or File Description
/var/log/httpd/ Log files for the Apache web server.
/var/log/httpd/access_log Standard access and error logs for Apache servers. Messages specific to IdM are recorded along with the Apache messages because the IdM web UI and the XML-RPC command-line interface use Apache.
/var/log/httpd/error_log
For details, see Log Files in the Apache documentation.

Table C.11. Certificate System Log Files

Directory or File Description
/var/log/pki/pki-ca-spawn.time_of_installation.log The installation log for the IdM CA.
/var/log/pki/pki-kra-spawn.time_of_installation.log The installation log for the IdM KRA.
/var/log/pki/pki-tomcat/ The top level directory for PKI operation logs. Contains CA and KRA logs.
/var/log/pki/pki-tomcat/ca/ Directory with logs related to certificate operations. In IdM, these logs are used for service principals, hosts, and other entities which use certificates.
/var/log/pki/pki-tomcat/kra Directory with logs related to KRA.
/var/log/messages Includes certificate error messages among other system messages.
For details, see Configuring Subsystem Logs in the Red Hat Certificate System Administration Guide.

Table C.12. Directory Server Log Files

Directory or File Description
/var/log/dirsrv/slapd-REALM_NAME/
Log files associated with the Directory Server instance used by the IdM server. Most operational data recorded here are related to server-replica interactions.
/var/log/dirsrv/slapd-REALM_NAME/access
Contain detailed information about attempted access and operations for the domain Directory Server instance.
/var/log/dirsrv/slapd-REALM_NAME/errors
/var/log/dirsrv/slapd-REALM_NAME/audit Contains audit trails of all Directory Server operations when auditing is enabled in the Directory Server configuration.
For details, see Monitoring Server and Database Activity and Log File Reference in the Red Hat Directory Server documentation.

Table C.13. Kerberos Log Files

Directory or File Description
/var/log/krb5kdc.log The primary log file for the Kerberos KDC server.
/var/log/kadmind.log The primary log file for the Kerberos administration server.
Locations for these files is configured in the krb5.conf file. They can be different on some systems.

Table C.14. DNS Log Files

Directory or File Description
/var/log/messages
Includes DNS error messages among other system messages.
DNS logging in this file is not enabled by default. To enable it, run the # /usr/sbin/rndc querylog command. To disable logging, run the command again.

Additional Resources

  • See Using the Journal in the System Administrator's Guide for information on how to use the journalctl utility. You can use journalctl to view the logging output of systemd unit files.