Show Table of Contents
C.2. Identity Management Log Files and Directories
Table C.9. IdM Server and Client Log Files and Directories
| Directory or File | Description |
|---|---|
/var/log/ipaserver-install.log | The installation log for the IdM server. |
/var/log/ipareplica-install.log | The installation log for the IdM replica. |
/var/log/ipaclient-install.log | The installation log for the IdM client. |
/var/log/sssd/ | Log files for SSSD. |
~/.ipa/log/cli.log | The log file for errors returned by XML-RPC calls and responses by the ipa utility. Created in the home directory for the system user who runs the tools, who might have a different user name than the IdM user. |
/etc/logrotate.d/ | The log rotation policies for DNS, SSSD, Apache, Tomcat, and Kerberos. |
Table C.10. Apache Server Log Files
| Directory or File | Description |
|---|---|
/var/log/httpd/ | Log files for the Apache web server. |
/var/log/httpd/access_log | Standard access and error logs for Apache servers. Messages specific to IdM are recorded along with the Apache messages because the IdM web UI and the XML-RPC command-line interface use Apache. |
/var/log/httpd/error_log | |
| For details, see Log Files in the Apache documentation. | |
Table C.11. Certificate System Log Files
| Directory or File | Description |
|---|---|
/var/log/pki/pki-ca-spawn.time_of_installation.log | The installation log for the IdM CA. |
/var/log/pki/pki-kra-spawn.time_of_installation.log | The installation log for the IdM KRA. |
/var/log/pki/pki-tomcat/ | The top level directory for PKI operation logs. Contains CA and KRA logs. |
/var/log/pki/pki-tomcat/ca/ | Directory with logs related to certificate operations. In IdM, these logs are used for service principals, hosts, and other entities which use certificates. |
/var/log/pki/pki-tomcat/kra | Directory with logs related to KRA. |
/var/log/messages | Includes certificate error messages among other system messages. |
| For details, see Configuring Subsystem Logs in the Red Hat Certificate System Administration Guide. | |
Table C.12. Directory Server Log Files
| Directory or File | Description |
|---|---|
/var/log/dirsrv/slapd-REALM_NAME/ |
Log files associated with the Directory Server instance used by the IdM server. Most operational data recorded here are related to server-replica interactions.
|
/var/log/dirsrv/slapd-REALM_NAME/access |
Contain detailed information about attempted access and operations for the domain Directory Server instance.
|
/var/log/dirsrv/slapd-REALM_NAME/errors | |
/var/log/dirsrv/slapd-REALM_NAME/audit | Contains audit trails of all Directory Server operations when auditing is enabled in the Directory Server configuration. |
| For details, see Monitoring Server and Database Activity and Log File Reference in the Red Hat Directory Server documentation. | |
Table C.13. Kerberos Log Files
| Directory or File | Description |
|---|---|
/var/log/krb5kdc.log | The primary log file for the Kerberos KDC server. |
/var/log/kadmind.log | The primary log file for the Kerberos administration server. |
Locations for these files is configured in the krb5.conf file. They can be different on some systems. | |
Table C.14. DNS Log Files
| Directory or File | Description |
|---|---|
/var/log/messages |
Includes DNS error messages among other system messages.
DNS logging in this file is not enabled by default. To enable it, run the
# /usr/sbin/rndc querylog command. To disable logging, run the command again.
|
Additional Resources
- See Using the Journal in the System Administrator's Guide for information on how to use the
journalctlutility. You can usejournalctlto view the logging output ofsystemdunit files.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.