Centrify DirectControl, Centrify Identity Service, Mac Edition, Centrify DirectAudit
KB-0449: How to control the log level information of Centrify DirectControl
Applies to: All released version of Direct Control
Question: How can I control the level of log information written out by the centrify direct control?
By default the centrifydc.conf has the logging set at the INFO level.
Depending on the level of log information one wishes to capture, the log level in centrifydc.conf can be set to one of the followings:
TRACE DEBUG INFO WARN ERROR FATAL
TRACE is most verbose, FATAL is most terse, and ERROR is the suggested minimum level. Only put one of the above level, when sets at WARN it will also capture logs at ERROR and FATAL level as well and so forth.
The log: setting in centrifydc.conf applies to ALL centrifydc service modules. However, one can have a granular control on different service modules with the same level of log options available above.
e.g. for dns, krb5
log: INFO log.dns: FATAL log.krb5.conf: WARN
Moreover, one can even fine tune the log level within each service module.
e.g. for the following log message:
Feb 8 13:19:44 dbsaux04 adclient: INFO <main> dns.findsrv FindSrvFromDns failed: res_query failed _ldap._tcp.EXRECOV.VLO (0)
One can tell this message is at INFO level, and the service sub-module that wrote out the message is dns.findsrv. Hence to suppress messages from this, the possible settings in the centrifydc.conf are:
log.dns.findsrv: WARN | ERROR | FATAL (Use only one of these)
On the other hand, for troubleshooting purposes one can alternatively configure as follows:
log.dns.findsrv: DEBUG | TRACE (Use only one of these)
After making the configuration changes, do run the command:
if you are in DirectControl 4.0 and above, otherwise run the command: