Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-0449: How to control the log level information of Centrify DirectControl

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:06 AM

Applies to:
All released version of Direct Control

How can I control the level of log information written out by the centrify direct control?


By default the centrifydc.conf has the logging set at the INFO level.

log: INFO

Depending on the level of log information one wishes to capture, the log level in centrifydc.conf can be set to one of the followings:


TRACE is most verbose, FATAL is most terse, and ERROR is the suggested minimum level. Only put one of the above level, when sets at WARN it will also capture logs at ERROR and FATAL level as well and so forth.

The log: setting in centrifydc.conf applies to ALL centrifydc service modules. However, one can have a granular control on different service modules with the same level of log options available above.

e.g. for dns, krb5

log: INFO
log.dns: FATAL
log.krb5.conf: WARN

Moreover, one can even fine tune the log level within each service module.

e.g. for the following log message:

Feb 8 13:19:44 dbsaux04 adclient[6209]: INFO <main> dns.findsrv FindSrvFromDns failed: res_query failed _ldap._tcp.EXRECOV.VLO (0)

One can tell this message is at INFO level, and the service sub-module that wrote out the message is dns.findsrv. Hence to suppress messages from this, the possible settings in the centrifydc.conf are:

log.dns.findsrv: WARN | ERROR | FATAL (Use only one of these)

On the other hand, for troubleshooting purposes one can alternatively configure as follows:

log.dns.findsrv: DEBUG | TRACE (Use only one of these)

After making the configuration changes, do run the command:


if you are in DirectControl 4.0 and above, otherwise run the command:

/etc/init.d/centrifydc restart

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.