This parameter configures adclient to use "auth" as the logging facility when calling openlog(). The specified logging facility can be configured to define the destination for the logging entries. For example, on RedHat version 7, using the systemd service manager, the logging facility is journald and the configuration file is /etc/rsyslog.conf
The default adclient log level in centrifydc.conf is:
log: INFO
When addebug on , is executed, the following changes are made
1) in centrifydc.conf
log: DEBUG
2) in /etc/rsyslog.conf
# For DirectControl logging
# Centrify DirectControl logging
auth.debug -/var/log/centrifydc.log
$SystemLogRateLimitInterval 5 # line inserted by Centrify
$SystemLogRateLimitBurst 30000 # line inserted by Centrify
The default behavior is to redirect the journald log for auth.debug requests to /var/log/centrifydc.log
The Centrify logger has a hierarchical structure similar to log4j. For example, an entry in the logfile may look like:
Sep 29 09:52:14 rhel7 adclient[1282]: DEBUG <main> util.threadpool Pool size 3/4, busy size 1/20
where
DEBUG is the log priority (other levels are DEBUG, DIAG, INFO, WARN, ERROR, etc.)
<main> is the thread name
util.threadpool is the component
The logger will first look at this centrifydc.conf parameter to determine the log priority:
log.util.threadpool: DEBUG
Then the util.threadpool component will generate DEBUG level messages to logger. If this parameter is not set, the logger will look at the more general, log.util, and finally to the top level log. So to enable just DEBUG on the util.threadpool, the following settings can be made in centrifydc.conf
log: INFO
log.util.threadpool: DEBUG
Note: When changes are made to centrifydc.conf, the command, adreload, must be run before the changes will be applied.
The logger.facility.* parameter can also be more finely tuned using the format logger.facility.<process>. For example, to apply the auth facility to just the adclient process, the parameter would look like:
logger.facility.adclient: auth
The default '*' matches all processes. Other process that could be specified are cdcwatch, adnisd, diag, etc.
From here it is up to the rsyslog.conf to specify the logfile destination for "auth"
The addebug command is a shell script that is a general debug tool to assist in setting all these parameters to enable debug. The most common usage for addebug is:
# addebug on - turns on DEBUG for all components and all processes.
# addebug off - turns all DEBUG off
# addebug clear - clears the /var/log/centrifydc.log file of all messages
The script can also be used to enable debug on specific components. For example:
# addebug set util.threadpool DEBUG
will enable DEBUG on just the util.threadpool component as described above.