Logging details
Rachel Elizabeth Dillon
red at MIT.EDU
Tue May 24 10:18:58 EDT 2005
You should be able to configure this in your /etc/krb5.conf file
as follows:
[logging]
kdc=FILE:/var/log/kdc.log
or similar. I found this in the krb5.conf manpage on a Solaris system;
this manpage (and the krb5(3) manpage) don't seem to exist on my Debian
sarge system. krb5(3) isn't on the Solaris box either, actually; I don't
know that I've seen that manpage anywhere, come to think of it.
I've reproduced below the text of this manpage in the logging section in
case what you want to do is more complicated than what I described.
Hope this helps,
-r.
---
LOGGING SECTION
The [logging] section indicates how a particular entity is
to perform its logging. The relations specified in this
section assign one or more values to the entity name.
Currently, the following entities are used:
kdc These entries specify how the KDC is to perform its
logging.
admin_server
These entries specify how the administrative server is
to perform its logging.
default
These entries specify how to perform logging in the
absence of explicit specifications otherwise.
Values are of the following forms:
FILE=<filename>
FILE:<filename>
This value causes the entity's logging messages to go
to the specified file. If the = form is used, then the
file is overwritten. Otherwise, the file is appended
to.
STDERR
This value causes the entity's logging messages to go
to its standard error stream.
CONSOLE
This value causes the entity's logging messages to go
to the console, if the system supports it.
DEVICE=<devicename>
This causes the entity's logging messages to go to the
specified device.
SYSLOG[:<severity>[:<facility>]]
This causes the entity's logging messages to go to the
system log.
The severity argument specifies the default severity of
system log messages. This may be any of the following
severities supported by the _^Hs_^Hy_^Hs_^Hl_^Ho_^Hg(_^H3) call minus the
LOG_ prefix: LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR,
LOG_WARNING, LOG_NOTICE, LOG_INFO, and LOG_DEBUG. For
example, to specify LOG_CRIT severity, one would use
CRIT for severity.
The facility argument specifies the facility under
which the messages are logged. This may be any of the
following facilities supported by the _^Hs_^Hy_^Hs_^Hl_^Ho_^Hg(_^H3) call
minus the LOG_ prefix: LOG_KERN, LOG_USER, LOG_MAIL,
LOG_DAEMON, LOG_AUTH, LOG_LPR, LOG_NEWS, LOG_UUCP,
LOG_CRON, and LOG_LOCAL0 through LOG_LOCAL7.
If no severity is specified, the default is ERR, and if
no facility is specified, the default is AUTH.
In the following example, the logging messages from the KDC
will go to the console and to the system log under the
facility LOG_DAEMON with default severity of LOG_INFO; and
the logging messages from the administrative server will be
appended to the file /var/adm/kadmin.log and sent to the
device /dev/tty04.
[logging]
kdc = CONSOLE
kdc = SYSLOG:INFO:DAEMON
admin_server = FILE:/var/adm/kadmin.log
admin_server = DEVICE=/dev/tty04
On Tue, May 24, 2005 at 06:30:42AM -0400, Ted Kaczmarek wrote:
> Anyone know where one can get find information on syslog events for
> krb5kdc ?
> Googled with no success, and man pages and docs seem to be lacking in
> this respect.
>
> Regards,
> Ted
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20050524/a79d87c9/attachment.bin
More information about the Kerberos
mailing list