Enabling detailed logging for Linux and UNIX computers

In most cases, troubleshooting auditing-related issues requires information about the operation of the agent, the collector service, and database activity. For performance reasons, you should only enable agent logging when you need to capture detailed information about agent operations. For troubleshooting purposes, however, you can use the dadebug command to turn on detailed logging.

To enable audit-related logging on audited Linux or UNIX computers:

1. Switch to the root user.
2. Run the dadebug clear command to remove any existing detailed logging from previous operations.

   dadebug clear

3. Run the dadebug on command to enable detailed logging on for audit-related agent operations.

   dadebug on

   Detailed messages are recorded in the /var/log/centrifydc.log file. You can view the contents of the log file with a text editor. In most cases, however, you should collect additional information and send all of the logged information to Centrify Support.

4. Restart the auditing service.

   /usr/share/centrifydc/bin/centrifyda restart

5. Run the dainfo diagnostic command and save the output to a text file.

   dainfo --diag > /tmp/dainfo.txt

6. Run the adinfo diagnostic command and save the output to a text file.

   adinfo --diag > /tmp/adinfo.txt

7. Stop detailed logging of audit-related activity.

   dadebug off

8. Send an email to Centrify Support with the log files and the agent configuration file as an attachment.

   /var/log/centrifydc.log

   /tmp/dainfo.txt

   /tmp/adinfo.txt

   /etc/centrifyda/centrifyda.conf

To check whether detailed logging is enabled:

1. Run dadebug without parameters to see if detailed logging is currently enabled.

   dadebug

   Centrify DirectAudit debug logging is on.

2. Run addebug without parameters to see if detailed logging is currently enabled.

   addebug

3. Run addebug off to disable logging, if needed.