Configuring logging for the agent

By default, the Centrify UNIX agent logs errors, warnings and informational messages in the UNIX syslog and /var/log/messages files along with other kernel and program messages. Although these files contain valuable information for tracking system operations and troubleshooting issues, occasionally you may find it useful to activate agent-specific logging and record that information in a log file.

To enable logging on the Centrify UNIX agent

  1. Log in as or switch to the root user.
  2. Run the addebug command:

    /usr/share/centrifydc/bin/addebug on

    Note:   You must type the full path to the command because addebug is not included in the path by default.

    Once you run this command, all of the Centrify agent activity is written to the /var/log/centrifydc.logfile. If the adclient process stops running while you have logging enabled, the addebug program records messages from PAM and NSS requests in the /var/centrifydc/centrify_client.log file. Therefore, you should also check that file location if you enable logging.

For performance and security reasons, you should only enable logging when necessary, for example, when requested to do so by Centrify Support, and for short periods of time to diagnose a problem. Keep in mind that sensitive information may be written to this file and you should evaluate the contents of the file before giving others access to it.

When you are ready to stop logging activity, run the addebug off command.

Related topics