Protocol authentication log files

The log files pertaining to protocol authentication are described here.

Table 1. Authentication log files
Service name	Log configuration file	Log files	Logging levels
Keystone	/etc/keystone/keystone.conf /etc/keystone/logging.conf	/var/log/keystone/keystone.log /var/log/keystone/httpd-error.log /var/log/keystone/httpd-access.log	In keystone.conf change `debug = true`- for getting debugging information in log file. `verbose = true` - for getting Info messages in log file . By default, these values are false and only warning messages are logged. Finer grained control of keystone logging levels can be specified by updating the keystones logging.conf file. For information on the logging levels in the logging.conf file, see OpenStack logging.conf documentation.
SSSD	/etc/sssd/sssd.conf	/var/log/sssd/sssd.log /var/log/sssd/sssd_nss.log /var/log/sssd/sssd_LDAPDOMAIN.log (depends upon configuration) /var/log/sssd/sssd_NISDOMAIN.log (depends upon configuration) Note: For more information on SSSD log files, see Red Hat Linux documentation.	0x0010: Fatal failures. Issue with invoking or running SSSD. 0x0020: Critical failures. SSSD does not stop functioning. However, this error indicates that at least one major feature of SSSD is not to work properly. 0x0040: Serious failures. A particular request or operation has failed. 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 0x0100: Configuration settings. 0x0200: Function data. 0x0400: Trace messages for operation functions. 0x1000: Trace messages for internal control functions. 0x2000: Contents of function-internal variables that might be interesting. 0x4000: Extremely low-level tracing information. Note: For more information on SSSD log levels, see Troubleshooting SSSD in Red Hat Enterprise Linux documentation.
Winbind	/var/mmfs /ces/smb.conf	/var/adm/ras/log.wb-<DOMAIN> [Depends upon available domains] /var/adm/ras/log.winbindd-dc-connect /var/adm/ras/log.winbindd-idmap /var/adm/ras/log.winbindd	Log level is an integer. The value can be from 0-10. The default value for log level is 1.

Note: Some of the authentication modules like keystone services log information also in /var/log/messages.

If you change the log levels, the respective authentication service must be restarted manually on each protocol node. Restarting authentication services might result in disruption of protocol I/O.