Hi, the FINE logs should be visible in the journal. flo
On Thu, Dec 22, 2022 at 5:20 AM junhou he via FreeIPA-users < [email protected]> wrote: > Hi, > [root@wocfreeipa conf]# ipa cert-show 1 > ipa: ERROR: Failed to authenticate to CA REST API > [root@wocfreeipa conf]# cat > /var/lib/pki/pki-tomcat/conf/logging.properties | grep FINE > 1catalina.org.apache.juli.FileHandler.level = FINE > 2localhost.org.apache.juli.FileHandler.level = FINE > 3manager.org.apache.juli.FileHandler.level = FINE > 4host-manager.org.apache.juli.FileHandler.level = FINE > java.util.logging.ConsoleHandler.level = FINE > .level = FINE > org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = FINE > org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level > = FINE > org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level > = FINE > org.mozilla.jss.level = FINE > org.dogtagpki.level = FINE > com.netscape.level = FINE > netscape.level = FINE > [root@wocfreeipa conf]# > > > > tail -f /var/log/pki/pki-tomcat/ca/debug.2022-12-22.log > 2022-12-22 08:38:17 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-22 08:38:17 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=VALID) > 2022-12-22 08:38:17 [CertStatusUpdateTask] INFO: DBVirtualList: dn: > cn=2,ou=certificateRepository,ou=ca,o=ipaca > 2022-12-22 08:38:17 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating revoked certs to expired > 2022-12-22 08:38:17 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-22 08:38:17 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=REVOKED) > 2022-12-22 08:38:17 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: > Updating serial number counter > 2022-12-22 08:38:17 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: > Checking serial number ranges > 2022-12-22 08:38:17 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: > Checking request ID ranges > 2022-12-22 08:38:17 [Timer-0] INFO: SessionTimer: checking security domain > sessions > 2022-12-22 08:38:49 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] INFO: Getting > certificate 0x1 > 2022-12-22 08:38:49 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-3] INFO: > LDAPSession: reading cn=1,ou=certificateRepository, ou=ca,o=ipaca > > tail -f /var/log/dirsrv/slapd-WINGON-HK/access > [22/Dec/2022:08:38:17.233886267 +0800] conn=19 op=21 SRCH > base="ou=certificateRepository,ou=ca,o=ipaca" scope=0 > filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description" > [22/Dec/2022:08:38:17.234010458 +0800] conn=19 op=21 RESULT err=0 tag=101 > nentries=1 wtime=0.014734052 optime=0.000125838 etime=0.014858013 > [22/Dec/2022:08:38:17.847746019 +0800] conn=27 op=8 SRCH > base="ou=sessions,ou=Security Domain,o=ipaca" scope=2 > filter="(objectClass=securityDomainSessionEntry)" attrs="cn" > [22/Dec/2022:08:38:17.847992778 +0800] conn=27 op=8 RESULT err=32 tag=101 > nentries=0 wtime=0.000158299 optime=0.000259281 etime=0.000414694 > [22/Dec/2022:08:38:19.598578843 +0800] conn=28 op=13 SRCH > base="ou=authorizations,ou=acme,o=ipaca" scope=2 > filter="(acmeExpires<=20221222003819+0000)" attrs="1.1" > [22/Dec/2022:08:38:19.598863277 +0800] conn=28 op=13 RESULT err=0 tag=101 > nentries=0 wtime=0.000157043 optime=0.000287685 etime=0.000440875 > [22/Dec/2022:08:38:19.599268909 +0800] conn=28 op=14 SRCH > base="ou=orders,ou=acme,o=ipaca" scope=2 > filter="(acmeExpires<=20221222003819+0000)" attrs="1.1" > [22/Dec/2022:08:38:19.599396932 +0800] conn=28 op=14 RESULT err=0 tag=101 > nentries=0 wtime=0.000379314 optime=0.000128884 etime=0.000506447 > [22/Dec/2022:08:38:19.601650121 +0800] conn=28 op=15 SRCH > base="ou=certificates,ou=acme,o=ipaca" scope=2 > filter="(acmeExpires<=20221222003819+0000)" attrs="1.1" > [22/Dec/2022:08:38:19.601790342 +0800] conn=28 op=15 RESULT err=0 tag=101 > nentries=0 wtime=0.002236364 optime=0.000142754 etime=0.002376855 > [22/Dec/2022:08:38:23.202178746 +0800] conn=42 fd=117 slot=117 connection > from 10.99.16.212 to 10.100.0.213 > [22/Dec/2022:08:38:23.203751921 +0800] conn=42 op=0 BIND dn="" method=sasl > version=3 mech=GSSAPI > [22/Dec/2022:08:38:23.206551310 +0800] conn=42 op=0 RESULT err=14 tag=97 > nentries=0 wtime=0.000344548 optime=0.002794049 etime=0.003136691, SASL > bind in progress > [22/Dec/2022:08:38:23.207866158 +0800] conn=42 op=1 BIND dn="" method=sasl > version=3 mech=GSSAPI > [22/Dec/2022:08:38:23.209540560 +0800] conn=42 op=1 RESULT err=14 tag=97 > nentries=0 wtime=0.000149285 optime=0.001684787 etime=0.001832976, SASL > bind in progress > [22/Dec/2022:08:38:23.210611657 +0800] conn=42 op=2 BIND dn="" method=sasl > version=3 mech=GSSAPI > [22/Dec/2022:08:38:23.211258671 +0800] conn=42 op=2 RESULT err=0 tag=97 > nentries=0 wtime=0.000128945 optime=0.000663926 etime=0.000791870 > dn="krbprincipalname=ldap/[email protected] > ,cn=services,cn=accounts,dc=wingon,dc=hk" > [22/Dec/2022:08:38:23.212523743 +0800] conn=42 op=3 SRCH base="" scope=0 > filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [22/Dec/2022:08:38:23.213906216 +0800] conn=42 op=3 RESULT err=0 tag=101 > nentries=1 wtime=0.000264956 optime=0.001388203 etime=0.001651902 > [22/Dec/2022:08:38:23.215132145 +0800] conn=42 op=4 SRCH base="" scope=0 > filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [22/Dec/2022:08:38:23.216723816 +0800] conn=42 op=4 RESULT err=0 tag=101 > nentries=1 wtime=0.000159669 optime=0.001596932 etime=0.001755369 > [22/Dec/2022:08:38:23.217967046 +0800] conn=42 op=5 EXT > oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [22/Dec/2022:08:38:23.218703628 +0800] conn=42 op=5 RESULT err=0 tag=120 > nentries=0 wtime=0.000182814 optime=0.000749303 etime=0.000931176 > [22/Dec/2022:08:38:23.222687297 +0800] conn=42 op=6 EXT > oid="2.16.840.1.113730.3.5.5" name="replication-multimaster-extop" > [22/Dec/2022:08:38:23.224177305 +0800] conn=42 op=6 RESULT err=0 tag=120 > nentries=0 wtime=0.000158357 optime=0.001488320 etime=0.001640472 > [22/Dec/2022:08:38:49.307392953 +0800] conn=43 fd=121 slot=121 connection > from 10.100.0.213 to 10.100.0.213 > [22/Dec/2022:08:38:49.309912944 +0800] conn=43 op=0 BIND dn="" method=sasl > version=3 mech=GSS-SPNEGO > [22/Dec/2022:08:38:49.311877794 +0800] conn=43 op=0 RESULT err=0 tag=97 > nentries=0 wtime=0.000234961 optime=0.001969243 etime=0.002203214 > dn="uid=admin,cn=users,cn=accounts,dc=wingon,dc=hk" > [22/Dec/2022:08:38:49.321041547 +0800] conn=43 op=1 SRCH > base="cn=ipaconfig,cn=etc,dc=wingon,dc=hk" scope=0 filter="(objectClass=*)" > attrs=ALL > [22/Dec/2022:08:38:49.321543659 +0800] conn=43 op=1 RESULT err=0 tag=101 > nentries=1 wtime=0.000129599 optime=0.000504156 etime=0.000632090 > [22/Dec/2022:08:38:49.322646358 +0800] conn=43 op=2 SRCH > base="cn=masters,cn=ipa,cn=etc,dc=wingon,dc=hk" scope=2 > filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [22/Dec/2022:08:38:49.323086920 +0800] conn=43 op=2 RESULT err=0 tag=101 > nentries=1 wtime=0.000081437 optime=0.000441018 etime=0.000520830 > [22/Dec/2022:08:38:49.323798035 +0800] conn=43 op=3 SRCH > base="cn=masters,cn=ipa,cn=etc,dc=wingon,dc=hk" scope=2 > filter="(&(&(objectClass=ipaConfigObject)(cn=CA))(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))" > attrs="ipaConfigString" > [22/Dec/2022:08:38:49.324181733 +0800] conn=43 op=3 RESULT err=0 tag=101 > nentries=1 wtime=0.000081926 optime=0.000384241 etime=0.000464637 > [22/Dec/2022:08:38:49.347011565 +0800] conn=19 op=23 SRCH > base="cn=1,ou=certificateRepository,ou=ca,o=ipaca" scope=0 > filter="(objectClass=*)" attrs=ALL > [22/Dec/2022:08:38:49.347206355 +0800] conn=19 op=23 RESULT err=0 tag=101 > nentries=1 wtime=0.000096368 optime=0.000196426 etime=0.000290580 > [22/Dec/2022:08:38:49.365442853 +0800] conn=43 op=4 EXT > oid="1.3.6.1.4.1.4203.1.11.3" name="whoami-plugin" > [22/Dec/2022:08:38:49.365513662 +0800] conn=43 op=4 RESULT err=0 tag=120 > nentries=0 wtime=0.000094022 optime=0.000081234 etime=0.000173235 > [22/Dec/2022:08:38:49.365762008 +0800] conn=43 op=5 SRCH base="cn=retrieve > certificate,cn=virtual operations,cn=etc,dc=wingon,dc=hk" scope=0 > filter="(objectClass=*)" attrs="objectClass" > [22/Dec/2022:08:38:49.366479995 +0800] conn=43 op=5 RESULT err=0 tag=101 > nentries=1 wtime=0.000093224 optime=0.000719504 etime=0.000810644 - > entryLevelRights: vadn > [22/Dec/2022:08:38:49.368369619 +0800] conn=43 op=6 SRCH > base="cn=cas,cn=ca,dc=wingon,dc=hk" scope=2 > filter="(&(cn=ipa)(objectClass=ipaca))" attrs="" > [22/Dec/2022:08:38:49.368729116 +0800] conn=43 op=6 RESULT err=0 tag=101 > nentries=1 wtime=0.000103659 optime=0.000361339 etime=0.000463243 > [22/Dec/2022:08:38:49.369339524 +0800] conn=43 op=7 SRCH > base="cn=ipa,cn=cas,cn=ca,dc=wingon,dc=hk" scope=0 filter="(objectClass=*)" > attrs="description ipaCaIssuerDN ipaCaSubjectDN ipaCaId cn" > [22/Dec/2022:08:38:49.369580767 +0800] conn=43 op=7 RESULT err=0 tag=101 > nentries=1 wtime=0.000068199 optime=0.000242285 etime=0.000309020 > [22/Dec/2022:08:38:49.370906130 +0800] conn=43 op=8 SRCH > base="cn=masters,cn=ipa,cn=etc,dc=wingon,dc=hk" scope=2 > filter="(&(&(objectClass=ipaConfigObject)(cn=CA))(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))" > attrs="ipaConfigString" > [22/Dec/2022:08:38:49.371330577 +0800] conn=43 op=8 RESULT err=0 tag=101 > nentries=1 wtime=0.000076944 optime=0.000424999 etime=0.000500342 > [22/Dec/2022:08:38:49.405392008 +0800] conn=43 op=9 UNBIND > [22/Dec/2022:08:38:49.405422974 +0800] conn=43 op=9 fd=121 closed error - > U1 > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
