freeipa(5)文件和日志位置

Table 18.1. FreeIPA Server Configuration Files and Directories
Directory or File Description
Server Configuration
/etc/ipa The main FreeIPA configuration directory.
/etc/ipa/default.conf The primary configuration file for FreeIPA.
/etc/ipa/ca.crt The CA certificate issued by the FreeIPA server's CA.
~/.ipa/ A user-specific FreeIPA directory that is created on the local system in the system user's home directory the first time the user runs a FreeIPA command.
FreeIPA Logs
~/.ipa/log/cli.log The log file for all XML-RPC calls and responses by the FreeIPA command-line tools. This is created in the home directory for the system user who runs the tools, who may have a different name than the FreeIPA user.
/var/log/ipaclient-install.log The installation log for the client service.
/var/log/ipaserver-install.log The installation log for the FreeIPA server.
System Services
/etc/rc.d/init.d/ipa The FreeIPA server init script.
/etc/rc.d/init.d/ipa_kpasswd The init script for the FreeIPA control daemon for Kerberos passwords.
/var/run/ipa_kpasswd.pid The PID file for the Kerberos password daemon used by the FreeIPA service.
Web UI
/etc/ipa/html A symlink directory in the main configuration directory for the HTML files used by the FreeIPA web UI.
/etc/httpd/conf.d/ipa.conf
/etc/httpd/conf.d/ipa-rewrite.conf
The configuration files used by the Apache host for the web UI application.
/etc/httpd/conf/ipa.keytab The keytab file used by the web UI service.
/usr/share/ipa The main directory for all of the HTML files, scripts, and stylesheets used by the web UI.
/usr/share/ipa/ipa-rewrite.conf
/usr/share/ipa/ipa.conf
The configuration files used by the Apache host for the web UI application.
/usr/share/ipa/updates Contains any updated files, schema, and other elements for FreeIPA.
/usr/share/ipa/html Contains the HTML files, JavaScript files, and stylesheets used by the web UI.
/usr/share/ipa/ipaclient Contains the JavaScript files used to access Firefox's autoconfiguration feature and set up the Firefox browser to work in the FreeIPA Kerberos realm.
/usr/share/ipa/migration Contains HTML pages, stylesheets, and Python scripts used for running the FreeIPA server in migration mode.
/usr/share/ipa/ui Contains all of the scripts used by the UI to perform FreeIPA operations.
/var/log/httpd The log files for the Apache web server.
Kerberos
/etc/krb5.conf The Kerberos service configuration file.
SSSD
/etc/sssd/sssd.api.d/sssd-ipa.conf The configuration file used to identify the FreeIPA server, FreeIPA Directory Server, and other FreeIPA services used by SSSD.
/var/log/sssd The log files for SSSD.
389 Directory Server
/var/lib/dirsrv/slapd-REALM_NAME All of the schema, configuration, and database files associated with the Directory Server instance used by the FreeIPA server.
/var/log/dirsrv/slapd-REALM_NAME Log files associated with the Directory Server instance used by the FreeIPA server.
Dogtag Certificate System
/etc/pki-ca The main directory for the FreeIPA CA instance.
/etc/pki-ca/conf/CS.cfg The main configuration file for the FreeIPA CA instance.
/var/lib/dirsrv/slapd-PKI-IPA/ All of the schema, configuration, and database files associated with the Directory Server instance used by the FreeIPA CA.
/var/log/dirsrv/slapd-PKI-IPA/ Log files associated with the Directory Server instance used by the FreeIPA CA.
Cache Files
/var/cache/ipa Cache files for the FreeIPA server and the FreeIPA Kerberos password daemon.
System Backups
/var/lib/ipa/sysrestore Contains backups of all of the system files and scripts that were reconfigured when the FreeIPA server was installed. These include the original .conf files for NSS, Kerberos (both krb5.conf and kdc.conf), and NTP.
/var/lib/ipa-client/sysrestore Contains backups of all of the system files and scripts that were reconfigured when the FreeIPA client was installed. Commonly, this is the sssd.conf file for SSSD authentication services.


Table 18.2. FreeIPA Log Files
Service Log File Description Additional Information
FreeIPA server /var/log/ipaserver-install.log Server installation log  
FreeIPA server ~/.ipa/log/cli.log Command-line tool log  
FreeIPA client /var/log/ipaclient-install.log Client installation log  
Apache server
/var/log/httpd/access
/var/log/httpd/error
These are standard access and error logs for Apache servers. Both the web UI and the XML-RPC command-line interface use Apache, so some FreeIPA-specific messages will be recorded in the error log along with the Apache messages. Apache log chapter
Dogtag Certificate System /var/log/pki-ca-install.log The installation log for the FreeIPA CA.  
Dogtag Certificate System
/var/log/pki-ca/debug
/var/log/pki-ca/system
/var/log/pki-ca/transactions
/var/log/pki-ca/signedAudit
These logs mainly relate to certificate operations. In FreeIPA, this is used for service principals, hosts, and other entities which use certificates. Logging chapter
389 Directory Server
/var/log/dirsrv/slapd-REALM/access
/var/log/dirsrv/slapd-REALM/audit
/var/log/dirsrv/slapd-REALM/errors
The access and error logs both contain detailed information about attempted access and operations for the domain Directory Server instance. The error log setting can be changed to provide very detailed output. The access log is buffered, so the server only writes to the log every 30 seconds, by default.
  • Monitoring servers and databases
  • Log entries explained
389 Directory Server
/var/log/dirsrv/slapd-REALM/access
/var/log/dirsrv/slapd-REALM/audit
/var/log/dirsrv/slapd-REALM/errors
This directory server instance is used by the FreeIPA CA to store certificate information. Most operational data here will be related to server-replica interactions. The access log is buffered, so the server only writes to the log every 30 seconds, by default.
  • Monitoring servers and databases
  • Log entries explained
Kerberos /var/log/krb5libs.log This is the primary log file for Kerberos connections. This location is configured in the krb5.conf file, so it could be different on some systems.
Kerberos /var/log/krb5kdc.log This is the primary log file for the Kerberos KDC server. This location is configured in the krb5.conf file, so it could be different on some systems.
Kerberos /var/log/kadmind.log This is the primary log file for the Kerberos administration server. This location is configured in the krb5.conf file, so it could be different on some systems.
DNS /var/log/messages DNS error messages are included with other system messages. DNS logging is not enabled by default. DNS logging is enabled by running the querylog command:
/usr/sbin/rndc querylog

This begins writing log messages to the system's /var/log/messages file. To turn off logging, run the querylog command again.

你可能感兴趣的:(freeipa(5)文件和日志位置)