Troubleshooting
Troubleshooting Kerberos
Unix Syslog File
Each security server daemon, kadmind, kpropd, and kdcd writes to the system log (syslog) file. However, you can also configure the daemons to write the system logs to any file specified by you.
However, principal database operations performed locally on the primary server using the Administrator are not recorded as these programs do not use syslog to audit their activities.
The syslog daemon (syslogd) is configured using the /etc/syslog.conf file, which controls where your log files are located. For example, syslog can be configured to send messages to /usr/adm/messages.
The security server daemons log an entry for each transaction and whether the transaction succeeded or failed. The number of transactions that are logged in your syslog file is determined by how you have configured the reporting levels.
The syslog reporting levels used by the security server are:
•LOG_ERR - Prints out security server errors.
•LOG_WARNING - Prints out security server warnings.
•LOG_NOTICE - Prints out secured application server errors.
The Server logs information messages through syslog. The syslog file can grow large quickly if not maintained. The syslog file is specified in /etc/syslog.conf, which is typically /var/adm/messages.
Check the size of this file to make sure it does not use an overwhelming amount of system disk space. If the /var partition grows to hundred percent utilization, then syslog will stop writing log messages and may even shut down active processes, that is, the daemons.
Create a shell script to be executed daily or weekly by cron to check the syslog file size, partition utilization, or both, and detect any problems. Also, the syslog files should be archived regularly to a separate partition, drive, or server.
Services Checklist
•Did you answer the questions in the troubleshooting checklist at the beginning of this chapter?
266 | Chapter 9 |
