PrivX Log Settings
By default, regular and audit events are logged to syslog. Audit events use the namespace SSH-PRIVX-AUDIT
, and other (info/debug/error) messages use the namespace SSH_PRIVX
.
You can adjust the locations to which PrivX writes logs, and the log level of each microservice. The log locations are configured by settings in /opt/privx/etc/shared-config.toml
.
# Should we send PrivX system events to logs under /var/log/privx
# send_regular_events_to_stdout = false
send_regular_events_to_stdout = false
# Should we send PrivX audit events to syslog
# send_regular_events_to_syslog = true
send_audit_events_to_syslog = true
# Should we send PrivX system events to syslog
# send_regular_events_to_syslog = true
send_regular_events_to_syslog = true
To enable debug output for a microservice:
-
Edit
/opt/privx/scripts/<microservice_name>.sh
(replace <microservice_name>
with the name of the microservice) and set theSSH_TRACE
parameter:dir="/opt/privx/bin" cmd="SSH_LOG_LEVEL=DEBUG SSH_TRACE=6 /opt/privx/bin/auth" user="privx"
-
By default, the system-logging service rsyslog is configured to show INFO-level messages only, which blocks DEBUG messages. To configure rsyslog to show DEBUG-level messages, find the following line in the rsyslog configuration file,
/etc/rsyslog.conf
:*.info;mail.none;authpriv.none;cron.none /var/log/messages
And change it to, for example:
*.debug;mail.none;authpriv.none;cron.none /var/log/messages
Restart rsyslog to apply the changes:
# systemctl restart rsyslog
-
Restart the privx service to apply any changes to configuration files:
# systemctl restart privx
Updated over 3 years ago