On (09/12/16 09:24), Jakub Hrozek wrote:
On Thu, Dec 08, 2016 at 04:05:04PM -0800, Ali, Saqib wrote:
> Hello,
>
> How do I configure SSSD to send sssd.log logs to syslog? I would like
> to include the DEBUB SSSD logs as well. We would like to feed the sssd
> logs to Splunk. Our systems are already configured to send syslog to
> Splunk Security Module. So we would like to use that setup, instead of
> the Splunk Forwarder.
>
> Thanks,
> Saqib
$ cat /etc/systemd/system/sssd.service.d/journal.conf
[Service]
# Uncomment *both* of the following lines to enable debug logging
# to go to journald instead of /var/log/sssd. You will need to
# run 'systemctl daemon-reload' and then restart the SSSD service
# for this to take effect
#ExecStart=
#ExecStart=/usr/sbin/sssd -D
That will send messages to journald :-)
You will also need to configure rsyslog to fetch logs from journald.
It is not a default on many distribution.
And if you do not use sssd compiled with journald support then
you will not be able to send sssd logs to syslog.
Just very critical messages are explicitely sent to syslog and also
to sssd log files.
Anyway, by default sssd does not log a lot. Just messages which prevent
starting of sssd.
LS