sssd (8) - Linux Man Pages
sssd: System Security Services Daemon
sssd - System Security Services Daemon
- sssd [options]
SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level).
Please note that each SSSD service logs into its own log file. Also please note that enabling "debug_level" in the "[sssd]" section only enables debugging just for the sssd process itself, not for the responder or provider processes. The "debug_level" parameter should be added to all sections that you wish to produce debug logs from.
In addition to changing the log level in the config file using the "debug_level" parameter, which is persistent, but requires SSSD restart, it is also possible to change the debug level on the fly using the sss_debuglevel(8) tool.
Currently supported debug levels:
0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running.
1, 0x0020: Critical failures. An error that doesn't kill SSSD, but one that indicates that at least one major feature is not going to work properly.
2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed.
3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2.
4, 0x0100: Configuration settings.
5, 0x0200: Function data.
6, 0x0400: Trace messages for operation functions.
7, 0x1000: Trace messages for internal control functions.
8, 0x2000: Contents of function-internal variables that may be interesting.
9, 0x4000: Extremely low-level tracing information.
To log required bitmask debug levels, simply add their numbers together as shown in following examples:
Example: To log fatal failures, critical failures, serious failures and function data use 0x0270.
Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310.
Note: The bitmask format of debug levels was introduced in 1.7.0.
1: Add a timestamp to the debug messages
0: Disable timestamp in the debug messages
1: Add microseconds to the timestamp in debug messages
0: Disable microseconds in timestamp
- Send the debug output to files instead of stderr. By default, the log files are stored in /var/log/sssd and there are separate log files for every SSSD service and domain.
- Become a daemon after starting up.
- Run in the foreground, don't become a daemon.
- Specify a non-default config file. The default is /etc/sssd/sssd.conf. For reference on the config file syntax and options, consult the sssd.conf(5) manual page.
- Display help message and exit.
- Print version number and exit.
- Informs the SSSD to gracefully terminate all of its child processes and then shut down the monitor.
- Tells the SSSD to stop writing to its current debug file descriptors and to close and reopen them. This is meant to facilitate log rolling with programs like logrotate.
- Tells the SSSD to simulate offline operation for the duration of the "offline_timeout" parameter. This is useful for testing. The signal can be sent to either the sssd process or any sssd_be process directly.
- Tells the SSSD to go online immediately. This is useful for testing. The signal can be sent to either the sssd process or any sssd_be process directly.
The SSSD upstream - https://pagure.io/SSSD/sssd/
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sssd-secrets(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8). sss_rpcidmapd(5)