PKI Services Manager logging is enabled by default. Log files are created daily and saved to a directory called logs located in the PKI Services Manager data directory.

You can change the logging level to control the amount of information sent to the log. The log can contain both auditing messages (labeled "[audit]"), and debug messages (labeled "[debug]"). Auditing messages provide information about both successful and unsuccessful validation attempts. Debug messages are designed to help in troubleshooting.

The default log level is "Error". At this level, auditing messages are sent to the log, but debug messages are sent only if a PKI Services Manager error occurs, generally because PKI Services Manager is not correctly configured. The additional log levels 'Warning", "Information" and "Debug" provide increasing levels of detail. ("Trace" is also available, but provides more content than is generally useful.)

Note: Log level changes don't require a restart. If you change Maximum log files or Log output to file you must restart the server.

To set the level of detail in the log file from the console (Windows)

  1. From the PKI Services Manager console, go to the General pane.
  2. Specify a value for Log level.
  3. Save (File >Save) and reload (Server > Reload).

To change the logging level by editing pki_config (UNIX)

  1. Open the PKI Services Manager configuration file in a text editor. The default name and location is:


  2. Use LogLevel to specify a level of detail. Allowed values are: 'error', 'warn', 'info', 'debug', and 'trace'.
  3. Save the file and reload your settings.