SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Please note that each SSSD service logs into its own log file. Also please note that enabling debug_level in the [sssd] section only enables debugging just for the sssd process itself, not for the responder or provider processes. The debug_level parameter should be added to all sections that you wish to produce debug logs from. In addition to changing the log level in the config file using the debug_level parameter, which is persistent, but requires SSSD restart, it is also possible to change the debug level on the fly using the sss_debuglevel 8 tool. Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. 9, 0x20000: Performance and statistical data, please note that due to the way requests are processed internally the logged execution time of a request might be longer than it actually was. 10, 0x10000: Even more low-level libldb tracing information. Almost never really required. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0x0070 (i.e. fatal, critical and serious failures; corresponds to setting 2 in decimal notation)