CAS uses the Commons Logging framework as a facade for the log4j engine by default. The default log4j engine can be replaced by any supported by Commons Logging if needed.
log4j Configuration
This section assumes you are using the default log4j engine.
The log4j configuration file is located in ${project.home}/cas-server-webapp/src/main/webapp/WEB-INF/classes/log4j.properties. At deployment time it is located at $CATALINA_HOME/webapps/cas/WEB-INF/classes/log4j.properties. By default logging is set to INFO for ja-sig code and WARN for Spring code. While debugging you may want to set those to DEBUG. When in production though, you probably want to run them both as WARN. Depending on your needs, it may make sense to keep the defaults (INFO and WARN).
In the default configuration, CAS logs to a log4j FileAppender in the current working directory of the java process. If you start/stop your servlet container from a shell, it's very likely the cas.log file will move around depending on the current directory where you start the container, e.g. catalina.sh start for Tomcat. It's strongly recommended that you change the file appender path to an absolute path suitable for your environment such as /var/log/cas.log. A good choice for Tomcat is something like ${catalina.home}/logs/cas.log.
The following is an example of a real-world log4j.properties file used in production at Virginia Tech.
log4j.rootLogger=ERROR, stdout, logfile log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - <%m>%n log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.logfile.File=/apps/local/cas/logs/cas.log log4j.appender.logfile.DatePattern='.'yyyy-MM-dd log4j.appender.logfile.Append=true log4j.appender.logfile.layout=org.apache.log4j.PatternLayout log4j.appender.logfile.layout.ConversionPattern=%d %-5p [%c] - %m%n # WARNING: Setting the org.springframework logger to DEBUG displays debug information about # the request parameter values being bound to the command objects. This could expose your # password in the log file. If you are sharing your log files, it is recommend you selectively # apply DEBUG level logging on a an org.springframework.* package level (i.e. org.springframework.dao) log4j.logger.org.springframework=INFO #log4j.logger.org.springframework.web.servlet.i18n=DEBUG #log4j.logger.org.springframework.web.servlet.view=DEBUG #log4j.logger.org.quartz=DEBUG log4j.logger.org.jasig=INFO # WARNING: Setting the flow package to DEBUG will display # the parameters posted to the login servlet including # cleartext authentication credentials log4j.logger.org.jasig.cas.web.flow=INFO log4j.logger.org.jasig.cas.authentication=INFO log4j.logger.org.jasig.cas.web.flow.TicketGrantingTicketCheckAction=INFO log4j.logger.org.jasig.cas.services.DefaultServiceRegistry=INFO log4j.logger.org.jasig.cas.services=INFO # Ignore verbose Person Directory warning messages about # character encoding when loading LDAP attributes log4j.logger.org.jasig.services.persondir.support.ldap.PersonAttributesMapper=ERROR log4j.logger.edu.vt.middleware.cas=INFO #log4j.logger.com.mchange=DEBUG #log4j.logger.org.inspektr=DEBUG