Server User Manual

ManualsBrandsRed Hat ManualsServer8.1

241

242

243

244

245

246

247

248

249

250

Audit Log Reference

235

NOTE

Example 5.5, “Example ACL Plug-in Error Log Entry with Plug-in Logging” shows both

plug-in logging and search filter processing (log level 32).

Many other kinds of logging have similar output to the plug-in logging level, only for different kinds

of internal operations. Heavy trace output (4), access control list processing (128), schema parsing

(2048), and housekeeping (4096) all record the functions called by the different operations being

performed. In this case, the difference is not in the format of what is being recorded, but what

operations it is being recorded for.

The configuration file processing goes through any .conf file, printing every line, whenever the

server starts up. This can be used to debug any problems with files outside of the server's normal

configuration. By default, only slapd-collations.conf file, which contains configurations for

international language sets, is available.

[09/Jan/2009:16:08:18 -0500] - reading config file /etc/dirsrv/slapd-server/slapd-

collations.conf

[09/Jan/2009:16:08:18 -0500] - line 46: collation "" "" "" 1 3 2.16.840.1.113730.3.3.2.0.1

default

[09/Jan/2009:16:08:18 -0500] - line 57: collation en "" "" 1 3 2.16.840.1.113730.3.3.2.11.1

en en-US

[09/Jan/2009:16:08:18 -0500] - line 58: collation en CA "" 1 3 2.16.840.1.113730.3.3.2.12.1

en-CA

[09/Jan/2009:16:08:18 -0500] - line 59: collation en GB "" 1 3 2.16.840.1.113730.3.3.2.13.1

en-GB

Example 5.6. Config File Processing Log Entry

There are two levels of ACI logging, one for debug information and one for summary. Both of these

ACI logging levels records some extra information that is not included with other types of plug-ins or

error logging, including connection

and operation

information. Show the name of the plug-in, the

bind DN of the user, the operation performed or attempted, and the ACI which was applied. The debug

level shows the series of functions called in the course of the bind and any other operations, as well.

Example 5.7, “Access Control Summary Logging” shows the summary access control log entry.

[09/Jan/2009:16:02:01 -0500] NSACLPlugin - #### conn=24826547353419844 op=1

binddn="uid=scarter,ou=people,dc=example,dc=com"

[09/Jan/2009:16:02:01 -0500] NSACLPlugin - conn=24826547353419844 op=1 (main): Allow search

on entry(ou=people,dc=example,dc=com).attr(uid) to uid=scarter,ou=people,dc=example,dc=com:

allowed by aci(2): aciname= "Enable anonymous access", acidn="dc=example,dc=com"

Example 5.7. Access Control Summary Logging

5.3. Audit Log Reference

The audit log records changes made to the server instance. Unlike the error and access log, the audit

log does not record access to the server instance, so searches against the database are not logged.

The audit log is formatted differently than the access and error logs and is basically like a time-

stamped LDIF file. The operations recorded in the audit log are formatted as LDIF statements:

logs-reference.html#Configuration_Command_File_Reference-Default_Access_Logging_Content-Connection_Number

logs-reference.html#Configuration_Command_File_Reference-Default_Access_Logging_Content-Operation_Number