X
  • LDAP
    January 13, 2017

Configuring logging in OUD

OUD has an extremely sophisticated and efficient way of handling the logging activity of the various type of instances (Directory Server, Directory Proxy, etc.). The 'Policies' feature, comes extremely handy, especially for what it concerns the log rotation and the log retention. These are the default policies:

# ./dsconfig list-log-rotation-policies --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_HOST_NAME>
Log Rotation Policy                 : Type       : file-size-limit : rotation-interval : time-of-day
------------------------------------:------------:-----------------:-------------------:------------
24 Hours Time Limit Rotation Policy : time-limit : -               : 1 d               : -
7 Days Time Limit Rotation Policy   : time-limit : -               : 1 w               : -
Fixed Time Rotation Policy          : fixed-time : -               : -                 : 2359
Size Limit Rotation Policy          : size-limit : 100 mb          : -                 : -

Whereas the ones for on-line
log retention
are:

# ./dsconfig list-log-retention-policies --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME>
Log Retention Policy             : Type            : disk-space-used : free-disk-space : number-of-files
---------------------------------:-----------------:-----------------:-----------------:----------------
File Count Retention Policy      : file-count      : -               : -               : 10
Free Disk Space Retention Policy : free-disk-space : -               : 500 mb          : -
Size Limit Retention Policy      : size-limit      : 500 mb          : -               : -

These policies might become a limiting factor in a busy, production environment; therefore, we can define custom policies for log retention, based on the number of files and on the disk space utilization:

# ./dsconfig create-log-retention-policy --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME> --policy-name "MY File Count Retention Policy" --type file-count --set number-of-files:50
# ./dsconfig create-log-retention-policy --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME> --policy-name "MY Size Limit Retention Policy" --type size-limit --set disk-space-used:"5 gb"
# ./dsconfig list-log-retention-policies --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME>
Log Retention Policy             : Type            : disk-space-used : free-disk-space : number-of-files
---------------------------------:-----------------:-----------------:-----------------:----------------
File Count Retention Policy      : file-count      : -               : -               : 10
Free Disk Space Retention Policy : free-disk-space : -               : 500 mb          : -
Size Limit Retention Policy      : size-limit      : 500 mb          : -               : -
MY File Count Retention Policy   : file-count      : -               : -               : 50
MY Size Limit Retention Policy   : size-limit      : 5 gb            : -               : -

That at this point, we will be able to assign to the various logger types, which, by default, are:

# ./dsconfig list-log-publishers --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME>
Log Publisher             : Type              : enabled
--------------------------:-------------------:--------
File-Based Access Logger  : file-based-access : true
File-Based Admin Logger   : file-based-access : true
File-Based Audit Logger   : file-based-access : false
File-Based Debug Logger   : file-based-debug  : false
File-Based Error Logger   : file-based-error  : true
Oracle Access Logger      : file-based-access : false
Oracle Error Logger       : file-based-error  : false
Replication Repair Logger : file-based-error  : true

We'll make the case of the File-Based Access Logger, which has by default the following configuration:

# ./dsconfig get-log-publisher-prop --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME> --publisher-name "File-Based Access Logger"
Property                       : Value(s)
-------------------------------:-----------------------------------------------
append                         : true
enabled                        : true
log-file                       : logs/access
log-file-permissions           : 640
log-file-use-local-time        : false
mask-passwords                 : true
masked-attribute               : -
masked-suffix                  : -
masking-uses-encryption-config : true
operations-to-log              : synchronization, user
retention-policy               : File Count Retention Policy
rotation-policy                : 24 Hours Time Limit Rotation Policy, Size
                               : Limit Rotation Policy

Note that the retention-policy has only a single value ("File Count Retention Policy") and the rotation policy has two values ("24 Hours Time Limit Rotation Policy" and "Size Limit Rotation Policy"); but at this point we can assign the policies we deem fit to our environment:

# ./dsconfig set-log-publisher-prop --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME> --publisher-name "File-Based Access Logger" --set rotation-policy:"Size Limit Rotation Policy" --set retention-policy:"MY File Count Retention Policy"
# ./dsconfig set-log-publisher-prop --bindDN <DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE> --no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname <OUD_DIR_HOST_NAME> --publisher-name "File-Based Access Logger" --add rotation-policy:"Fixed Time Rotation Policy" --add retention-policy:"MY Size Limit Retention Policy"

Note, that we first set the multi-valued attribute with the first value, and then we added the second value through the execution of the second command. The final result is:

# dsconfigget-log-publisher-prop --bindDN
<DIRECTORY_MANAGER> --bindPasswordFile <DM_PASSWORD_FILE>
--no-prompt --port <OUD_DIR_ADMIN_PORT> --hostname
<OUD_HOST_NAME>
--publisher-name "File-Based Access Logger"
Property                       : Value(s)
-------------------------------:-----------------------------------------------
append                         : true
enabled                        : true
log-file                       : logs/access
log-file-permissions           : 640
log-file-use-local-time        : false
mask-passwords                 : true
masked-attribute               : -
masked-suffix                  : -
masking-uses-encryption-config : true
operations-to-log              : synchronization, user
retention-policy               : MY File Count Retention Policy, MY Size
                               : Limit Retention Policy
rotation-policy                : Fixed Time Rotation Policy, Size Limit
                               : Rotation Policy

That's it! ;-)

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.