5 Log file reference

The HP-UX Directory Server (Directory Server) provides logs to help monitor directory activity. Monitoring helps quickly detecting and remedying failures and, where done proactively, anticipating and resolving potential problems before they result in failure or poor performance. Part of monitoring the directory effectively is understanding the structure and content of the log files.

This chapter does not provide an exhaustive list of log messages. However, the information presented in this chapter serves as a good starting point for common problems and for better understanding the information in the access, error, and audit logs.

Logs are kept per Directory Server instances and are located in the /var/opt/dirsrv/slapd-instance_name/log directory.

5.1 Access log reference

The Directory Server access log contains detailed information about client connections to the directory. A connection is a sequence of requests from the same client with the following structure:

Connection record, which gives the connection index and the IP address of the client.

Bind record.

Bind result record.

Sequence of operation request/operation result pairs of records (or individual records in the case of connection, closed, and abandon records).

Unbind record.

Closed record.

Every line begins with a timestamp (for example, [21/Apr/2009:11:39:51 -0700]). The designation -0700indicates the time difference in relation to GMT. Apart from the connection, closed, and abandon records, which appear individually, all records appear in pairs, consisting of a request for service record followed by a result record. These two records frequently appear on adjacent lines, but this is not always the case.

The access logs have different levels of logging, set in the nsslapd-accesslog-levelattribute. This section provides an overview of default access logging content, log-levels, and the content logged at different logging levels.

“Access logging levels”

“Default access logging content”

“Access log content for additional access logging levels”

NOTE:

Directory Server provides a script which can analyze access logs to extract usage statistics and count the occurrences of significant events. For details about this script, see “logconv.pl (Log converter)” section.

5.1.1 Access logging levels

Different levels of access logging generate different amounts of detail and record different kinds of operations. The log level is set in the instance's nsslapd-accesslog-level configuration attribute. The default level of logging is 256, which logs access to an entry, but there are five different log levels available:

0No access logging.

4Logging for internal access operations.

5.1 Access log reference 173

Page 173
Image 173
HP UX Identity Security Software manual Access log reference, Access logging levels