Example 5-2 Access log extract with internal access operations level (level 4)

[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0 fil\ ter="objectclass=nsMappingTree"attrs="nsslapd-referral" op\ tions=persistent

[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1etime=0

[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0 fil\ ter="objectclass=nsMappingTree" attrs="nsslapd-state" [12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1etime=0

Access log level 4 enables logging for internal operations, which log search base, scope, filter, and requested search attributes, in addition to the details of the search being performed.

In the following example, access logging level 768 is enabled (512 + 256), which logs access to entries and referrals. In this extract, six entries and one referral are returned in response to the search request, which is shown on the first line.

[12/Jul/2009:16:43:02 +0200] conn=306 fd=60 slot=60 connection from 127.0.0.1 to 127.0.0.1 \ [12/Jul/2009:16:43:02 +0200] conn=306 op=0 SRCH base="dc=example,dc=com"

scope=2 filter="(description=*)" attrs=ALL [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="ou=Special

[12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=Accounting Managers,ou=groups,dc=example,dc=com" [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=HR Managers,ou=groups,dc=example,dc=com" [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=QA Managers,ou=groups,dc=example,dc=com" [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=PD Managers,ou=groups,dc=example,dc=com" [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="ou=HP Servers,dc=example,dc=com" [12/Jul/2009:16:43:02 +0200] conn=306 op=0 REFERRAL

5.1.3.1 Connection description

The connection description, in this case conn=Internal, indicates that the connection is an internal connection. The operation number op=-1also indicates that the operation was initiated internally.

[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1

ENTRY dn="cn=\22dc=example,dc=com\22, cn=mapping tree, cn=config"

5.1.3.2 Options description

The options description, in this case options=persistent, indicates that a persistent search is being performed, as distinguished from a regular search operation.. Persistent searches can be used as a form of monitoring and configured to return changes to given configurations as changes occur; this is explained more in the ldapsearch chapter of the HP-UX Directory Server administrator guide.

Both log levels 512 and 4 are enabled for this example, so both internal access operations and entry access and referrals being logged.

Both log levels 512 and 4 are enabled for this example, so both internal access operations and entry access and referrals being logged.

[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0 fil\ ter="objectclass=nsMappingTree"attrs="nsslapd-referral" options=persistent

5.1.4 Common connection codes

A connection code is a code that is added to the closed log message to provide additional information related to the connection closure.

180 Log file reference