HP UX Identity Security Software 5.3 Audit log reference

Example 5-6 Config file processing log entry

[09/Aug/2009:16:08:18 -0500] - reading config file /etc/opt/dirsrv/slapd-instance_name/slapd-collations.conf [09/Aug/2009:16:08:18 -0500] - line 46: collation "" "" "" 1 3

2.16.840.1.113730.3.3.2.0.1 default [09/Aug/2009:16:08:18 -0500] - line 57: collation en "" "" 1 3

2.16.840.1.113730.3.3.2.11.1 en en-US [09/Aug/2009:16:08:18 -0500] - line 58: collation en CA "" 1 3

2.16.840.1.113730.3.3.2.12.1 en-CA [09/Aug/2009:16:08:18 -0500] - line 59: collation en GB "" 1 3

2.16.840.1.113730.3.3.2.13.1 en-GB

There are two levels of ACI logging, one for debug information and one for summary. Both of these ACI logging levels records some extra information that is not included with other types of plug-ins or error logging, including connection and operation information. Show the name of the plug-in, the bind DN of the user, the operation performed or attempted, and the ACI which was applied. The debug level shows the series of functions called in the course of the bind and any other operations, as well.

Example 5-7 “Access control summary logging” shows the summary access control log entry.

Example 5-7 Access control summary logging

[09/Aug/2009:16:02:01 -0500] NSACLPlugin - #### conn=24826547353419844 op=1 binddn="uid=scarter,ou=people,dc=example,dc=com" [09/Aug/2009:16:02:01 -0500] NSACLPlugin - conn=24826547353419844 op=1 (main): Allow search on entry(ou=people,dc=example,dc=com).attr(uid) to uid=scarter,ou=people,dc=example,dc=com: allowed by aci(2): aciname= "En\ able anonymous access", acidn="dc=example,dc=com"

5.3 Audit log reference

The audit log records changes made to the server instance. Unlike the error and access log, the audit log does not record access to the server instance, so searches against the database are not logged.

The audit log is formatted differently than the access and error logs and is basically like a time-stamped LDIF file. The operations recorded in the audit log are formatted as LDIF statements:

timestamp: date

dn: modified_entry

changetype: action

action:attribute

attribute:new_value

-

replace: modifiersname

modifiersname: dn

-

replace: modifytimestamp

modifytimestamp: date

-

LDIF files and formats are described in more detail in the "LDAP Data Interchange Format" appendix of the HP-UX Directory Server administrator guide.

Several different kinds of audit entries are shown in Example 5-8 “Audit log content”.

186 Log file reference