Turns audit logging on and off | HP UX Identity Security Software

2.3.1.23 nsslapd-auditlog-logging-enabled (Audit log enable logging)

Turns audit logging on and off.

Parameter	Description
Entry DN	cn=config
Valid Values	on or off
Default Value	off
Syntax	DirectoryString
Example	nsslapd-auditlog-logging-enabled: off

For audit logging to be enabled, this attribute must have a valid path and parameter and the nsslapd-auditlog-logging-enabledconfiguration attribute must be switched to on. Table 2-5lists the four possible combinations of values for these two configuration attributes and their outcome in terms of disabling or enabling of audit logging.

Table 2-5 Attribute values for enabling or disabling audit logging

Value of the
nsslapd-auditlog-logging-enabled
Attribute	Value of the nsslapd-auditlog Attribute	Resulting logging state
on	empty string	Disabled
on	filename	Enabled
off	empty string	Disabled
off	filename	Disabled

2.3.1.24 nsslapd-auditlog-logmaxdiskspace (Audit log maximum disk space)

This attribute sets the maximum amount of disk space in megabytes that the audit logs are allowed to consume. If this value is exceeded, the oldest audit log is deleted.

When setting a maximum disk space, consider the total number of log files that can be created due to log file rotation. Also remember that there are three different log files (access log, audit log, and error log) maintained by the Directory Server, each of which consumes disk space.

Compare these considerations with the total amount of disk space for the audit log.

Parameter	Description
Entry DN	cn=config
Valid Range	-1 1 to the maximum 32-bit integer value (2147483647), where a value of -1 means that the
	disk space allowed to the audit log is unlimited in size.
Default Value	500
Syntax	Integer
Example	nsslapd-auditlog-logmaxdiskspace: 500

32 Core server configuration reference

Image 32

HP UX Identity Security Software Nsslapd-auditlog-logging-enabled Audit log enable logging, Turns audit logging on and off

Contents

HP-UX Directory Server Version Page Table of Contents Table of Contents Table of Contents 3.3 3.4Nsssl3ciphers Nsslapd-state Nsslapd-backend 113 Password Storage Schemes Schema reload plug-inNsslapd-pluginEnabled Nsslapd-idl-switch Cn=userRoot, cn=ldbm database, cn=plugins, cn=config Cn=ldbm database, cn=plugins, cn=configNsMaxResponseDelay NsMaxTestResponseDelay 169 173 189 239 Finding and executing command-line scripts 215215 257 243247 Page Directory Server configuration Using Directory Server command-line utilitiesDirectory Server configuration Directory Server instance file reference Using Directory Server command-line scripts Introduction Overview of the Directory Server configuration Ldif and schema configuration files Directory Server Ldif configuration files How the server configuration is organized Configuration attributesConfiguration of plug-in functionality Directory Server Ldif configuration files Accessing and modifying server configuration Access control for configuration entriesConfiguration of databases Configuration of indexes Where Changing configuration attributesModifying configuration entries using Ldap Core server configuration attributes reference Configuration changes requiring server restart 1 cn=config Nsslapd-accesslog Access log Nsslapd-accesslog-level Access log level Nsslapd-accesslog-list List of access log filesNsslapd-accesslog-logbuffering Log buffering Attribute values for enabling or disabling access logging Nsslapd-accesslog-logging-enabled Access log enable logging Default Value Syntax Directory String ExampleValid Values Valid Range SyntaxDirectoryString Example EntryDN Cn=config Valid RangeDisk space allowed to the access log is unlimited in size Syntax DirectoryString Example Nsslapd-accesslog-logrotationtime Access log rotation time Nsslapd-accesslog-maxlogsize Access log maximum log size Nsslapd-accesslog-mode Access log file permission SyntaxInteger Example ValidRange Through Default Value 600 Syntax Integer Example Default Value Off Syntax DirectoryString ExampleNsslapd-attribute-name-exceptions Nsslapd-auditlog Audit log Nsslapd-auditlog-list Attribute values for enabling or disabling audit loggingProvides a list of audit log files EntryDN Nsslapd-auditlog-logging-enabled Audit log enable logging Entry DN Cn=config Valid ValuesTurns audit logging on and off Disk space allowed to the audit log is unlimited in size Valid Range Through Default Value Syntax Integer Example Nsslapd-auditlog-logrotationsynchour Time between audit log file rotation is unlimited Nsslapd-auditlog-logrotationtime Audit log rotation timeSyntax Integer Example Nsslapd-auditlog-logrotationsyncmin None Read only Execute only Nsslapd-auditlog-maxlogsize Audit log maximum log sizeNsslapd-auditlog-mode Audit log file permission Write access to the server user ID Nsslapd-certdir Certificate and key database directoryNsslapd-certmap-basedn Certificate map search base Write only Read and write Write and execute Nsslapd-config This read-only attribute is the config DNNsslapd-conntablesize Nsslapd-counters Nsslapd-ds4-compatible-schema Default Value Syntax DirectoryString ExampleDefault Value Off Core server configuration reference Nsslapd-csnlogging Attribute values for enabling or disabling error logging Nsslapd-errorlog Error logNsslapd-errorlog-level Error log level Nsslapd-errorlog-list This read-only attribute provides a list of error log files Nsslapd-errorlog-logging-enabled Enable error logging Turns error logging on and off Disk space allowed to the error log is unlimited in size Nsslapd-errorlog-logrotationtime Error log rotation time Time between error log file rotation is unlimited Nsslapd-errorlog-maxlogsize Maximum error log size Nsslapd-groupevalnestlevel Nsslapd-errorlog-mode Error log file permissionNsslapd-idletimeout Default idle timeout Nsslapd-ioblocktimeout IO block time out Default Value Syntax Integer Example Nsslapd-idletimeoutNsslapd-instancedir Instance directory Nsslapd-lastmod Track modification time Nsslapd-listenhost Listen to IP address Nsslapd-ldapilisten Enable Ldapi socketNsslapd-ldapifilepath Ldapi socket file path Default Value SyntaxDirectoryString Example Nsslapd-localhost Local hostNsslapd-localuser Local user Nsslapd-lockdir Server lock file directory Nsslapd-maxbersize Maximum message size Nsslapd-maxdescriptors Maximum file descriptors Nsslapd-maxsasliosize Maximum Sasl packet size This attribute value is specified in bytes Nsslapd-maxthreadsperconn Maximum threads per connectionNsslapd-nagle Nsslapd-outbound-ldap-io-timeout Default Value Core server configuration referenceNsslapd-plugin Nsslapd-port Port number But the request is for this entry Nsslapd-readonly Read onlyNsslapd-referral Referral Nsslapd-referralmode Referral mode Nsslapd-reservedescriptors Reserved file descriptors Nsslapd-return-exact-case Return exact case Nsslapd-rewrite-rfc1274 Nsslapd-rootdn Manager DN Nsslapd-rootpw Root passwordDefault Value Syntax Nsslapd-rootpwstoragescheme Root password storage scheme Nsslapd-saslpath Nsslapd-schemacheck Schema checking Nsslapd-schemadir Nsslapd-securePort Encrypted port number Nsslapd-schemareplaceNsslapd-securelistenhost Nsslapd-security Security Nsslapd-sizelimit Size limit Nsslapd-timelimit Time limit Default Value Syntax Integer Example Nsslapd-threadnumberNsslapd-threadnumber Thread number PasswordChange Password change Indicates whether users may change their passwordsNsslapd-tmpdir Nsslapd-versionstring PasswordCheckSyntax Check password syntax PasswordExp Password expiration PasswordGraceLimit Password expiration PasswordHistory Password historyPasswordInHistory Number of passwords to remember Default Value Syntax Integer Example PasswordGraceLimit PasswordLockoutDuration Lockout duration PasswordIsGlobalPolicy Password policy and replicationPasswordLockout Account lockout PasswordMaxAge Password maximum age PasswordMaxFailure Maximum password failuresPasswordMaxRepeats Password syntax Default Value Syntax Integer Example PasswordMaxFailure Default Value Syntax Integer Example PasswordMinAge PasswordMin8Bit Password syntaxPasswordMinAge Password minimum age PasswordMinAlphas Password syntax PasswordMinCategories Password syntaxPasswordMinDigits Password syntax PasswordMinLength Password minimum length PasswordMinTokenLength Password syntax PasswordMinLowers Password syntaxPasswordMinSpecials Password syntax PasswordStorageScheme Password storage scheme PasswordMinUppers Password syntaxPasswordMustChange Password must change PasswordUnlock Unlock account PasswordWarning Send warning 2 cn=changelog5,cn=config Nsslapd-changelogdir 3 cn=encryption,cn=config NssslsessiontimeoutNsslapd-changelogmaxage Max changelog age Nsslapd-changelogmaxentries Max changelog records Means disallow certificate-based authentication Default Value Off Syntax DirectoryString Example Nsssl2 offNssslclientauth NsSSL2 4 cn=features,cn=config 5 cn=mapping tree,cn=configSuffix configuration attributes under cn=suffixName Nsssl3ciphers Nsslapd-state Nsslapd-backendDetermines how the suffix handles operations To requests made by client applications NsDS5ReplicaChangeCount NsDS5FlagsNsDS5ReplicaBindDN NsDS5ReplicaPurgeDelay NsDS5ReplicaIdNsDS5ReplicaLegacyConsumer NsDS5ReplicaName NsDS5ReplicaTombstonePurgeInterval NsDS5ReplicaReferralNsDS5ReplicaRoot NsState NsDS5ReplicaTypeNsDS5ReplicaReapActive Description NsDS5ReplConflict8.1 cn NsDS5ReplicaBindMethod NsDS5ReplicaBusyWaitTime Schema NsDS5ReplicaChangesSentSinceStartupNsDS5ReplicaCredentials NsDS5ReplicaHost NsDS5ReplicaLastInitEnd NsDS5ReplicaLastInitStartNsDS5ReplicaLastInitStatus Time NsDS5ReplicaLastUpdateEnd NsDS5ReplicaLastUpdateStartNsDS5ReplicaLastUpdateStatus NsDS5ReplicaPort Default Value SyntaxInteger ExamplensDS5ReplicaPort389 NsDS5ReplicaPriority NsDS5BeginReplicaRefresh NsDS5ReplicaSessionPauseTime NsDS5ReplicatedAttributeList NsDS5ReplicaTimeoutValid Range Default Value SyntaxDirectoryString Example NsDS5ReplicaTransportInfo NsDS5ReplicaUpdateInProgressNsDS5ReplicaUpdateSchedule Sunday NsDS5ReplicaLastUpdateEndNsDS50ruv Nsds7NewWinGroupSyncEnabled Nsds7NewWinUserSyncEnabledNsds7DirectoryReplicaSubtree Nsds7DirsyncCookie 10 cn=monitor Nsds7WindowsDomainNsds7WindowsReplicaSubtree WinSyncInterval For example Connection tableGreenwich Mean Time This is the number of completed operations 12 cn=SNMP,cn=config NssnmpenabledThis attribute sets whether Snmp is enabled 11 cn=replication Nssnmporganization NssnmplocationNssnmpcontact Nssnmpdescription Snmp statistic attributes NssnmpmasterhostNssnmpmasterport Snmp statistic attributes 14 cn=tasks,cn=config Snmp statistic attributes Task invocation attributes for entries under cn=tasks Entry DN 14.2 cn=import,cn=tasks,cn=config Default Value Syntax DirectoryString Example Ttl NsFilename file1.ldif NsFilename file2.ldif Default Value Syntax Integer Example NsImportChunkSize 14.3 cn=export,cn=tasks,cn=config Valid Values Any DN Core server configuration reference Default Value Syntax DN, multi-valued Example Syntax Case-insensitive string Example NsUseOneFile trueSyntax Case-insensitive string Example NsExportReplica true Syntax Case-insensitive string Example NsPrintKey false 14.4 cn=backup,cn=tasks,cn=config Syntax Case-insensitive string Example NsUseId2Entry trueSyntax Case-insensitive string Example NsNoWrap false Syntax Case-insensitive string Example NsDumpUniqId true 14.5 cn=restore,cn=tasks,cn=config 14.6 cn=index,cn=tasks,cn=config Syntax Case-exact string Example 14.7 cn=schema reload task,cn=tasks,cn=config NsIndexAttribute attributeindex1,index2 14.8 cn=memberof task,cn=tasks,cn=config 15 cn=uniqueid generator,cn=config 112 Server plug-in functionality reference Server plug-in functionality reference1 7-bit check plug-in Attribute uniqueness plug-in ACL plug-inACL preoperation plug-in Binary syntax plug-in Boolean syntax plug-in Plug-in Name Chaining Database DN of Configuration Entry Description Syntax for handling DNs Configurable OptionsCase exact string syntax plug-in Case ignore string syntax plug-in Class of service plug-in Country string syntax plug-inDistinguished name syntax plug-in Dependencies None Performance Related Distributed numeric assignment plug-in Generalized time syntax plug-inDetails of distributed numeric assignment plug-in Plug-in Name Http client plug-in Internationalization plug-in Jpeg syntax plug-in Ldbm database plug-inLegacy replication plug-in Information Further Information Details of MemberOf plug-in MemberOf plug-inMulti-master replication plug-in OID syntax plug-in Password Storage SchemesOctet string syntax plug-in Password storage plugins Postal address string syntax plug-in PTA plug-in Referential integrity postoperation plug-in Retro Changelog plug-in Roles plug-inBoth presence and equality Applications Space insensitive string syntax plug-in Schema reload plug-inDetails of schema reload plug-in Telephone syntax plug-in URI syntax plug-inViews plug-in Resource Locators List of attributes common to all plug-ins Account policy plug-inNsslapd-pluginPath This attribute specifies the full path to the plug-in Nsslapd-pluginEnabled Nsslapd-pluginInitfuncNsslapd-pluginType Nsslapd-pluginId Attributes allowed by certain plug-ins Nsslapd-pluginVersionNsslapd-pluginVendor Nsslapd-pluginDescription Nsslapd-plugin-depends-on-named Nsslapd-pluginLoadGlobalNsslapd-plugin-depends-on-type Database plug-in attributes NsLookthroughLimit Nsslapd-cache-autosize Nsslapd-cache-autosize-split Platforms Nsslapd-dbcachesizeNsslapd-db-checkpoint-interval Default Value Database plug-in attributes Nsslapd-db-circular-loggingNsslapd-db-debug Nsslapd-db-durable-transactions Nsslapd-db-home-directory Nsslapd-db-idl-divisor Nsslapd-db-logdirectory Automatically adjusted to the minimum valueNsslapd-db-logbuf-size Valid Range Bytes to 64 kilobytes Default Value Nsslapd-db-logfile-sizeNsslapd-db-page-size Nsslapd-db-private-import-mem Nsslapd-db-spin-count Nsslapd-db-transaction-batch-val Nsslapd-dbncache Nsslapd-db-trickle-percentageNsslapd-db-verbose Nsslapd-exclude-from-export Nsslapd-idl-switchNsslapd-directory Nsslapd-import-cache-autosize Nsslapd-idlistscanlimitNsslapd-import-cachesize No access for other users Default Value 600 Database plug-in attributesNsslapd-mode Memory to importCache Nsslapd-serial-lock Nsslapd-search-bypass-filter-testNsslapd-search-use-vlv-index Nsslapd-cachesize Nsslapd-cachememsize Nsslapd-suffix Nsslapd-readonlyNsslapd-require-index Database plug-in attributes This attribute provides the name of the attribute to index 5.1 cnNsSystemIndex NsIndexType NsMatchingRule NsSubStrBegin Indexed attribute representing a subentry NsSubStrEnd NsSubStrMiddle Encrypted attributes under the cn=config node Database link plug-in attributes chaining attributes NsEncryptionAlgorithmNsActiveChainingComponents Database link plug-in attributes chaining attributes Nspossiblechainingcomponents NsMaxResponseDelayNsMaxTestResponseDelay NsBindConnectionsLimit NsTransmittedControlsNsAbandonedSearchCheckInterval NsBindTimeout Default Value Syntax Integer ExampleNsBindRetryLimit NsCheckLocalACI NsConcurrentBindLimit NsConcurrentOperationsLimitNsConnectionLife NsOperationConnectionsLimit NsSizeLimit NsProxiedAuthorizationNsReferralOnScopedSearch NsTimeLimit NsBindMechanism Valid Values Empty NsFarmServerURLNsMultiplexorBindDN Encryption schema NsMultiplexorCredentialsNshoplimit NsUseStartTLS Retro changelog plug-in attributes Nsslapd-changelogdir Distributed numeric assignment plug-in attributes Nsslapd-changelogmaxage Max changelog ageDnaFilter DnaMagicRegen DnaNextValue DnaMaxValueDnaNextRange DnaRangeRequestTimeout Default Value Syntax Integer Example DnaNextValueDnaPrefix Bit systems DnaThreshold DnaScopeDnaSharedCfgDN MemberOf plug-in attributes DnaTypeMemberofattr Memberofgroupattr Account policy plug-in attributes Backup files Configuration filesOverview of Directory Server files Database files Setup-ds-admin.plscript is run At setup for example, dc=example,dc=comUsed internally by the database and should not be moved Deleted, or modified in any way Ldif files Lock filesLog files PID files Tools Scripts Access log reference Access logging levels Default access logging content Example 5-1 Example access logConnection number File descriptor Error number Slot numberOperation number Method type Ldap request type Number of entriesElapsed time Unindexed search indicator Ldap response typeVLV-related entries Search scope Extended operation OID Change sequence numberAbandon message LDAPv3 extended operations supported by Directory Server Sasl multi-stage bind logging Access log content for additional access logging levelsMessage ID Options description Common connection codesConnection description Error log reference Error log logging levelsError log levels Common connection codes Error log content Error log levels Error log content for other log levels Example 5-3 Error log excerpt Example 5-4 Replication error log entry Into pending list Timestamp Pluginname message Timestamp function message Audit log reference Example 5-6 Config file processing log entryExample 5-7 Access control summary logging Example 5-8 Audit log content Ldap result codesAudit log does not have any other log level to set Ldap result codes Adminlimitexceeded Ldap Ldap result codesReferral Ldap Ldap Finding and executing command-line utilities Using special charactersCommand-line utilities quick reference Commonly-used command-line utilities Ldapsearch Ldapsearch syntaxCommonly-used ldapsearch options Ldapsearch syntax Commonly-used ldapsearch options Persistent search options Ldapsearch SSL optionsCommonly-used ldapsearch options Persistent search options Ldapsearch Sasl options Additional SSL ldapsearch options Sasl options Description of CRAM-MD5 mechanism options Do not permit mechanisms that allow anonymous access Description of CRAM-MD5 mechanism optionsDo not permit mechanisms susceptible to active attacks Require forward secrecy Maxbufsize Following UID. For example Description of DIGEST-MD5 Sasl mechanism optionsRequired Mech=DIGEST-MD5 Gives the Sasl Mechanism 10 Additional ldapsearch options Additional ldapsearch optionsDescription of Gssapi Sasl mechanism options 10 Additional ldapsearch options Ldapmodify Ldapmodify syntaxCommonly-used ldapmodify options 11 Commonly-used ldapmodify options 12 ldapmodify SSL options Ldapmodify SSL options11 Commonly-used ldapmodify options 13 Sasl options Ldapmodify Sasl options12 ldapmodify SSL options 14 Additional ldapmodify options LdapdeleteAdditional ldapmodify options Ldapdelete syntax Commonly-used ldapdelete optionsLdapdelete SSL options 15 Commonly-used ldapdelete options 17 Sasl options Ldapdelete Sasl options16 ldapdelete SSL options Ldappasswd Additional ldapdelete optionsLdappasswd syntax 18 Additional ldapdelete options Ldappasswd-specific options General ldappasswd options19 ldappasswd-specific options 20 General ldappasswd options Ldappasswd Sasl options 20 General ldappasswd options Six values Ldappasswd examples21 Sasl options Example 6-2 Directory Manager generating a users password Example 6-3 User changing his own passwordLdif Ldif Ldif command has the following format DbscanLdif syntax Ldif options Dbscan options Dbscan examples23 Common options 24 Entry file options Example 6-8 Displaying VLV index file contents Example 6-13 Displaying the changelog file contentsExample 6-14 Dumping the index file uid.db4 with raw mode Example 6-7 Dumping the entry file Finding and executing command-line scripts Command-line scripts quick referenceSaveconfig Shell scripts in /opt/dirsrv/slapd-instancename Shell scripts Perl scripts in /opt/dirsrv/slapd-instancenameScripts in /opt/dirsrv/bin This section covers the following scripts 1 bak2db Restores a database from backup Cl-dump Dumps and decodes the changelogSyntax Bak2db options Dbverify Checks for corrupt databases Cl-dump optionsOptions Dbverify options 4 db2bak Creates a backup of a database 5 db2ldif Exports database contents to Ldif 6 db2index Reindexes database index files Ldif2db ImportReindex cn and givenname in the database instance userRoot Db2index options Pwdhash Prints encrypted passwords Ldif2ldap Performs import operation over LdapLdif2db options 10 ldif2ldap options Monitor Retrieves monitoring information Repl-monitor Monitors replication status11 pwdhash options Syntax monitor Hostportbinddnbindpwdbindcert Restart-slapd Restarts the Directory Server Restoreconfig Restores Administration Server configurationSaveconfig Saves Administration Server configuration Start-slapd Starts the Directory Server Stop-slapd Stops the Directory ServerSuffix2instance Maps a suffix to a backend name Vlvindex Creates virtual list view indexes 1 bak2db.pl Restores a database from backup Restores a database from a backupPerl scripts Options Either the -nor the -soption must be specified 3 db2bak.pl Creates a backup of a database 19 cl-dump.pl command optionsCreates a backup of the database Cl-dump.pl Dumps and decodes the changelog 5 db2ldif.pl Exports database contents to Ldif 4 db2index.pl Creates and generates indexes Fixup-memberof.pl Regenerate memberOf attributes 22 db2ldif.pl options 24 ldif2db.pl options Ldif2db.pl Import23 fixup-memberof.pl options 24 ldif2db.pl options 25 Information extracted from access logsLogconv.pl Log converter 26 logconv.pl options 28 ns-accountstatus.pl options Ns-accountstatus.pl Establishes account status27 logconv.pl options to display occurrences Ns-activate.pl Activates an entry or group of entries Ns-inactivate.pl Inactivates an entry or group of entriesActivates an entry or group of entries 29 ns-activate.pl options Repl-monitor.pl Monitors replication status 31 ns-newpwdpolicy.pl optionsShows in-progress status of replication 32 repl-monitor.pl options Where Schema-reload.pl Reload schema files dynamically 33 schema-reload.pl optionsSchemadirectory script uses the default schema directory Verify-db.pl Check for corrupt databases Usage information Command, then it uses the default database directory34 verify-db.pl option How to contact HP technical support Contacting HPInformation to collect before contacting HP HP authorized resellers Support and other resources Related informationHP-UX Directory Server documentation set Troubleshooting resources Typographic conventionsHP-UX documentation set This document uses the following typographical conventions TIP Finding and executing the ns-slapd command-line utilities Exports the contents of the database to LdifOverview of ns-slapd Utilities for exporting databases db2ldif Utilities for restoring and backing up databases ldif2db Table A-1 db2ldif optionsImports Ldif files to the database Table A-2 ldif2db options Utilities for creating and regenerating indexes db2index Utilities for restoring and backing up databases archive2dbUtilities for restoring and backing up databases db2archive Table A-5 db2index options Glossary 247 Bind rule Glossary CoS definition 249 GSS-API Ldap 251 NIS Proxy 253 Sasl Superuser 255 256 257 SymbolsStatistics for monitoring and optimizing directory Suffix and replication configuration entries Read-only monitoring configuration entries 259 Index Database link plug-in configuration attributes 261 Distributed numeric assignment plug-in configuration Ldap 263 NsDS5ReplicaChangesSentSinceStartup attribute 265 Page 267 Index 269 Index 271