Frank.Swasey@uvm.edu wrote:
This is a cryptographically signed message in MIME format.
--------------ms050409020803020407000508 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
On 3/6/07 6:31 PM, quanah@stanford.edu wrote:
I was looking at adding access log configurations to my main database that would log operations based on subtree. For example, I'd like to have all operations on "cn=accounts,dc=stanford,dc=edu" go into one accesslog, and operations on "cn=people,dc=stanford,dc=edu" go into another accesslog. My root is "dc=stanford,dc=edu". There doesn't seem to be a way with the way accesslog is currently designed to do this. I believe it would be a useful feature.
I have wished for a similar capability. However, have always been stopped from proceeding to look at modifying the code because all my consumers need to replicate the full database.
Usually when you have a logging requirement, you need to see everything...
Breaking out options by subtree does seem to be a pretty common need though. It strikes me that we need to solve this once, generically, instead of doing it over and over again in each overlay. That sounds an awful lot like getting full subentry support implemented, or at least a generic subtree search specification handler.
However, it would be nice to be able to break things apart and have them expire out of the accesslog at different times. For instance, our sendmail spam blocking rules live for a max of several hours and so I could expire those from the accesslog after 8 hours, but the core (people, groups, accounts) I'd like to keep for a couple days to make certain they get to the replica servers.
Is that the same kind of thing you are thinking of Quanah?