Craig wrote:
Hi, I was recently looking at our logs and trying to figure out what an appropriate logging level is for a stable, production system.
What I would really like is a log (or logs) that contain:
- the request made
- the client (IP) that made the request
- how much time it took to answer the request
- any errors, with LDAP error codes including errors with configs
- syncrepl info, eg: "sync completed added 2 entries, changed 4"
The current log level scheme doesn't seem to support that. (Please correct me if I'm wrong.) I guess I am looking for something more like Apache's logging (access/request log and an error log).
While openldap uses syslog, there is no mention of it supporting "debug/info/error/warn" type of log differentiation.
Is it possible to do all of the above "today"? If not, is it "on the plan"?
There is no "plan" - OpenLDAP grows when an interested developer shows up and writes code that they're interested in. There was an effort to introduce various log levels back in the OpenLDAP 2.1 timeframe but it turned out to be too cumbersome and we eventually gave up on it. If someone else wants to take a stab at it, they're welcome to give it a go.
I think loglevel "stats" already provides most of what you want. Add loglevel "sync" to that and you should be good to go. We don't display request timing info but syslog already timestamps all of its messages. In general, the system calls to retrieve the system time are pretty expensive and it's not an interesting number most of the time. When problems crop up, with requests taking excessive time, that'll already be obvious in the regular syslog timestamps.
Is there any plan to move away from using syslog? Or at least, make it configurable which syslog facility to use? (Not having "local4" hardcoded.)
Any comments would be appreciated.
local4 is not hardcoded in current releases. If it's hardcoded in the version you're running, then whatever you're running is too old.