We have a setup with a very high number of binds, so running with loglevel 256 floods the log file. According to http://www.openldap.org/lists/openldap-software/200205/msg00120.html John Dalbec wrote a patch for this for 2.0.21, but AFAICS it was ever submitted. I would like to have eg. loglevel 64 to see the configuration file processing and then on top of that only failed logins.
Is the only way to accomplish that to rewrite that old patch to the current level, or is there some other way to get there ?
Thanks Andreas Taschner
Andreas Taschner wrote:
We have a setup with a very high number of binds, so running with loglevel 256 floods the log file. According to http://www.openldap.org/lists/openldap-software/200205/msg00120.html John Dalbec wrote a patch for this for 2.0.21, but AFAICS it was ever submitted. I would like to have eg. loglevel 64 to see the configuration file processing and then on top of that only failed logins.
Is the only way to accomplish that to rewrite that old patch to the current level, or is there some other way to get there ?
You should be able to use the accesslog overlay (slapo-accesslog(5)) configured to log only binds and only in case of failure. In that case, logs would appear in the database rather than in the log file. The log database can be purged to keep it under control.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
On 1/11/07, Pierangelo Masarati ando@sys-net.it wrote:
Andreas Taschner wrote:
We have a setup with a very high number of binds, so running with loglevel 256 floods the log file. According to http://www.openldap.org/lists/openldap-software/200205/msg00120.html John Dalbec wrote a patch for this for 2.0.21, but AFAICS it was ever submitted. I would like to have eg. loglevel 64 to see the configuration file processing and then on top of that only failed logins.
Is the only way to accomplish that to rewrite that old patch to the current level, or is there some other way to get there ?
You should be able to use the accesslog overlay (slapo-accesslog(5)) configured to log only binds and only in case of failure. In that case, logs would appear in the database rather than in the log file. The log database can be purged to keep it under control.
p.
I also found that removing the syslog interaction with the accesslog overlay helped improve performance (available cpu) a fair amount.
On Thursday 11 January 2007 16:37, Pierangelo Masarati wrote:
Andreas Taschner wrote:
We have a setup with a very high number of binds, so running with loglevel 256 floods the log file. According to http://www.openldap.org/lists/openldap-software/200205/msg00120.html John Dalbec wrote a patch for this for 2.0.21, but AFAICS it was ever submitted. I would like to have eg. loglevel 64 to see the configuration file processing and then on top of that only failed logins.
Is the only way to accomplish that to rewrite that old patch to the current level, or is there some other way to get there ?
You should be able to use the accesslog overlay (slapo-accesslog(5)) configured to log only binds and only in case of failure.
Is that really possible in OpenLDAP 2.3 from the man-page I only see that you can configure it in a way that only successful operations are logged "logsuccess TRUE", but "logsuccess FALSE" will log everything (failed and successful) Am I overlooking something?
In that case, logs would appear in the database rather than in the log file. The log database can be purged to keep it under control.
p.
Ralf Haferkamp wrote:
Is that really possible in OpenLDAP 2.3 from the man-page I only see that you can configure it in a way that only successful operations are logged "logsuccess TRUE", but "logsuccess FALSE" will log everything (failed and successful) Am I overlooking something?
You're right, sorry for the noise.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
openldap-software@openldap.org
-
Andreas Taschner -
matthew sporleder -
Pierangelo Masarati -
Ralf Haferkamp