Hi,
Playing with openldap 2.5 auditlog. Logging to a file works nicely.
We wonder (as we use graylog for syslog aggregation for all (LDAP) servers) ...
Is it possible to process the auditlogs through syslog?
Tip for all: we have solved so many problems just by searching through graylog... if you don't use graylog (or some other log aggregation tool)... consider implementing it!
--On Wednesday, July 12, 2023 1:42 PM +0200 cYuSeDfZfb cYuSeDfZfb cyusedfzfb@gmail.com wrote:
Hi,
Playing with openldap 2.5 auditlog. Logging to a file works nicely.
We wonder (as we use graylog for syslog aggregation for all (LDAP) servers) ...
Is it possible to process the auditlogs through syslog?
No, nor should there be. Auditlog generates https://www.rfc-editor.org/rfc/rfc2849 structured data.
Generally I have removed all integration with syslog in my environment (using the handy ability to write the slapd operational logs directly to disk in OpenLDAP 2.6). This way I get a 30% or so perf increase and avoid losing information since syslog is very lossy. You also avoid the problems with systemd + syslog causing deadlocks because of the inane concept of journald.
--Quanah
Thanks for your interesting point of view.
BTW...We fully agree on systemd that is creeping in really everywhere nowadays.
Op 13-07-2023 om 17:32 schreef Quanah Gibson-Mount:
--On Wednesday, July 12, 2023 1:42 PM +0200 cYuSeDfZfb cYuSeDfZfb cyusedfzfb@gmail.com wrote:
Hi,
Playing with openldap 2.5 auditlog. Logging to a file works nicely.
We wonder (as we use graylog for syslog aggregation for all (LDAP) servers) ...
Is it possible to process the auditlogs through syslog?
No, nor should there be. Auditlog generates https://www.rfc-editor.org/rfc/rfc2849 structured data.
Generally I have removed all integration with syslog in my environment (using the handy ability to write the slapd operational logs directly to disk in OpenLDAP 2.6). This way I get a 30% or so perf increase and avoid losing information since syslog is very lossy. You also avoid the problems with systemd + syslog causing deadlocks because of the inane concept of journald.
--Quanah
openldap-technical@openldap.org