Hello,
On 2.4.X i didnt have any issues using rsyslog with "local4.* /var/log/slapd/slapd.log" and I would get all the connection and searches done on the db. Which was great!!
I am having a hard time doing the same thing with 2.5.7.
Without any changes to the service file, just running slapd on rocky linux 8 i get these logs on /var/log/slapd/slapd.log only
Sep 23 10:10:18 localhost slapd[3992243]: @(#) $OpenLDAP: slapd 2.5.7 (Aug 19 2021 17:48:53) $#012#011mockbuild@3b6af787015541c89363999d4338d587 :/builddir/build/BUILD/openldap-2.5.7/servers/slapd
If i change the service file with (-d 256): ExecStart=/opt/symas/lib/slapd -d 256 -h ${SLAPD_URLS} $SLAPD_OPTIONS
I get at least these msgs:
614c8ac4.0dc359b2 0x7fdf0f91f700 conn=1000 fd=17 ACCEPT from IP=[xxxx]:55556 (IP=[xxxx]:389) 614c8ac4.0dc5b882 0x7fdf0f91f700 conn=1000 op=0 BIND dn="" method=128 614c8ac4.0dc709f0 0x7fdf0f91f700 conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000016 etime=0.000135 text= 614c8ac4.17c7146d 0x7fdf0f91f700 conn=1000 op=1 SRCH base="dc=domain,dc=net" scope=2 deref=0 filter="(objectClass=*)" 614c8ac4.36abd8fd 0x7fdf0f91f700 conn=1000 op=1 SEARCH RESULT tag=101 err=4 qtime=0.000028 etime=0.518395 nentries=500 text= 614c8ac5.06b07c4b 0x7fdf0f91f700 conn=1000 op=2 UNBIND 614c8ac5.06b1d67d 0x7fdf0f91f700 conn=1000 fd=17 closed
But unfortunately I do not get them to log into my slapd.log file. I even added -l local4 but no change. Is (-d 256) even correct?
/opt/symas/lib/slapd -d ? Installed log subsystems:
Any (-1, 0xffffffff) Trace (1, 0x1) Packets (2, 0x2) Args (4, 0x4) Conns (8, 0x8) BER (16, 0x10) Filter (32, 0x20) Config (64, 0x40) ACL (128, 0x80) Stats (256, 0x100) Stats2 (512, 0x200) Shell (1024, 0x400) Parse (2048, 0x800) Sync (16384, 0x4000) None (32768, 0x8000)
Any input as to what I may be doing wrong is much appreciated!
Thank you, Dave
On 9/23/21 16:22, Dave Macias wrote:
If i change the service file with (-d 256): ExecStart=/opt/symas/lib/slapd -d 256 -h ${SLAPD_URLS} $SLAPD_OPTIONS
I get at least these msgs: [..]
Option -d sends messages to stderr which most times are sent to systemd-journald but without syslog facility applied.
Also note that today most Linux distros let systemd-journald listen on /dev/log and journald is configured to forward the syslog messages to e.g. rsyslog via another socket. Oh, well...
Ciao, Michael.
Option -d sends messages to stderr which most times are sent to systemd-journald but without syslog facility applied.
Thank you for the reply That makes sense as to why when setting rsyslog as "*.* /var/log/slapd/slapd.log" i would get all the connection msg plus non slapd.
I guess then the question becomes, how can I log those "SEARCH/BIND/RESULT/ect" logs with syslog? Is that possible?
Sep 23 11:28:53 xx slapd[4093535]: 614c9d35.085ebaa4 0x7fccd2e68700 conn=1000 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000020 etime=0.543925 nentries=1 text= Sep 23 11:28:53 xx slapd[4093535]: 614c9d35.125f76d3 0x7fccd3669700 conn=1000 op=2 UNBIND Sep 23 11:28:53 xx slapd[4093535]: 614c9d35.1260c23d 0x7fccd3669700 conn=1000 fd=17 closed Sep 23 11:29:03 xx slapd[4093535]: 614c9d3f.09372be6 0x7fccd2e68700 conn=1005 fd=17 ACCEPT from IP=[xxx]:47720 (IP=[xxx]:389) Sep 23 11:29:03 xx slapd[4093535]: 614c9d3f.0946ffb3 0x7fccd3669700 conn=1005 op=0 BIND dn="" method=128 Sep 23 11:29:03 xx slapd[4093535]: 614c9d3f.09487362 0x7fccd3669700 conn=1005 op=0 RESULT tag=97 err=0 qtime=0.000028 etime=0.000128 text= Sep 23 11:29:03 xx slapd[4093535]: 614c9d3f.134838d7 0x7fccd2e68700 conn=1005 op=1 SRCH base="dc=domain,dc=net" scope=2 deref=0 filter="(idnsName=xxx)" Sep 23 11:29:03 xx slapd[4093535]: 614c9d3f.31f95a03 0x7fccd2e68700 conn=1005 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000032 etime=0.515007 nentries=1 text= Sep 23 11:29:04 xx slapd[4093535]: 614c9d40.00d3ba3a 0x7fccd3669700 conn=1005 op=2 UNBIND Sep 23 11:29:04 xx slapd[4093535]: 614c9d40.00d4ee4f 0x7fccd3669700 conn=1005 fd=17 closed
Thank you
--On Thursday, September 23, 2021 12:36 PM -0400 Dave Macias davama@gmail.com wrote:
Option -d sends messages to stderr which most times are sent to systemd-journald but without syslog facility applied.
Thank you for the reply That makes sense as to why when setting rsyslog as "*.* /var/log/slapd/slapd.log" i would get all the connection msg plus non slapd.
I guess then the question becomes, how can I log those "SEARCH/BIND/RESULT/ect" logs with syslog? Is that possible?
If your openldap *loglevel* is 256, then it will log to local4 syslog assuming your syslog is configured correctly.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 9/23/21 17:36, Dave Macias wrote:
Option -d sends messages to stderr which most times are sent to systemd-journald but without syslog facility applied.Thank you for the reply That makes sense as to why when setting rsyslog as "*.* /var/log/slapd/slapd.log" i would get all the connection msg plus non slapd.
I guess then the question becomes, how can I log those "SEARCH/BIND/RESULT/ect" logs with syslog? Is that possible?
If you set loglevel in slapd.conf (or the appropriate attribute in cn=config) slapd will send its log messages to /dev/log. Now you have to find out which logging demon is listening on this socket and how to configure it to match your needs.
Personally I have on my systems:
In file /etc/systemd/journald.conf:
[Journal] Storage=none ForwardToSyslog=yes
In /etc/rsyslog.conf:
$AddUnixListenSocket /dev/log
And I start slapd with -d 0 and loglevel set.
YMMV.
Ciao, Michael.
--On Thursday, September 23, 2021 6:45 PM +0200 Michael Ströder michael@stroeder.com wrote:
Personally I have on my systems:
In file /etc/systemd/journald.conf:
[Journal] Storage=none ForwardToSyslog=yes
In /etc/rsyslog.conf:
$AddUnixListenSocket /dev/log
And I start slapd with -d 0 and loglevel set.
As a side note, I've encountered deadlocks on RHEL7 on extremely busy systems when journald is integrated with syslog like this. It also has a strong negative effect on performance. Whether the deadlock is RHEL7 specific or not is unknown.
When OpenLDAP 2.6 releases, syslog (and journald) can be bypassed entirely and a purely local log file can be used, resulting in a significant performance increase.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount quanah@symas.com schrieb am 23.09.2021 um 18:23 in
Nachricht <CCB081B25BAA15B3E2B491A7@[192.168.1.11]>:
--On Thursday, September 23, 2021 6:45 PM +0200 Michael Ströder michael@stroeder.com wrote:
Personally I have on my systems:
In file /etc/systemd/journald.conf:
[Journal] Storage=none ForwardToSyslog=yes
In /etc/rsyslog.conf:
$AddUnixListenSocket /dev/log
And I start slapd with -d 0 and loglevel set.
As a side note, I've encountered deadlocks on RHEL7 on extremely busy systems when journald is integrated with syslog like this. It also has a strong negative effect on performance. Whether the deadlock is RHEL7 specific or not is unknown.
When OpenLDAP 2.6 releases, syslog (and journald) can be bypassed entirely and a purely local log file can be used, resulting in a significant performance increase.
Out of curiosity: When is that log file flushed (entry-based, time-based, priority-based). It may make a difference when slapd crashes.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Dave Macias -
Michael Ströder -
Quanah Gibson-Mount -
Ulrich Windl