| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
Viewing Directory Proxy Server Logs
Configuring Directory Proxy Server Logs
To Configure Directory Proxy Server Logs
To Configure Directory Proxy Server Access Log etimes Units
Configuring Directory Proxy Server Log Rotation
To Configure Periodic Log Rotation
Example Configurations for Log Rotation
Rotating the Log Based on Log Size
Rotating the Log Based on Time
Rotating the Log Based on Time and Log Size
Compressing Log Files After Rotation
Deleting Directory Proxy Server Logs
To Configure Log Deletion Based on Time
To Configure Log Deletion Based on File Size
To Configure Log Deletion Based on Free Disk Space
Logging Alerts to the syslogd Daemon
To Configure Directory Proxy Server to Log Alerts to the syslogd Daemon
Configuring the Operating System to Accept syslog Alerts
To Configure the Solaris OS to Accept syslog alerts
To Configure Linux to Accept syslog Alerts
To Configure HP-UX to Accept syslog alerts
Tracking Client Requests Through Directory Proxy Server and Directory Server Access Logs
To Track Operations From Directory Server Through Directory Proxy Server to the Client Application
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
To track the path of a client request, you must understand how requests are logged in the Directory Proxy Server access log and in the Directory Server access log. To understand this section, first read Tracking Client Requests Through Directory Proxy Server and Directory Server Access Logs in Oracle Directory Server Enterprise Edition Reference.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
For example, the following line in the access log shows an operation, op=2 with connection number conn=12839.
[20/Jul/2006:18:01:49 -0500] conn=12839 op=2 msgId=4 - SRCH base="dc=example,dc=com" scope=2 filter="(objectClass=organizationalunit)" attrs=ALL
To obtain this information, search the Directory Server access log to locate all operations with the corresponding connection number. For example, on UNIX systems, run the following grep command to locate all lines in the Directory Server access log that correspond to connection conn=12839:
$ grep conn=12839 access
The line showing the initial LDAP connection is what you are looking for and will be similar to this:
[19/Jul/2006:16:32:51 -0500] conn=12839 op=-1 msgId=-1 - fd=27 slot=27 LDAP connection from 129.153.160.175:57153 to 129.153.160.175
The previous line shows that there is an LDAP connection from 129.153.160.175:57153 to Directory Server. The port number (57153) is the information that is required to link the connection back to the Directory Proxy Server access log. The port number enables you to find the corresponding connection in the Directory Proxy Server log, and to locate the client information from this connection.
If the log files have been rotated since the connection was first established, you need to search the archived log files as well as the current access log file.
To obtain this information, search the Directory Proxy Server access log to locate all operations with the corresponding port number.
You might find multiple entries in the log file with the same port number. To ensure that you locate the correct entry, include the timestamp from the Directory Server log entry in your search.
For example, on UNIX systems, run the following grep command to locate the connection entry that corresponds to the timestamp and port number found in the Directory Server log:
$ grep 19/Jul/2006:16:32 access | grep 57153
Note that the seconds value is excluded from the timestamp to take into account slight differences in server times.
The corresponding line in the Directory Proxy Server log will be similar to this:
[19/Jul/2006:16:32:51 -0500] - SERVER_OP - INFO - Created BIND LDAP connection s_conn=sunds-d1m1-9389:34 client=0.0.0.0:57153 server=idm160.central.sun.com:9389 main
This line shows that Directory Proxy Server created a BIND connection to s_conn=sunds-d1m1-9389:34. Directory Proxy Server identifies itself as the client client=0.0.0.0 on TCP port 57153.
The important information to extract from this line of the log is the server ID and port number (s_conn=sunds-d1m1-9389:34).
To obtain this information, search the Directory Proxy Server access log for all operations with the corresponding server ID and port number.
For example, on UNIX systems, run the following grep command to locate the operation that corresponds to the server ID found in the previous step:
$ grep s_conn=sunds-d1m1-9389:34 access
In this case, it is not useful to search for the timestamp because these operations might span several days. However, you must determine that the operations returned by the search are the correct ones. If there are multiple Create connection statements, ensure that you locate the one that corresponds to the original search statement. To do this, match the timestamp to the timestamp found in Step 1.
The following extract of the Directory Proxy Server access log shows all operations returned for s_conn=sunds-d1m1-9389:34.
[19/Jul/2006:16:32:51 -0500] - SERVER_OP - INFO - Created BIND LDAP connection s_conn=sunds-d1m1-9389:34 client=0.0.0.0:57153 server=idm160.central.sun.com:9389 main [20/Jul/2006:18:01:49 -0500] - SERVER_OP - INFO - conn=31 op=0 BIND dn="cn=directory manager" method="SIMPLE" s_msgid=3 s_conn=sunds-d1m1-9389:34 [20/Jul/2006:18:01:49 -0500] - SERVER_OP - INFO - conn=31 op=0 BIND RESPONSE err=0 msg="" s_conn=sunds-d1m1-9389:34 [20/Jul/2006:18:01:49 -0500] - SERVER_OP - INFO - conn=31 op=1 SEARCH base="dc=example,dc=com" scope=2 s_msgid=4 s_conn=sunds-d1m1-9389:34 [20/Jul/2006:18:01:49 -0500] - SERVER_OP - INFO - conn=31 op=1 SEARCH RESPONSE err=0 msg="" nentries=1 s_conn=sunds-d1m1-9389:34
With this information, you can see that the connection ID for this search operation on Directory Proxy Server is 31 (conn=31).
To obtain this information, search the Directory Proxy Server access log for all operations with the correct connection ID and timestamp. The timestamp to use is the one in the original search statement in Step 1.
For example, on UNIX systems, run the following grep command to locate the client connection IP address:
$ grep "20/Jul/2006:18:01" access | grep conn=31
The line you are interested in is similar to this:
[20/Jul/2006:18:01:49 -0500] - CONNECT - INFO - conn=31 client=129.150.64.156:2031 server=0.0.0.0:11389 protocol=LDAP
A similar line can also be found in the connection log if the connection log was explicitly enabled.
With this information, you can establish precisely who was responsible for the operation performed on Directory Server.
|