Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Logging, Auditing, and Monitoring the Directory, 2 of 4
This section contains these topics:
Oracle Internet Directory enables you to:
This section discusses log messages--those associated with specified LDAP operations and those not. It provides an example of a trace log and explains how to interpret it.
Log messages for a specified operation are stored as a trace object. This object tracks the operation from start to finish across the various Oracle Internet Directory modules. It is entered in the log file when one of the following occur:
Each thread has one contiguous block of information for each operation, and that block is clearly delimited. This makes it easy, in a shared server environment, to follow the messages of different threads, operations, and connections.
If, because of an internal message buffer overflow, a single trace object cannot contain all the information about an operation, then the information is distributed among multiple trace objects. Each distributed piece of information is clearly delimited and has a common header. To track the progress of the operation, you follow the trace objects and their common header to the end, which is marked with the trace message "Operation Complete".
Messages not associated with any LDAP operation are represented in a simple format, which is not object-based. It is entered in the log file when either the operation completes or a high priority message is encountered.
2003/01/28:13:44:27 * Main:1 * Starting up the OiD Server, on node dthakuri-sun 2003/01/28:13:44:27 * Main:1 * Oid Server Connected to DB store via inst1 connect string. 2003/01/28:13:44:27 * Main:1 * OiD LDAP server started. 2003/01/28:13:44:31 * ServerController:1 * INFO * slsfctSpawnDispatcher * Entry 2003/01/28:13:44:31 * ServerController:1 * INFO * gslsfctSpawnDispatcher * Spawned server dispatcher thread successfully. Thread id : 1 2003/01/28:13:44:31 * ServerController:1 * INFO * gslsfctSpawnDispatcher * Exit 2003/01/28:13:44:31 * ServerWorker:6 * INFO : ServerWorker : Entry 2003/01/28:13:44:31 * ServerWorker:6 * INFO : gslsfccRegisterThread : Entry 2003/01/28:13:44:31 * ServerWorker:6 * INFO : gslsfccRegisterThread : Exit 2003/01/28:13:44:31 * ServerWorker:6 * INFO * gslfsfAStr2Filter * Filter="(|(objectclass=referral))" 2003/01/28:13:44:31 * ServerWorker:6 * INFO * gslfsfAStr2Filter * Filter="(objectclass=referral)" 2003/01/28:13:44:31 * ServerWorker:6 * INFO * gslfsfCStr2Simple * Filter="objectclass=referral" 2003/01/28:13:44:31 * ServerWorker:6 * INFO * gslsbnrNormalizeString() String to Normalize: "objectclass" 2003/01/28:13:44:31 * ServerWorker:6 * INFO * gslsbnrNormalizeString() Normalized value: "objectclass" BEGIN 2003/01/28:13:45:49 * ServerWorker:6 * ConnID:0 * OpId:0 * OpName:bind 13:45:49 * INFO * gslfbiADoBind * Entry 13:45:49 * INFO * gslfbiGetControlInfo * Entry 13:45:49 * INFO * gslfbiGetControlInfo * Exit 13:45:49 * INFO * gslfbiADoBind * connID=0 opID=0 Version=3 BIND dn="" method=128 13:45:49 * INFO * gslfrsBSendLdapResult * Entry 13:45:49 * INFO * gslfrsASendLdapResult2 * Entry 13:45:49 * INFO * sgslunwWrite * Entry 13:45:49 * INFO * sgslunwWrite * Exit 13:45:49 * INFO * gslfrsASendLdapResult2 * Exit 13:45:49 * INFO * gslfrsBSendLdapResult * Exit 13:45:49 * INFO * gslfbiADoBind * Exit 13:45:49 * INFO * Total Bind operation time for dn=2588 micro sec and Total Worker time=3434 micro sec END 2003/01/28:13:45:49 * ServerWorker:6 * INFO * ServerWorker * Operation Complete 2003/01/28:13:44:31 * ServerWorker:7 * INFO * ServerWorker : Entry 2003/01/28:13:44:31 * ServerWorker:7 * INFO * gslsfccRegisterThread : Entry 2003/01/28:13:44:31 * ServerWorker:7 * INFO * gslsfccRegisterThread : Exit BEGIN 2003/01/28:13:48:53 * ServerWorker:13 * ConnID:0 * OpId:0 * OpName:bind 13:48:14 * INFO * gslfbiADoBind * Entry 13:48:53 * INFO * gslfbiGetControlInfo * Entry 13:48:53 * INFO * gslfbiGetControlInfo * Exit 13:48:53 * INFO * gslfbiADoBind * conn=0 op=0 Version=3 BIND dn="cn=proxy" method=128 13:48:53 * INFO * gslsbbBind * Entry 13:48:53 * INFO * gslsbnrNormalizeString * String to Normalize: "proxy" 13:48:53 * INFO * gslsbnrNormalizeString * Normalized value: "proxy" 13:48:53 * INFO * gslfrsBSendLdapResult * Entry 13:48:53 * INFO * gslfrsASendLdapResult2 * Entry 13:48:53 * INFO * sgslunwWrite * Entry 13:48:53 * INFO * sgslunwWrite * Exit 13:48:53 * INFO * gslfrsASendLdapResult2 * Exit 13:48:53 * INFO * gslfrsBSendLdapResult * Exit 13:48:53 * INFO * gslsbbBind * Exit 13:48:53 * INFO * gslfbiADoBind:Exit 13:48:53 * INFO * Total Bind operation time for dn = cn=proxy is 3710 micro sec Total Worker time = 4767 micro sec END 2003/01/28:13:48:53 * ServerWorker:13 * INFO * ServerWorker * Operation Complete 2003/01/28:14:05:56 * ServerWorker:6 * FATAL * ServerWorker * Processing shutdown notification 2003/01/28:14:05:56 * ServerWorker:6 * WARNING * ServerWorker * Shutting down worker ID : 6
As shown in the sample messages in the previous section, log information can be associated with either a thread that performs an operation or one that does not. In the case of a thread that performs an operation, the header of the log contains:
A thread that does not perform an operation logs normal trace messages. Its header contains the date, time, and the thread identifier. It does not contain connection and operation-related information.
A trace object starts with the keyword BEGIN
and ends with the keyword END
.
Table 10-1 describes each field in a trace message.
You can set debug logging levels by using either Oracle Directory Manager or the OID Control Utility.
To set the debug logging level:
Ordinarily, you can leave the check boxes on this tab page unselected. However, to generate a log for a specific problem, specify the debug logging level on this tab page.
To set debug logging levels by using the OID Control Utility, restart the Oracle directory server using the -debug
flag for an LDAP server, and the -d
flag for the replication server. Use the debug level number based on Table 10-2.
Because debug levels are additive, you need to add the numbers representing the functions that you want to activate, and use the sum of those in the command-line option.
By default, debug logging is turned off. To turn it on, modify the directory-specific entry (DSE) attribute orcldebugflag
to the level you want. You can configure debug levels to one of the following levels.
To see debug log files generated by the OID Control Utility, navigate to $
ORACLE_HOME/ldap/log
.
Table 10-2 provides the complete list of debug logging levels.
For example, to trace search filter processing (512) and active connection management (256), enter 768 as the debug level (512 + 256 = 768) as follows:
oidctl server=oidldapd instance=1 flags='-debug 768' restart oidctl server=oidrepld instance=1 flags='-h my_host -p 389 -d 768' restart
This example restarts both the Oracle directory server as well as the Oracle directory replication server with the debugging flags.
To make logging more focused, use the debug dimensions in conjunction with the debug levels. For example, to limit logging to particular directory server operations, specify the debug dimension to those operations.
Table 10-3 shows these dimensions.
You can set the debug operation dimension by using either Oracle Directory Manager or ldapmodify.
To set the operation debug dimension:
By default, all operations are selected. However, to generate a log for a specific operation, select the corresponding operation. You can select more than one operation.
To log more than one operation, add the values of their dimensions. For example, if you want to trace ldapbind (1), ldapadd (4) and ldapmodify (16) operations, then create an LDIF file setting the orcldebugop
attribute to 21 (1 + 4 + 16 = 21). The LDIF file is as follows:
dn: changetype:modify replace:orcldebugop orcldebugop:21
To load this file, enter:
ldapmodify -h host_name -p port_number -f file_name
To minimize the performance overhead in I/O operations, the debug messages are flushed to the log file periodically instead of every time a message is logged by the directory server. Writing to the log file is performed when one of the following occur:
However, in some situations, you may want to see the trace messages in the log file as they are logged, without having to wait for the periodic flush. To do this, set the DSA configuration attribute orcldebugforceflush
to 1
. Do this by using ldapmodify as shown in the following example.
To enable force flushing by using ldapmodify, create an LDIF file as follows:
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory changetype: modify replace: orcldebugforceflush orcldebugforceflush: 1
To load this file, enter the following:
ldapmodify -h host_name -p port_number -f file_name
See Also:
Table B-6 for information about the |
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|