Protect Error Logs for the Sun Java System Directory Server

The LDIF script that this procedure creates sets up the following rules for the error logs:

• Rotate logs weekly.

• Keep a maximum of 30 log files, and each file is at most 500 MBytes.

• Expire log files that are older than 3 months.

• Delete oldest logs if less than 500 MBytes free disk space is available.

• All log files use a maximum of 20,000 MBytes of disk space.

1. Create a script to manage error logs.

   Create a /var/tmp/logs-error.ldif file with the following content:

   dn: cn=config changetype: modify replace: nsslapd-errorlog-logging-enabled nsslapd-errorlog-logging-enabled: on - replace: nsslapd-errorlog-logexpirationtime nsslapd-errorlog-logexpirationtime: 3 - replace: nsslapd-errorlog-logexpirationtimeunit nsslapd-errorlog-logexpirationtimeunit: month - replace: nsslapd-errorlog-logrotationtime nsslapd-errorlog-logrotationtime: 1 - replace: nsslapd-errorlog-logrotationtimeunit nsslapd-errorlog-logrotationtimeunit: week - replace: nsslapd-errorlog-maxlogsize nsslapd-errorlog-maxlogsize: 500 - replace: nsslapd-errorlog-maxlogsperdir nsslapd-errorlog-maxlogsperdir: 30 - replace: nsslapd-errorlog-logmaxdiskspace nsslapd-errorlog-logmaxdiskspace: 20000 - replace: nsslapd-errorlog-logminfreediskspace nsslapd-errorlog-logminfreediskspace: 500

2. Run the script.

   # ldapmodify -h localhost -D 'cn=directory manager' -f /var/tmp/logs-error.ldif

3. Answer the prompts.

   Enter bind password: Type the appropriate password modifying entry cn=config