Sun Java(TM) System Directory Server 5.2 2005Q1 Performance Tuning Guide |
Chapter 5
Tuning LoggingDirectory Server provides several log types, summarized in Table 5-1. This chapter discusses how to handle the different types of logs.
Table 5-1 Types of Logs Used by Directory Server
Log
Type
Use
Access
Flat file
Evaluating directory use patterns, verifying configuration settings, diagnosing access problems.
Refer to Access Logging for details.
Audit
Flat file
Providing audit trails for security and data integrity.
Refer to Audit Logging for details.
Changelog
Database
Enables synchronization between replicas.
Refer to Multi-Master Replication Change Logging for details.
Error
Flat file
Debugging directory deployments.
Refer to Error Logging for details.
Retro changelog
Database
Permitting backward compatibility with previous versions.
Refer to Retro Change Logging for details.
Transaction
Database
Maintaining database integrity.
Refer to Transaction Logging for details.
In high-volume deployments, writing to logs can be disk intensive, resulting in noticeable negative performance impact. Given the potential for I/O bottlenecks inherent with heavy logging in high volume systems, consider putting log files on a lesser used disk.
Access LoggingThe access log contains detailed information about client connections and operations performed. The access log can be indispensable when diagnosing access problems, verifying server configuration settings, and evaluating server usage patterns.
Although the access log provides beneficial troubleshooting information, it may become an I/O bottleneck. Set access logging levels to the minimum required level. Table 5-2 provides further recommendations for specific attributes.
Refer to the Directory Server Administration Reference for information about individual configuration attributes.
The Directory Server Resource Kit Tools Reference covers extracting information from the access log.
Audit LoggingThe audit log contains detailed information about all changes made to each database as well as to server configuration. Audit logging is disabled by default.
When enabled in deployments having high modify volume, enabling audit logging causes a very noticeable overall drop in performance. Unless the deployment requires it, leave audit logging disabled. For large or high volume deployments that require audit logging, consider allocating a separate disk on a separate controller to the audit log. Table 5-3 provides further recommendations for specific attributes.
Error LoggingThe error log for a Directory Server instance contains detailed error, warning, and informational messages encountered during normal server operation. The low default logging level produces relatively little disk activity.
When log level is set higher to generate debugging information, however, Directory Server may begin writing large numbers of messages to disk. The write load can result in a very noticeable overall drop in performance. To avoid a drop in performance, increase log levels progressively, component by component, instead of activating log levels for all components at once.
The error log does not support log buffering. All messages are flushed to disk immediately. Table 5-4 provides recommendations for specific attributes.
Refer to the Directory Server Administration Reference for information about individual configuration attributes.
Multi-Master Replication Change LoggingDirectory Server uses a replication changelog to enable synchronization between replicas. Refer to the Directory Server Deployment Planning Guide for an discussion of the changelog and to the Directory Server Administration Reference for configuration details. Table 5-5 provides further recommendations for specific attributes.
Table 5-5 Tuning Recommendations for Multi-Master Change Logging
Configuration Attribute
Short Description and Tuning Recommendations
dn: cn=changelog5,cn=config
nsslapd-cachememsize
Specifies the changelog database cache size.
Consider changing this from the default of 10 MB for high volume deployments.
dn: cn=changelog5,cn=config
nsslapd-changelogdir
Specifies the path of the changelog database.
In most deployments, the replication changelog may share a disk with the access, audit, and error logs.
dn: cn=changelog5,cn=config
nsslapd-changelogmaxage
Specifies the maximum age for entries in the changelog. Refer to the Directory Server Administration Reference for details on the syntax.
Change this from 0 (default, indicating no maximum) to an interval after which replicated servers are fully synchronized and the changelog may be trimmed.
dn: cn=changelog5,cn=config
nsslapd-changelogmaxentries
Specifies the maximum number of entries in the changelog.
Change this from 0 (default, indicating no maximum) to a number sufficient to allow replicated servers to become fully synchronized before the changelog is trimmed.
Refer to the Directory Server Administration Reference for information about individual configuration attributes.
Retro Change LoggingDirectory Server ships with a retro changelog plug-in that you may enable to record changes on a supplier server in a format compatible with Directory Server 4.x releases and accessible through LDAP. The retro changelog plug-in is disabled by default and should not be enabled unless required for compatibility reasons. Refer to the Directory Server Administration Reference for details. Table 5-6 provides further recommendations for specific attributes.
Table 5-6 Tuning Recommendations for Retro Change Logging
Configuration Attribute
Short Description and Tuning Recommendations
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
nsslapd-changelogdir
Specifies the path of the retro changelog.
In most deployments, the retro changelog may share a disk with the access, audit, and error logs.
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
nsslapd-changelogmaxage
Specifies the maximum age for entries in the retro changelog. Refer to the Directory Server Administration Reference for details on the syntax.
Change this from 0 (default, indicating no maximum) to an interval after which clients using the retro changelog have processed the log entries generated.
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
nsslapd-changelogmaxentries
Specifies the maximum number of entries in the retro changelog.
Change this from 0 (default, indicating no maximum) to a maximum number of entries retained in the retro changelog before trimming.
Refer to the Directory Server Administration Reference for information about individual configuration attributes.
Transaction LoggingDirectory Server maintains database integrity through transaction logging. Upon accepting an update operation add, modify, delete, or modrdn Directory Server writes a log message about the operation to the transaction log. Durable transaction logging, enabled by default, ensures data integrity. It does so by ensuring each update operation is committed to the transaction log on disk before the result code for the update operation is returned to the client application. In the event of a system crash, Directory Server uses the transaction log to recover the database. As the transaction log aids in the recovery of a database shut down abnormally, consider storing the transaction log and directory database on separate disk subsystems.
Table 5-7 provides recommendations for specific attributes.
Refer to the Directory Server Administration Reference for information about individual configuration attributes.