This chapter describes how to manage Directory Server logs.
If you want information to assist you in defining a logging strategy, use the logging policy information in Designing a Logging Strategy in Sun Java System Directory Server Enterprise Edition 6.0 Deployment Planning Guide.
For a description of the log files and their contents, see Chapter 7, Directory Server Logging, in Sun Java System Directory Server Enterprise Edition 6.0 Reference.
This chapter covers the following topics:
The Directory Server Resource Kit provides a log analysis tool, logconv, that enables you to analyze Directory Server access logs. The log analysis tool extracts usage statistics. It also counts the occurrences of significant events. For more information about this tool, see the logconv(1) man page.
You can view the logs directly on the server in instance-path/logs.
Alternatively, you can view the log files through Directory Service Control Center (DSCC). DSCC enables you to view and sort the log entries.
The following figure shows a sample of a Directory Server access log in DSCC.
Many aspects of the log files can be modified. Some examples include the following:
Enabling the audit log
Unlike the access log and the errors log, the audit log is not enabled by default. For information, see To Enable the Audit Log.
General settings
Enabling or disabling logging
Log file location
Verbose logging
Log level
Log rotation settings.
Creation of new logs at regular time intervals
Maximum log file size before a new log file is created
Log deletion settings
Maximum file age before deletion
Maximum file size before deletion
Minimum free disk space before deletion
The following procedures describe how to modify log configuration and how to enable the audit log.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
View the settings for the log that you want to modify.
$ dsconf get-log-prop -h host -p port log-type |
For example, to list the existing error log settings, type:
$ dsconf get-log-prop -h host1 -p 1389 error Enter "cn=Directory Manager" password: enabled : on level : default max-age : 1M max-disk-space-size : 100M max-file-count : 2 max-size : 100M min-free-disk-space-size : 5M path : /tmp/ds1/logs/errors perm : 600 rotation-interval : 1w rotation-min-file-size : unlimited rotation-time : undefined verbose-enabled : off |
Set the new value.
Set the value that you want for the property.
$ dsconf set-log-prop -h host -p port log-type property:value |
For example, to set the rotation interval for the error log to two days, use this command:
$ dsconf set-log-prop -h host1 -p 1389 error rotation-interval:2d |
Unlike the access log and errors log, the audit log is not enabled by default. Before viewing the audit log, you must enable it.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Enable the audit log.
$ dsconf set-log-prop -h host -p port audit enabled:on |
If you have a log that is getting very large, you can manually rotate the log at any time. Rotation backs up the existing log file and creates a fresh log file.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Rotate the log file.
$ dsconf rotate-log-now -h host -p port log-type |
For example, to rotate the access log:
$ dsconf rotate-log-now -h host1 -p 1389 access |