This chapter describes how to manage Directory Server logs.
If you want information to assist you in defining a logging strategy, use the logging policy information in Designing a Logging Strategy in Sun Java System Directory Server Enterprise Edition 6.1 Deployment Planning Guide.
For a description of the log files and their contents, see Chapter 7, Directory Server Logging, in Sun Java System Directory Server Enterprise Edition 6.1 Reference.
This chapter covers the following topics:
The Directory Server Resource Kit provides a log analysis tool, logconv, that enables you to analyze Directory Server access logs. The log analysis tool extracts usage statistics. It also counts the occurrences of significant events. For more information about this tool, see the logconv(1) man page.
You can view the logs directly on the server in the default instance-path/logs file. If you have modified the default path, you can find the log file location using the dsconf command as follows:
$ dsconf get-log-prop -h host -p port log-type path |
Alternatively, you can view the log files through Directory Service Control Center (DSCC). DSCC enables you to view and sort the log entries.
The following figure shows a sample of a Directory Server access log in DSCC.
You can use the dsadm command to display a specified number of lines of the Directory Server logs, or to display log entries younger than a specified age. This example tails the error log. To tail the access log, use show-access-log instead of show-error-log.
Display error log entries younger than a certain age.
$ dsadm show-error-log -A duration instance-path |
You must specify a unit for the duration. For example, to display error log entries younger than 24 hours, type:
$ dsadm show-error-log -A 24h /local/ds |
Display a specified number of lines from the error log (starting from the end).
$ dsadm show-error-log -L last-lines instance-path |
The number of lines is expressed as an integer. For example, to display the last 100 lines, type:
$ dsadm show-error-log -L 100 /local/ds |
If you do not specify a value, the default number of lines displayed is 20.
Many aspects of the log files can be modified. Some examples include the following:
Enabling the audit log
Unlike the access log and the errors log, the audit log is not enabled by default. For information, see To Enable the Audit Log.
General settings
Enabling or disabling logging
Enabling or disabling log buffering
Log file location
Verbose logging
Log level
Log rotation settings.
Creation of new logs at regular time intervals
Maximum log file size before a new log file is created
Log deletion settings
Maximum file age before deletion
Maximum file size before deletion
Minimum free disk space before deletion
The following procedures describe how to modify log configuration and how to enable the audit log.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
View the settings for the log that you want to modify.
$ dsconf get-log-prop -h host -p port log-type |
For example, to list the existing error log settings, type:
$ dsconf get-log-prop -h host1 -p 1389 error Enter "cn=Directory Manager" password: buffering-enabled : off enabled : on level : default max-age : 1M max-disk-space-size : 100M max-file-count : 2 max-size : 100M min-free-disk-space-size : 5M path : /tmp/ds1/logs/errors perm : 600 rotation-interval : 1w rotation-min-file-size : unlimited rotation-time : undefined verbose-enabled : off |
Set the new value.
Set the value that you want for the property.
$ dsconf set-log-prop -h host -p port log-type property:value |
For example, to set the rotation interval for the error log to two days, use this command:
$ dsconf set-log-prop -h host1 -p 1389 error rotation-interval:2d |
Unlike the access log and errors log, the audit log is not enabled by default. Before viewing the audit log, you must enable it.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
If you have a log that is getting very large, you can manually rotate the log at any time. Rotation backs up the existing log file and creates a fresh log file.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.