iPlanet Directory Access Router Administrator's Guide: Chapter 20 Logging

Previous Contents Index Next

iPlanet Directory Access Router Administrator's Guide

Chapter 20 Logging

Logging is configured in iPlanet Directory Access Router (iDAR) by the ids-proxy-sch-LogProperty object class.

ids-proxy-sch-LogProperty Object Class

This object class is sub-classed from the ids-proxy-sch-property object class. The ids-proxy-sch-LogProperty object class can be used to define the logging characteristics of iDAR. This property can only be referred by the ids-proxy-sch-GlobalConfiguration object entry, using the ids-proxy-con-include-logproperty attribute.
Before iDAR reads this property, log messages are either written to a file on disk or, optionally, iDAR can send them to the syslog daemon, on platforms other than Windows NT. You cannot send the log messages to both a file and to the syslog daemon at the same time.
If the environment variable IDAR_ROOT is defined, then logs are written to the file "IDAR_ROOT"/logs/fwd.log. The "IDAR_ROOT"/logs directory must exist with write permissions to iDAR.
On platforms other than Windows NT, you can optionally send these initial log messages to the syslog daemon by specifying the -s flag on startup. iDAR uses the daemon facility, with the warning, info and debug priorities. If you choose this route, make sure that your syslogd is properly configured. For example, to have all the messages written to a particular file /var/adm/messages, the following line must be added to the file /etc/syslog.conf:
daemon.warning;daemon.info;daemon.debug /var/adm/messages
If the ids-proxy-sch-LogProperty object entry is not specified in a configuration, then iDAR continues to log in the default location. This object class has the following attributes.

ids-proxy-con-log-level

The ids-proxy-con-log-level attribute specifies the amount of logging iDAR will do. It can have any one of the following values in order of detail.
critical
exception
warning
notice
trace
detail_trace
A more detailed log level automatically implies all previous levels. For example, if the value of warning is specified, which is also the default, then exception and critical level messages will also be logged.

ids-proxy-con-stat-level

The ids-proxy-con-stat-level attribute specifies the different kinds of statistics iDAR will log. The value of this attribute is a '|' separated list of the following options.

Table 20-1 Logging Levels

Option

Description

none

No statistics will be logged.

mods

Statistics about operations that write to the directory like add, modify, and delete will be logged.

op

Statistics about all LDAP operations will be logged.

conn

Statistics about network connections will be logged.

stat

General statistics such as how many clients are connected will be logged.

audit

Audit information such as DN of client who just completed a bind/unbind will be logged.

full

All of the above except none.

For example, if you want to log audit and connection statistics only, you must specify the following in the ids-proxy-sch-LogProperty object entry.
ids-proxy-con-stat-level: conn|audit
The default is none.

ids-proxy-con-log-syslog

The ids-proxy-con-log-syslog attribute specifies the syslog facility code if logging is being done through the syslogd daemon. The attribute is not available on Windows NT. The default is LOG_DAEMON. On all platforms other than Windows NT, and if the environment variable IDAR_ROOT is not defined, logging is done throughout the syslogd daemon by default. If IDAR_ROOT is defined, logging is done to the file $(IDAR_ROOT)/logs/fwd.log by default. See Chapter 14 "Starting, Stopping, and Restarting iDAR" for more information.

ids-proxy-con-log-file

The ids-proxy-con-log-file takes as value the full path name of the file you want the log messages to go to. Only one of the ids-proxy-con-log-syslog and ids-proxy-con-log-file attributes must be specified. On Windows NT, if this attribute is not specified then the log messages are sent to "%IDAR_ROOT%\logs\fwd.log" by default.

ids-proxy-con-audit-syslog

The ids-proxy-con-audit-syslog attribute is essentially the same as the
ids-proxy-con-log-syslog attribute. However, this attribute only impacts the audit log messages. If this attribute is absent, all audit messages are logged with other log messages specified by the ids-proxy-con-log-syslog or ids-proxy-con-log-file attributes.

ids-proxy-con-audit-file

The ids-proxy-con-audit-file attribute is essentially the same as the ids-proxy-con-log-file attribute. However, this attribute only impacts the audit log messages. Only one of ids-proxy-con-audit-syslog or ids-proxy-con-audit-file attributes can be specified. If this attribute is absent, all audit messages are logged with other log messages specified by the ids-proxy-con-log-syslog or ids-proxy-con-log-file attributes.

Option	Description
none	No statistics will be logged.
mods	Statistics about operations that write to the directory like add, modify, and delete will be logged.
op	Statistics about all LDAP operations will be logged.
conn	Statistics about network connections will be logged.
stat	General statistics such as how many clients are connected will be logged.
audit	Audit information such as DN of client who just completed a bind/unbind will be logged.
full	All of the above except none.

Previous Contents Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated July 26, 2001