Protect Access Logs for the Sun Java System Directory Server

The LDIF script that this procedure creates sets up the following rules for access logs:

• Log events at log level 256 and create buffered logs (default).

• Rotate logs daily.

• Keep a maximum of 100 log files, and each file is at most 500 MBytes.

• Expire log files that are older than 3 months.

• Delete oldest logs if less than 500 MBytes free disk space is available.

• All log files use a maximum of 20,000 MBytes of disk space.

1. Create a script to manage access logs.

   Create a /var/tmp/logs-access.ldif file with the following content:

   dn: cn=config changetype: modify replace: nsslapd-accesslog-logging-enabled nsslapd-accesslog-logging-enabled: on - replace: nsslapd-accesslog-level nsslapd-accesslog-level: 256 - replace: nsslapd-accesslog-logbuffering nsslapd-accesslog-logbuffering: on - replace: nsslapd-accesslog-logrotationtime nsslapd-accesslog-logrotationtime: 1 - replace: nsslapd-accesslog-logrotationtimeunit nsslapd-accesslog-logrotationtimeunit: day - replace: nsslapd-accesslog-maxlogsize nsslapd-accesslog-maxlogsize: 500 - replace: nsslapd-accesslog-maxlogsperdir nsslapd-accesslog-maxlogsperdir: 100 - replace: nsslapd-accesslog-logexpirationtime nsslapd-accesslog-logexpirationtime: 3 - replace: nsslapd-accesslog-logexpirationtimeunit nsslapd-accesslog-logexpirationtimeunit: month - replace: nsslapd-accesslog-logmaxdiskspace nsslapd-accesslog-logmaxdiskspace: 20000 - replace: nsslapd-accesslog-logminfreediskspace nsslapd-accesslog-logminfreediskspace: 500

2. Run the script.

   # ldapmodify -h localhost -D 'cn=directory manager' \ -f /var/tmp/logs-access.ldif

3. Type the password.

   Enter bind password: Type the appropriate password modifying entry cn=config