Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: December 2017

Configure the Logs for the Oracle Directory Server Enterprise Edition

    This procedure configures three types of logs: access logs, audit logs, and error logs. The following default settings are not changed:

  • All logs are enabled and buffered.

  • Logs are placed in the appropriate /export/home/ds/instances/your-instance/logs/LOG_TYPE directory.

  • Events are logged at log level 256.

  • Logs are protected with 600 file permissions.

  • Access logs are rotated daily.

  • Error logs are rotated weekly.

    The settings in this procedure meet the following requirements:

  • Audit logs are rotated daily.

  • Log files that are older than 3 months expire.

  • All log files use a maximum of 20,000 MBytes of disk space.

  • A maximum of 100 log files is kept, and each file is at most 500 MBytes.

  • The oldest logs are deleted if less than 500 MBytes free disk space is available.

  • Additional information is collected in the error logs.

Before You Begin

You must be in the root role in the global zone.

  1. Configure the access logs.

    The LOG_TYPE for access is ACCESS. The syntax for configuring logs is the following:

    dsconf set-log-prop LOG_TYPE property:value
    # dsconf set-log-prop ACCESS max-age:3M
    # dsconf set-log-prop ACCESS max-disk-space-size:20000M
    # dsconf set-log-prop ACCESS max-file-count:100
    # dsconf set-log-prop ACCESS max-size:500M
    # dsconf set-log-prop ACCESS min-free-disk-space:500M
  2. Configure the audit logs.
    # dsconf set-log-prop AUDIT max-age:3M
    # dsconf set-log-prop AUDIT max-disk-space-size:20000M
    # dsconf set-log-prop AUDIT max-file-count:100
    # dsconf set-log-prop AUDIT max-size:500M
    # dsconf set-log-prop AUDIT min-free-disk-space:500M
    # dsconf set-log-prop AUDIT rotation-interval:1d

    By default, the rotation interval for audit logs is one week.

  3. Configure the error logs.

    In this configuration, you specify additional data to be collected in the error log.

    # dsconf set-log-prop ERROR max-age:3M
    # dsconf set-log-prop ERROR max-disk-space-size:20000M
    # dsconf set-log-prop ERROR max-file-count:30
    # dsconf set-log-prop ERROR max-size:500M
    # dsconf set-log-prop ERROR min-free-disk-space:500M
    # dsconf set-log-prop ERROR verbose-enabled:on
  4. (Optional)Further configure the logs.

    You can also configure the following settings for each log:

    # dsconf set-log-prop LOG_TYPE rotation-min-file-size:undefined
    # dsconf set-log-prop LOG_TYPE rotation-time:undefined

    For information about the dsconf command, see the dsconf(1M) man page.