[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is it possible to only log failed binds ?

To: "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: Is it possible to only log failed binds ?
From: "matthew sporleder" <msporleder@gmail.com>
Date: Thu, 11 Jan 2007 13:03:43 -0500
Cc: Andreas Taschner <ataschner@novell.com>, openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <45A659C2.2010808@sys-net.it>
References: <45A4D205020000D0000177F2@public.id2-vpn.continvity.gns.novell.com> <45A5F248020000D00001792C@public.id2-vpn.continvity.gns.novell.com> <45A5F248.7418.00D0.0@novell.com> <45A659C2.2010808@sys-net.it>

On 1/11/07, Pierangelo Masarati <ando@sys-net.it> wrote:

Andreas Taschner wrote:
> We have a setup with a very high number of binds, so running with loglevel 256 floods the log file.
> According to http://www.openldap.org/lists/openldap-software/200205/msg00120.html John Dalbec wrote a patch for this
> for 2.0.21, but AFAICS it was ever submitted.
> I would like to have eg. loglevel 64 to see the configuration file processing and then on top of that only failed
> logins.
>
> Is the only way to accomplish that to rewrite that old patch to the current level, or is there some other way to get
> there ?

You should be able to use the accesslog overlay (slapo-accesslog(5))
configured to log only binds and only in case of failure.  In that case,
logs would appear in the database rather than in the log file.  The log
database can be purged to keep it under control.

p.


I also found that removing the syslog interaction with the accesslog
overlay helped improve performance (available cpu) a fair amount.

References:
- Is it possible to only log failed binds ?
  - From: "Andreas Taschner" <ataschner@novell.com>
- Re: Is it possible to only log failed binds ?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Invalid DN
Next by Date: Syncrepl refreshOnly replication failures
Index(es):
- Chronological
- Thread