[Date Prev][Date Next]
Re: (ITS#4857) Subtree accesslog support
> This is a cryptographically signed message in MIME format.
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
> On 3/6/07 6:31 PM, firstname.lastname@example.org wrote:
>> I was looking at adding access log configurations to my main database that would
>> log operations based on subtree. For example, I'd like to have all operations
>> on "cn=accounts,dc=stanford,dc=edu" go into one accesslog, and operations on
>> "cn=people,dc=stanford,dc=edu" go into another accesslog. My root is
>> "dc=stanford,dc=edu". There doesn't seem to be a way with the way accesslog is
>> currently designed to do this. I believe it would be a useful feature.
> I have wished for a similar capability. However, have always been
> stopped from proceeding to look at modifying the code because all my
> consumers need to replicate the full database.
Usually when you have a logging requirement, you need to see everything...
Breaking out options by subtree does seem to be a pretty common need
though. It strikes me that we need to solve this once, generically,
instead of doing it over and over again in each overlay. That sounds an
awful lot like getting full subentry support implemented, or at least a
generic subtree search specification handler.
> However, it would be nice to be able to break things apart and have
> them expire out of the accesslog at different times. For instance, our
> sendmail spam blocking rules live for a max of several hours and so I
> could expire those from the accesslog after 8 hours, but the core
> (people, groups, accounts) I'd like to keep for a couple days to make
> certain they get to the replica servers.
> Is that the same kind of thing you are thinking of Quanah?
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/