[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4857) Subtree accesslog support

Frank.Swasey@uvm.edu wrote:
> This is a cryptographically signed message in MIME format.
> --------------ms050409020803020407000508
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
> On 3/6/07 6:31 PM, quanah@stanford.edu wrote:
>> I was looking at adding access log configurations to my main database that would
>> log operations based on subtree.  For example, I'd like to have all operations
>> on "cn=accounts,dc=stanford,dc=edu" go into one accesslog, and operations on
>> "cn=people,dc=stanford,dc=edu" go into another accesslog.  My root is
>> "dc=stanford,dc=edu".  There doesn't seem to be a way with the way accesslog is
>> currently designed to do this.  I believe it would be a useful feature.
> I have wished for a similar capability.  However, have always been 
> stopped from proceeding to look at modifying the code because all my 
> consumers need to replicate the full database.

Usually when you have a logging requirement, you need to see everything...

Breaking out options by subtree does seem to be a pretty common need 
though. It strikes me that we need to solve this once, generically, 
instead of doing it over and over again in each overlay. That sounds an 
awful lot like getting full subentry support implemented, or at least a 
generic subtree search specification handler.

> However,  it would be nice to be able to break things apart and have 
> them expire out of the accesslog at different times.  For instance, our 
> sendmail spam blocking rules live for a max of several hours and so I 
> could expire those from the accesslog after 8 hours, but the core 
> (people, groups, accounts) I'd like to keep for a couple days to make 
> certain they get to the replica servers.
> Is that the same kind of thing you are thinking of Quanah?

   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   Chief Architect, OpenLDAP     http://www.openldap.org/project/