[Date Prev][Date Next]
Re: (ITS#4857) Subtree accesslog support
--On Wednesday, March 07, 2007 5:09 PM +0000 Frank.Swasey@uvm.edu wrote:
> This is a cryptographically signed message in MIME format.
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
> On 3/6/07 6:31 PM, email@example.com wrote:
>> I was looking at adding access log configurations to my main database
>> that would log operations based on subtree. For example, I'd like to
>> have all operations on "cn=accounts,dc=stanford,dc=edu" go into one
>> accesslog, and operations on "cn=people,dc=stanford,dc=edu" go into
>> another accesslog. My root is "dc=stanford,dc=edu". There doesn't seem
>> to be a way with the way accesslog is currently designed to do this. I
>> believe it would be a useful feature.
> I have wished for a similar capability. However, have always been
> stopped from proceeding to look at modifying the code because all my
> consumers need to replicate the full database.
> However, it would be nice to be able to break things apart and have
> them expire out of the accesslog at different times. For instance, our
> sendmail spam blocking rules live for a max of several hours and so I
> could expire those from the accesslog after 8 hours, but the core
> (people, groups, accounts) I'd like to keep for a couple days to make
> certain they get to the replica servers.
> Is that the same kind of thing you are thinking of Quanah?
Actually, no, it isn't. ;)
What I want to do, is put subtree based accesslog's on my replica servers.
We have multiple downstream systems that pull data from the directory.
This would allow them to "sit and listen" to the changes made in their
subtrees of interest, using the syncrepl protocol.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html