Re: recommended loglevel setting (2.0.11)?

[Peter W <peterw@usa.net>]

On Tue, Jul 17, 2001 at 05:28:24PM -0500, Allan Streib wrote:

> What I'd like to see is more of a production "audit" logging functionality 
> separate from the debugging. 

"audit": that's a nice way of describing the difference.

> I would like a few lines in the log 
> indicating connecting IP and user (SASL) information, and the queries that 
> are passed to the server.

I'd like to see things like bind failures (which would indicate something 
fishy happening; our implementation is for Web authentication and we 
should not have connections other than the httpd and LDAP admin users). I 
expect others might like options to log suspicious activity, e.g. 
invalid queries, protocol failures, etc.

> Debug level 260 gets me that information, but is way too verbose.  I'm 
> using level 256 right now which is less verbose but I don't see the SASL 
> identity details.

Even 256 is more than I care to log. Sure, I don't expect that many 
connect/bind/query ops, but I'm not interested in logging 
normal/successful operations.

-Peter

> On Tuesday, July 17, 2001, at 03:44 PM, Peter W wrote:

> > I'm trying to figure out a good setting for loglevel for OpenLDAP 2.0.11 
> > for
> > production use. Ideally I'd only like to see errors and unusual events, 
> > like
> > slapd starting and stopping.