[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: thread problem OpenLDAP 2.1.8 + Solaris 9

--On Friday, November 08, 2002 5:21 PM -0800 Howard Chu <hyc@highlandsun.com> wrote:

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kurt D.

Other things to look at:
        - ACLs... avoid unnecesary regex'ing
        - REGEX... make sure you are using a good REGEX library
                (some Solaris versions suck)
        - Logging (disable synchronous logging, only log
minimal stuff)

Just echoing this - syslog() takes a huge toll on performance. On a single-CPU machine with local log targets, the syslog daemon will eat up more CPU and I/O resources than slapd itself. This is because syslogd always flushes its disk buffers for every individual message it logs. I haven't tested using a remote log destination; it may be cheaper since the remote syslog protocol uses UDP, so there would be no filesystem impact.

The fact that slapd is able to send debugging/diagnostic messages to
syslog() doesn't mean you should actually use this facility. Diagnostics
should only be generated when you are actively tracking down a problem,
and it's best just to use the "-d" option with stderr instead. Use of
syslog is best reserved for extraordinary situations, where system
integrity is in jeopardy and performance is no longer the issue...


Since we _must_ have logs of who is accessing our server, with such information as IP, SASL bind DN, and query, we need some form of logging. Unfortunately, the only logging options I see provided with OpenLDAP are the syslog debugging options. Something like the Netscape Directory Server access & error logs would be wonderful to have. I see nothing in your notes above that indicate how someone is supposed to generate those types of logs, nor does there appear to be anything in the online documention on how to do so either.


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html