[Date Prev][Date Next] [Chronological] [Thread] [Top]

Advice sought regarding logging changes made to OpenLDAP server

To: openldap-technical@openldap.org
Subject: Advice sought regarding logging changes made to OpenLDAP server
From: Philip Colmer <philip.colmer@linaro.org>
Date: Mon, 27 Oct 2014 14:11:03 +0000

I've been asked to log & track changes made to our LDAP system. My
initial thought was to use the auditlog overlay as it outputs to a
text file, thus making it relatively straightforward to parse, but a
2009 discussion
(http://www.openldap.org/lists/openldap-technical/200911/msg00092.html)
suggested a potential problem, namely no logging of time and name for
deletes.

Replies to that discussion suggested the use of accesslog instead.
However, that logs to a database which isn't really what I'm after. A
2011 discussion
(http://www.openldap.org/lists/openldap-technical/201104/msg00084.html)
sought answers similar to the one I'm looking for now, namely is there
a way of getting changes logged into a text file?

One of the replies (from Quanah) suggested ldap-stats.pl but I'm not
looking for stats - I'm looking for the actual changes being made.

Since both of those discussions are quite old, I was wondering if
there was any up-to-date advice regarding best practice for the sort
of information I'm trying to capture?

Thanks.

Philip

Follow-Ups:
- Re: Advice sought regarding logging changes made to OpenLDAP server
  - From: Howard Chu <hyc@symas.com>

Prev by Date: LDAP Crafted Search Request Access Allowed
Next by Date: Re: Advice sought regarding logging changes made to OpenLDAP server
Index(es):
- Chronological
- Thread