Re: Q: Multiple accesslog overlays?

[Quanah Gibson-Mount <quanah@symas.com>]

--On Monday, August 19, 2019 1:21 PM +0200 Ulrich Windl 
<Ulrich.Windl@rz.uni-regensburg.de> wrote:

> Hi!
>
> I have a question preparing a transition of syncrepl to delta-syncrepl:
> Our database already has an accesslog overlay (olcAccessLogOps: writes)
> and a corresponding database configured for monitoring purposes.

You haven't noted the value for olcAccessLogSuccess.  Generally for 
delta-syncrepl *only* databases, this is set to TRUE.  However, that's not 
mandatory (see the end for why).

> Now that
> delta syncreply also requires an accesslog overlay/database with somewhat
> different setting compared to the existing database, I wonder whether
> it's possible (and practically being used/proven to work) to have
> multiple accesslog overlays.

Since each overlay instantiation specifically defines which accesslog 
database to log to, yes you can do this, but...

> Thinking about it, I also wonder whether both needs for accesslog could
> be satisfied with one accesslog database, just using different LDAP
> filters. I guess the delta syncreply is using the acesslog database in a
> read-only manner (our monitoring also does), so it might actually work.

The accesslog DB is read-only by definition.  But yes, as long as writes 
are being logged, then you could use it for delta-syncrepl.  The filter on 
the consumer side already limits it to only consume successful write ops:

logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"


Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>