Access Log Content For Additional Access Logging Levels - Red Hat DIRECTORY SERVER 7.1 Configuration

[21/Apr/2005:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
NOTE The authenticated DN (the DN used for access control decisions) is
now logged in the BIND result line as opposed to the bind request
line, as was previously the case:
[21/Apr/2005:11:39:55 -0700] conn=14 op=1 RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=jdoe,dc=example,dc=com"
For SASL binds, the DN value displayed in the BIND request line is
not used by the server and, as a consequence, is not relevant.
However, given that the authenticated DN is the DN which, for
SASL binds, must be used for audit purposes, it is essential that this
be clearly logged. Having this authenticated DN logged in the BIND
result line avoids any confusion as to which DN is which.
Access Log Content for Additional Access Logging
Levels
This section presents the additional access logging levels available in the Directory
Server access log. In Code Example 5-2, access logging level 4, which logs internal
operations, is enabled.
Code Example 5-2
[12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping
tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral"
options=persistent
12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 RESULT err=0
tag=48 nentries=1etime=0
[12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"
scope=0 filter="objectclass=nsMappingTree" attrs="nsslapd-state"
[12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 RESULT err=0
tag=48 nentries=1etime=0
Access Log Extract with Internal Access Operations Level (Level 4)
Chapter 5
Access Log Content
Access Log and Connection Code Reference 219