Access Log Content For Additional Access Logging Levels - Red Hat DIRECTORY SERVER 8.0 Command Reference Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0:
- Installation manual (128 pages) ,
- Administration manual (552 pages)
Table of Contents
Advertisement
In logging a SASL bind, the sasl method is followed by the LDAP version number (see
Section 5.1.2.6, "Version
API mechanism.
[21/Apr/2007:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI
NOTE
The authenticated DN (the DN used for access control decisions) is now logged in the
BIND result line as opposed to the bind request line, as was previously the case:
[21/Apr/2007:11:39:55 -0700] conn=14 op=1 RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=jdoe,dc=example,dc=com"
For SASL binds, the DN value displayed in the bind request line is not used by the server
and, as a consequence, is not relevant. However, given that the authenticated DN is the
DN which, for SASL binds, must be used for audit purposes, it is essential that this be
clearly logged. Having this authenticated DN logged in the bind result line avoids any
confusion as to which DN is which.
5.1.3. Access Log Content for Additional Access Logging Levels
This section presents the additional access logging levels available in the Directory Server access log.
In the following example, access logging level 4, which logs internal operations, is enabled.
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1
SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral" options=persistent
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1etime=0
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1
SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0
filter="objectclass=nsMappingTree" attrs="nsslapd-state"
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1etime=0
Access log level 4 enables logging for internal operations, which log search base, scope, filter, and
requested search attributes, in addition to the details of the search being performed.
In the following example, access logging level 768 is enabled (512 + 256), which logs access to
entries and referrals. In this extract, six entries and one referral are returned in response to the search
request, which is shown on the first line.
[12/Jul/2007:16:43:02 +0200] conn=306 fd=60 slot=60 connection from 127.0.0.1 to 127.0.0.1 \
[12/Jul/2007:16:43:02 +0200] conn=306 op=0 SRCH base="dc=example,dc=com" \
scope=2 filter="(description=*)" attrs=ALL
[12/Jul/2007:16:43:02 +0200] conn=306 op=0 ENTRY dn="ou=Special
[12/Jul/2007:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=Accounting
Managers,ou=groups,dc=example,dc=com"
[12/Jul/2007:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=HR
Managers,ou=groups,dc=example,dc=com"
[12/Jul/2007:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=QA
Managers,ou=groups,dc=example,dc=com"
[12/Jul/2007:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=PD
Managers,ou=groups,dc=example,dc=com"
Access Log Content for Additional Access Logging Levels
Number") and the SASL mechanism used, as shown below with the GSS-
163
Advertisement
Chapters
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 8.0
Related Products for Red Hat DIRECTORY SERVER 8.0
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 and is the answer not in the manual?