Chapter 5. log file reference, Access log reference, Note – Red Hat 8.1 User Manual

Chapter 5. Log File Reference

Red Hat Directory Server (Directory Server) provides logs to help monitor directory activity. Monitoring
helps quickly detecting and remedying failures and, where done proactively, anticipating and resolving
potential problems before they result in failure or poor performance. Part of monitoring the directory
effectively is understanding the structure and content of the log files.

This chapter does not provide an exhaustive list of log messages. However, the information presented
in this chapter serves as a good starting point for common problems and for better understanding the
information in the access, error, and audit logs.

Logs are kept per Directory Server instances and are located in the
/var/log/dirsrv/slapd-instance_name directory.

5.1. Access Log Reference

The Directory Server access log contains detailed information about client connections to the directory.
A connection is a sequence of requests from the same client with the following structure:

Connection record, which gives the connection index and the IP address of the client.
Bind record.
Bind result record.
Sequence of operation request/operation result pairs of records (or individual records in the case of
connection, closed, and abandon records).
Unbind record.
Closed record.

Every line begins with a timestamp — [21/Apr/2009:11:39:51 -0700] — the format of which may
vary depending on the platform. -0700 indicates the time difference in relation to GMT. Apart from the
connection, closed, and abandon records, which appear individually, all records appear in pairs,
consisting of a request for service record followed by a result record. These two records frequently
appear on adjacent lines, but this is not always the case.

The access logs have different levels of logging, set in the nsslapd-accesslog-level attribute. This
section provides an overview of the default access logging content, log levels, and the content logged at
different logging levels.

Section 5.1.1, “Access Logging Levels”
Section 5.1.2, “Default Access Logging Content”
Section 5.1.3, “Access Log Content for Additional Access Logging Levels”

NOTE

Directory Server provides a script which can analyze access logs to extract usage statistics and
count the occurrences of significant events. For details about this script, see

the logconv.pl

section.

5.1.1. Access Logging Levels

Different levels of access logging generate different amounts of detail and record different kinds of
operations. The log level is set in the instance's

nsslapd-accesslog-level

configuration attribute. The

default level of logging is level 256, which logs access to an entry, but there are five different log levels
available:

0 = No access logging.
4 = Logging for internal access operations.
256 = Logging for access to an entry.
512 = Logging for access to an entry and referrals.
131072 = Precise timing of operation duration. This gives microsecond resolution for the Elapsed
Time item in the access log.

This levels are additive, so to enable several different kinds of logging, add the values of those levels
together. For example, to log internal access operations, entry access, and referrals, set the value of
nsslapd-accesslog-level to 516 (512+4 ).

5.1.2. Default Access Logging Content

This section describes the access log content in detail based on the default access logging level extract
shown below.

158

Chapter 5. Log File Reference