Hi, Noriko Hosoi <nhosoi at redhat.com> a ?crit : > I tried to reproduce the problem with these config parameters, but I > could not. > > nsslapd-accesslog-logging-enabled: on > nsslapd-accesslog-maxlogsperdir: 10 > nsslapd-accesslog-mode: 600 > nsslapd-accesslog-maxlogsize: 10 > nsslapd-accesslog-logrotationtime: 1 > nsslapd-accesslog-logrotationtimeunit: day > nsslapd-accesslog-logrotationsync-enabled: on > nsslapd-accesslog-logrotationsynchour: 10 > nsslapd-accesslog-logrotationsyncmin: 40 > nsslapd-accesslog: /var/log/redhat-ds/slapd-laputa/access > > It rotated the access log at 10:40, but it did not remove my > older/oldest log access.20070810-173005: > > total 11788 > -rw------- 1 nobody nobody 8570855 Aug 13 10:52 access > -rw------- 1 nobody root 108003 Aug 10 17:33 access.20070810-173005 > -rw------- 1 nobody nobody 1845874 Aug 13 10:33 access.20070813-103043 > -rw------- 1 nobody nobody 1453655 Aug 13 10:40 > access.20070813-103824 <=== rotated at 10:40 > -rw------- 1 nobody root 377 Aug 13 10:40 access.rotationinfo > -rw------- 1 nobody root 0 Aug 10 17:30 audit > -rw------- 1 nobody root 63 Aug 10 17:30 audit.rotationinfo > -rw------- 1 nobody root 5878 Aug 13 10:38 errors > -rw------- 1 nobody root 63 Aug 10 17:30 errors.rotationinfo > > Do you happen to have any other advice I could test on? > Thanks, > --noriko Actually, when you first set the time for the rotation (nsslapd-accesslog-logrotationsynchour and nsslapd-accesslog-logrotationsyncmin) everything goes well. It's starting from the following rotation (after 24 hours) when it starts to behave differently. So just wait for another 24 hours without restarting the server... And it seems to me that i've found the reason of this strange behaviour. It is a half java console/half server bug: 1. When you set the deletion policy with the java console and if you don't change at the same time the default time unit (for example, i've put 12 MONTHs instead of 1 MONTH by default) the console does not put the attribute 'nsslapd-accesslog-logexpirationtimeunit' (or 'nsslapd-errolog-logexpirationtimeunit' for error logs, maybe the same problem for audit logs) into the dse.ldif. By default, this attribute is not present. It puts however the 'nsslapd-accesslog-logexpirationtime' attribute. The first bug. 2. So what happens next... The server finds itself with the 'nsslapd-accesslog-logexpirationtime' set but without the time units. And when the attribute 'nsslapd-accesslog-logexpirationtimeunit' is not set, according to the documentation, the server should not delete the logs at all (cf."If the unit is unknown by the server, then the log will never expire"). However, that's exactly what it does. It deletes all the logs but the last rotated one. The second bug. (concerning the version of the server, it's a compiled rpm from dsbuild-fds104.tar.gz in CentOS5, x32 architecture) Anyway, it's a cosmetic bug but since i've ran into it i thought i should share my experience :) Talking about cosmetic bugs... There is another small bug concerning the description of the aci bind rules in the documentation. Namely, in chapter 6 (managing access control) of the administrator's guide at the page 240 of the pdf version (http://www.redhat.com/docs/manuals/dir-server/pdf/ds71admin.pdf) in the paragraph "Bind Rules/Defining Access Based on Authentication". While describing various SASL methods it mentions among others the 'GSS-API' keyword that can be used in ACIs. I've tested it and it turns out that (authmethod = "sasl GSS-API") does not work. What actually works is (authmethod = "sasl GSSAPI"). Thanks > > Andrey Ivanov wrote: >> I don't know whether it's a feature or a bug :) I have the >> following configuration for the log management : >> >> nsslapd-accesslog-logging-enabled: on >> nsslapd-accesslog-maxlogsperdir: 365 >> nsslapd-accesslog-mode: 600 >> nsslapd-accesslog-maxlogsize: 120 >> nsslapd-accesslog-logrotationtime: 1 >> nsslapd-accesslog-logrotationtimeunit: day >> nsslapd-accesslog-logrotationsync-enabled: on >> nsslapd-accesslog-logrotationsynchour: 0 >> nsslapd-accesslog-logrotationsyncmin: 0 >> nsslapd-accesslog: /Logs/Ldap/access >> >> nsslapd-accesslog-logmaxdiskspace: 50000 >> nsslapd-accesslog-logexpirationtime: 12 >> nsslapd-accesslog-logexpirationtimeunit: month >> nsslapd-accesslog-logminfreediskspace: 2000 >> >> It means, essentially, that the logs are rotated once a day at >> midnight (or if the file is larger than 120Mb) and that i keep them >> for 1 year. >> >> If i don't set the log rotation time (logrotationsynchour and >> logrotationsyncmin) everything is ok, the logs are rotated once a >> day and then they are kept for the necessary time period. >> However when i set this rotation time the server deletes ALL the >> logs but the current and the last one. That is, after each rotation >> i have the current log (the file 'access') and the previous one >> (yesterday's log, like access.20070811-000030). All the oher log >> files are deleted. >> >> So if i want to keep the logs i need to copy them to a different >> place by a cron script which is not very elegant :) ---------------------------------------------------------------- This message was sent using X-WebMail
