Re: Not able to enable audit logs

German Parente <gparente@xxxxxxxxxx> · Mon, 15 Jun 2015 08:23:16 -0400 (EDT)

Can you see the operation taking place in access logs ?

Something like this ?

[15/Jun/2015:10:08:12 +0200] conn=1 op=0 BIND dn="cn=directory manager" method=128 version=3
[15/Jun/2015:10:08:12 +0200] conn=1 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[15/Jun/2015:10:08:34 +0200] conn=1 op=1 MOD dn="cn=config"
[15/Jun/2015:10:08:34 +0200] conn=1 op=1 RESULT err=0 tag=103 nentries=0 etime=0
[15/Jun/2015:10:08:36 +0200] conn=1 op=3 UNBIND

Thanks and regards,

German.

----- Original Message -----
> From: "Prashant Bapat" <prashant@xxxxxxxxxx>
> To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Monday, June 15, 2015 11:23:52 AM
> Subject: Re:  Not able to enable audit logs
> 
> There is no error. It goes thru fine. When I restart the LDAP server after
> adding it, there is nothing in the audit file. And no entry in the dse.ldif.
> 
> On 15 June 2015 at 13:39, German Parente < gparente@xxxxxxxxxx > wrote:
> 
> 
> Hi Prashant,
> 
> it should work in the same way. Are you having an error doing your ldapmodify
> ?
> 
> 
> There's not a specific entry for nsslapd-auditlog-logging-enabled.
> 
> nsslapd-auditlog-logging-enabled is an attribute of cn=config entry.
> 
> You should be able to query it by this command:
> 
> ldapsearch -xLLL -D "cn=directory manager" -W -b "cn=config" -s base
> nsslapd-auditlog-logging-enabled
> dn: cn=config
> nsslapd-auditlog-logging-enabled: on
> 
> Regards,
> 
> German.
> 
> 
> ----- Original Message -----
> > From: "Prashant Bapat" < prashant@xxxxxxxxxx >
> > To: "389-users" < 389-users@xxxxxxxxxxxxxxxxxxxxxxx >
> > Sent: Monday, June 15, 2015 9:56:48 AM
> > Subject:  Not able to enable audit logs
> > 
> > Hi,
> > 
> > I have a setup of master-master replicated 389 DS installations as part of
> > FreeIPA.
> > 
> > This is the version of the 389-ds : 389-ds-base-1.3.3.8-1.fc21.x86_64
> > 
> > On 1st server, I was able to enable the audit logs using the following
> > LDIF.
> > 
> > 
> > 
> > 
> > dn: cn=config
> > changetype: modify
> > replace: nsslapd-auditlog-logging-enabled
> > nsslapd-auditlog-logging-enabled: on
> > 
> > However, the same LDIF when I run on the second server (which is the
> > replicated master) the audit logs never get enabled. I'm not able to find
> > the nsslapd-auditlog-logging-enabled entry under the dse.ldif . I have
> > tried
> > restarting etc but no luck.
> > 
> > Is this normal ?
> > 
> > Thanks.
> > --Prashant
> > 
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> 
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users