Re: Not able to enable audit logs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/15/2015 05:23 AM, Prashant Bapat wrote:
There is no error. It goes thru fine. When I restart the LDAP server after adding it, there is nothing in the audit file. And no entry in the dse.ldif.
Are you directly modifying the dse.ldif?  If so, you MUST do so while the server is stopped, otherwise the change is lost.  The best way is to use ldapmodify:

Example:

# ldapmodify -D "cn=directory manager" -W -p PORT -h HOST
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on



Enabling the audit log should log the change to enable it, so after making this update the audit log should not be empty (/var/log/dirsrv/slapd-INSTANCE/audit).

Mark



On 15 June 2015 at 13:39, German Parente <gparente@xxxxxxxxxx> wrote:
Hi Prashant,

it should work in the same way. Are you having an error doing your ldapmodify ?


There's not a specific entry for nsslapd-auditlog-logging-enabled.

nsslapd-auditlog-logging-enabled is an attribute of cn=config entry.

You should be able to query it by this command:

ldapsearch -xLLL -D "cn=directory manager" -W -b "cn=config" -s base nsslapd-auditlog-logging-enabled
dn: cn=config
nsslapd-auditlog-logging-enabled: on

Regards,

German.


----- Original Message -----
> From: "Prashant Bapat" <prashant@xxxxxxxxxx>
> To: "389-users" <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Monday, June 15, 2015 9:56:48 AM
> Subject: Not able to enable audit logs
>
> Hi,
>
> I have a setup of master-master replicated 389 DS installations as part of
> FreeIPA.
>
> This is the version of the 389-ds : 389-ds-base-1.3.3.8-1.fc21.x86_64
>
> On 1st server, I was able to enable the audit logs using the following LDIF.
>
>
>
>
> dn: cn=config
> changetype: modify
> replace: nsslapd-auditlog-logging-enabled
> nsslapd-auditlog-logging-enabled: on
>
> However, the same LDIF when I run on the second server (which is the
> replicated master) the audit logs never get enabled. I'm not able to find
> the nsslapd-auditlog-logging-enabled entry under the dse.ldif . I have tried
> restarting etc but no luck.
>
> Is this normal ?
>
> Thanks.
> --Prashant
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux