Hi,
Noriko Hosoi <nhosoi@xxxxxxxxxx> a écrit :
I tried to reproduce the problem with these config parameters, but I
could not.
nsslapd-accesslog-logging-enabled: on
nsslapd-accesslog-maxlogsperdir: 10
nsslapd-accesslog-mode: 600
nsslapd-accesslog-maxlogsize: 10
nsslapd-accesslog-logrotationtime: 1
nsslapd-accesslog-logrotationtimeunit: day
nsslapd-accesslog-logrotationsync-enabled: on
nsslapd-accesslog-logrotationsynchour: 10
nsslapd-accesslog-logrotationsyncmin: 40
nsslapd-accesslog: /var/log/redhat-ds/slapd-laputa/access
It rotated the access log at 10:40, but it did not remove my
older/oldest log access.20070810-173005:
total 11788
-rw------- 1 nobody nobody 8570855 Aug 13 10:52 access
-rw------- 1 nobody root 108003 Aug 10 17:33 access.20070810-173005
-rw------- 1 nobody nobody 1845874 Aug 13 10:33 access.20070813-103043
-rw------- 1 nobody nobody 1453655 Aug 13 10:40
access.20070813-103824 <=== rotated at 10:40
-rw------- 1 nobody root 377 Aug 13 10:40 access.rotationinfo
-rw------- 1 nobody root 0 Aug 10 17:30 audit
-rw------- 1 nobody root 63 Aug 10 17:30 audit.rotationinfo
-rw------- 1 nobody root 5878 Aug 13 10:38 errors
-rw------- 1 nobody root 63 Aug 10 17:30 errors.rotationinfo
Do you happen to have any other advice I could test on?
Thanks,
--noriko
Actually, when you first set the time for the rotation
(nsslapd-accesslog-logrotationsynchour and
nsslapd-accesslog-logrotationsyncmin) everything goes well. It's
starting from the following rotation (after 24 hours) when it starts
to behave differently. So just wait for another 24 hours without
restarting the server...
And it seems to me that i've found the reason of this strange
behaviour. It is a half java console/half server bug:
1. When you set the deletion policy with the java console and if you
don't change at the same time the default time unit (for example, i've
put 12 MONTHs instead of 1 MONTH by default) the console does not put
the attribute 'nsslapd-accesslog-logexpirationtimeunit' (or
'nsslapd-errolog-logexpirationtimeunit' for error logs, maybe the same
problem for audit logs) into the dse.ldif. By default, this attribute
is not present. It puts however the
'nsslapd-accesslog-logexpirationtime' attribute. The first bug.
2. So what happens next... The server finds itself with the
'nsslapd-accesslog-logexpirationtime' set but without the time units.
And when the attribute 'nsslapd-accesslog-logexpirationtimeunit' is
not set, according to the documentation, the server should not delete
the logs at all (cf."If the
unit is unknown by the server, then the log will never expire").
However, that's exactly what it does. It deletes all the logs but the
last rotated one. The second bug.
(concerning the version of the server, it's a compiled rpm from
dsbuild-fds104.tar.gz in CentOS5, x32 architecture)
Anyway, it's a cosmetic bug but since i've ran into it i thought i
should share my experience :)
Talking about cosmetic bugs... There is another small bug concerning
the description of the aci bind rules in the documentation. Namely, in
chapter 6 (managing access control) of the administrator's guide at
the page 240 of the pdf version
(http://www.redhat.com/docs/manuals/dir-server/pdf/ds71admin.pdf) in
the paragraph "Bind Rules/Defining Access Based on Authentication".
While describing various SASL methods it mentions among others the
'GSS-API' keyword that can be used in ACIs. I've tested it and it
turns out that (authmethod = "sasl GSS-API") does not work. What
actually works is (authmethod = "sasl GSSAPI").
Thanks
Andrey Ivanov wrote:
I don't know whether it's a feature or a bug :) I have the
following configuration for the log management :
nsslapd-accesslog-logging-enabled: on
nsslapd-accesslog-maxlogsperdir: 365
nsslapd-accesslog-mode: 600
nsslapd-accesslog-maxlogsize: 120
nsslapd-accesslog-logrotationtime: 1
nsslapd-accesslog-logrotationtimeunit: day
nsslapd-accesslog-logrotationsync-enabled: on
nsslapd-accesslog-logrotationsynchour: 0
nsslapd-accesslog-logrotationsyncmin: 0
nsslapd-accesslog: /Logs/Ldap/access
nsslapd-accesslog-logmaxdiskspace: 50000
nsslapd-accesslog-logexpirationtime: 12
nsslapd-accesslog-logexpirationtimeunit: month
nsslapd-accesslog-logminfreediskspace: 2000
It means, essentially, that the logs are rotated once a day at
midnight (or if the file is larger than 120Mb) and that i keep them
for 1 year.
If i don't set the log rotation time (logrotationsynchour and
logrotationsyncmin) everything is ok, the logs are rotated once a
day and then they are kept for the necessary time period.
However when i set this rotation time the server deletes ALL the
logs but the current and the last one. That is, after each rotation
i have the current log (the file 'access') and the previous one
(yesterday's log, like access.20070811-000030). All the oher log
files are deleted.
So if i want to keep the logs i need to copy them to a different
place by a cron script which is not very elegant :)
----------------------------------------------------------------
This message was sent using X-WebMail
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
