Did you know that OpenDJ, one of the major open source directory server, features a powerful logging interface ? For each need and use case, the OpenDJ logging system brings a solution to debug, finely tune and optimize or just filter out what you want or don’t want to see in your logs.
For example, let’s have a look at a few commands below…
Use this one to enable nanoseconds accuracy for LDAP operations execution time:
dsconfig -j mypasswordfile -Xn set-global-configuration-prop --set etime-resolution:nanoseconds
Use this one to enable the debug log with a somewhat talkative log level:
dsconfig -j mypasswordfile -Xn set-log-publisher-prop --publisher-name File-Based Debug Logger --set default-debug-level:verbose --set enabled:true
The last one below is a bit more complicated:
dsconfig -j mypasswordfile -Xn set-log-publisher-prop --publisher-name "File-Based Access Logger" --set connection-client-address-not-equal-to:10.0.0.1 --set log-record-type:extended --set response-etime-less-than:500 --set log-format:combined --set log-control-oids:true --set suppress-internal-operations:true --set buffer-size:512kb --set filtering-policy:exclusive --set queue-size:100000
It would have the following effects:
– it would exclude (from the access log) access requests issued by the 10.0.0.1 IP address, which can be very useful for example to prevent load balancers health-check requests from being logged, making the access log grow large unusefully if not excluded.
– it would also exclude LDAP extended operations like the replication trafic for example
– it would also exclude requests that took less than half a millisecond (500 ns) to be served. In such a case, it’s recommended to log both requests and results on the same line, for the same operation. That’s exactly what the « log-format:combined » parameter does.
– it would log LDAP controls OIDs, as well as the server internal LDAP operations like the ones executed by some enabled plugins
– finally, to limit disks I/O and improve the overall throughput, it would increase the default asynchronous access logger queue size as well as the log buffer size.