DS-LOGPIPE.PY(1) | General Commands Manual | DS-LOGPIPE.PY(1) |
ds-logpipe.py - Create and read from a named pipe instead of a log file
ds-logpipe.py /full/path/to/namedpipe
[-m maxlinestobuffer] [-u userid] [-s serverpidfile]
[-t servertimeout] [--plugin=/path/to/pluginfile.py]
[pluginfile.arg=value]
The Named Pipe Log Script allows you to replace a log file with a named pipe attached to a script. The server can then send the log output to a script instead of to a log file. This allows you to do many different things such as:
* log only certain events e.g. failed binds, connections from certain ip
addresses, etc.
* log only lines that match a certain pattern
* log only the last N lines - useful for enabling full error log debug levels
in production environments
* send an email or other notification when a certain event is detected
The script is written in python, and allows plugins. By default, the script will log the last N lines (default 1000). There are two plugins provided - one to log only failed bind attempts, and one that will log only lines that match given regular expressions.
A summary of options is included below.
The directory server will usually need to be configured to log to
the named pipe instead of the usual log file. For example, use the following
LDIF to tell the server to use the file access.pipe for the access
log:
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-maxlogsperdir
nsslapd-accesslog-maxlogsperdir: 1
-
replace: nsslapd-accesslog-logexpirationtime
nsslapd-accesslog-logexpirationtime: -1
-
replace: nsslapd-accesslog-logrotationtime
nsslapd-accesslog-logrotationtime: -1
-
replace: nsslapd-accesslog
nsslapd-accesslog: /var/log/dirsrv/slapd-localhost/access.pipe
-
replace: nsslapd-accesslog-logbuffering
nsslapd-accesslog-logbuffering: off
NOTE: Before doing this, you should save your current
configuration so you can restore it later.
ldapsearch ... -s base -b "cn=config"
nsslapd-accesslog-maxlogsperdir nsslapd-accesslog-logexpirationtime
nsslapd-accesslog-logrotationtime nsslapd-accesslog >
savedaccesslog.ldif
The error log and audit log have similarly named configuration attributes e.g. nsslapd-errorlog, nsslapd-auditlog. Note that the audit log is disabled by default - use nsslapd-auditlog-logging-enabled: on to enable it.
ds-logpipe.py was written by the 389 Project.
Report bugs to https://pagure.io/389-ds-base/new_issue
Copyright © 2018 Red Hat, Inc.
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this software
distribution. This license is essentially the GNU General Public License
version 2 with an exception for plug-in distribution.
March 31, 2017 |