Audit log

You must determine whether you require auditing of operations that are run against a Directory Server. If you do not require to audit operations, you can disable the audit feature.

To tune audit log, you must start the Directory Server instance.

The Directory Server audit log feature significantly slows down the Directory Server performance, depending upon which audit log features are turned on. It is advisable to turn off all audit log features.

To check the status of the audit log feature, run the following ldapsearch command: 

ldapsearch –D cn=root –w admin_passwd –s base –b "cn=Audit,cn=Log Management,cn=Configuration" \
"objectclass=*" ibm-audit

Where, cn=root is the Directory Server root administrator user, and admin_passwd is the password for the administrator.

The following output is returned if the audit log is not set: 

cn=Audit, cn=Log Management, cn=Configuration
ibm-audit=false

where, ibm-audit=false indicates that the audit log feature is turned off.

If this value is true, run the following command to turn it off: 

ldapmodify -D cn=root -w admin_passwd
dn: cn=Audit, cn=Log Management, cn=Configuration
changetype: modify
replace: ibm-audit
ibm-audit: false
Parent topic: Directory Server tuning roadmap