Using the command line
You can enable the administration server audit log and modify its settings using the command provided here at command line.
About this task
Issue the command:
idsldapmodify -D <adminDN> -w <adminPW> -i <filename>dn: cn=Admin Audit, cn=Log Management, cn=Configuration
changetype: modify
replace: ibm-audit
ibm-audit: true
-
replace: ibm-slapdLog
ibm-slapdLog: <newpathname>
-
replace: ibm-slapdLogSizeThreshold
ibm-slapdLogSizeThreshold: <size threshold in MB>
-
replace: ibm-slapdLogMaxArchives
ibm-slapdLogMaxArchives: <number of log archives to save>
-
replace: ibm-slapdLogArchivePath
ibm-slapdLogArchivePath: <archived logs path>
-
replace: ibm-auditBind
ibm-auditbind: {TRUE|FALSE}
#select TRUE to enable, FALSE to disable
-
replace: ibm-auditExtOp
ibm-auditExtOp: {TRUE|FALSE}
#select TRUE to enable, FALSE to disable
-
replace: ibm-auditFailedOPonly
ibm-auditExtOp: {TRUE|FALSE}
#select TRUE to enable, FALSE to disable
-
replace: ibm-auditSearch
ibm-auditsearch: {TRUE|FALSE}
#select TRUE to enable, FALSE to disable
-
replace: ibm-auditUnbind
ibm-auditunbind: {TRUE|FALSE}
#select TRUE to enable, FALSE to disableTo update
the settings dynamically, issue the following commands:
idsldapexop -p <instance port> -D <adminDN> -w <adminPW> -op readconfig \
-scope entire
idsldapexop -p <administration server port> -D <adminDN> -w <adminPW> \
-op readconfig -scope entire