Question & Answer
Question
How can I log activity coming into the Directory Server server?
Answer
There are two methods provided for enabling Audit logging. You can either use the Web Administration tool or use the command line method. This technote will cover the command line method. Please review the additional resources section at the end of this technote for more information on how you can use the audit log.
1. Audit Log Location:
The location of your audit log depends on your configuration.
The default location is as follows:
- On Unix: <instance home>/idsslapd-<instance name>/logs/audit.log
- On Windows: <Drive:>\<instance home>\idsslapd-<instance name>\logs\audit.log
To check if you have a custom location defined you can issue the following search command:
- idsldapsearch -h <hostname> -p <port#> -D <adminDN> -w <password> -s base -b "cn=Audit, cn=Log Management, cn=Configuration" objectclass=* ibm-slapdLog
Using the Command Line:
Note that this set of instructions enables auditing of all operations. For your environment you may only want to capture binds and searches or Adds and Modifies. Adjust the values as needed for your environment. For more information on Audit Logging, please refer to the knowledge center.
2. Enable the Audit Log:
Create a text file called audit_enable.ldif contains the ldif below:
- # start of audit_enable.ldif
dn: cn=Audit, cn=Log Management, cn=Configuration
changetype: modify
replace: ibm-audit
ibm-audit: TRUE
-
replace: ibm-auditAdd
ibm-auditAdd: TRUE
-
replace: ibm-auditBind
ibm-auditBind: TRUE
-
replace: ibm-auditDelete
ibm-auditDelete: TRUE
-
replace: ibm-auditExtOPEvent
ibm-auditExtOPEvent: TRUE
-
replace: ibm-auditFailedOPonly
ibm-auditFailedOPonly: FALSE
-
replace: ibm-auditModify
ibm-auditModify: TRUE
-
replace: ibm-auditModifyDN
ibm-auditModifyDN: TRUE
-
replace: ibm-auditPerformance
ibm-auditPerformance: TRUE
-
replace: ibm-auditPTABindInfo
ibm-auditPTABindInfo: TRUE
-
replace: ibm-auditSearch
ibm-auditSearch: TRUE
-
replace: ibm-auditUnbind
ibm-auditUnbind: TRUE
-
replace: ibm-auditExtOp
ibm-auditExtOp: TRUE
-
replace: ibm-auditExtOPEvent
ibm-auditExtOpEvent: TRUE
-
replace: ibm-auditCompare
ibm-auditCompare: TRUE
-
replace: ibm-auditGroupsOnGroupControl
ibm-auditGroupsOnGroupControl: TRUE
-
replace: ibm-auditAttributesOnGroupEvalOp
ibm-auditAttributesOnGroupEvalOp: TRUE
-
replace: ibm-auditVersion
ibm-auditVersion: 3
# End of audit_enable.ldif
Run the Command:
- idsldapmodify -h <hostname> -p <port#> -D <adminDN> -w <adminPW> -i audit_enable.ldif
If you need to change the audit.log file location to a folder where you have sufficient space:
Note: First create a folder in the file system where you have sufficient space and then change the folder permissions so that the instance user is able to write to that folder.
Create a text file called audit_logpath_update.ldif contains the ldif below:
- # start of audit_logpath_update.ldif
dn: cn=Audit, cn=Log Management, cn=Configuration
changetype: modify
replace:ibm-slapdLog
ibm-slapdLog: <path_to_new_folder>/audit.log
# end of audit_logpath_update.ldif
Run the Command:
idsldapmodify -h <hostname> -p <port#> -D <adminDN> -w <adminPW> -i audit_logpath_update.ldif
3. Disable the audit.log:
Create a text file called audit_disable.ldif contains the ldif below.
- # start of audit_disable.ldif
dn: cn=Audit, cn=Log Management, cn=Configuration
changetype: modify
replace: ibm-audit
ibm-audit: FALSE
# end of audit_disable.ldif
Run the command:
- idsldapmodify -h <hostname> -p <port#> -D <adminDN> -w <adminPW> -i audit_disable.ldif
Additional Resources:
ISIM Performance Tuning Guide
Resolving Slow Queries Using the Directory Server Audit log
Collecting Data for Directory Server: Performance Issues
[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1;6.2;6.3;6.3.1;6.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 June 2018
UID
swg21405323