7.5. Replacing Log Files with a Named Pipe
- Logging certain events, like failed bind attempts or connections from specific users or IP addresses
- Logging entries which match a specific regular expression pattern
- Keeping the log to a certain length (logging only the last number of lines)
- Sending a notification, such as an email, when an event occurs
ds-logpipe.py
/path/to/named_pipe
[
--user pipe_user
] [
--maxlines number
] [[
--serverpidfile file.pid
] | [
--serverpid PID
]] [
--servertimeout seconds
] [
--plugin=/path/to/plugin.py
| [
pluginfile.arg=value
]]
7.5.1. Using the Named Pipe for Logging
# ds-logpipe.py /var/log/dirsrv/slapd-example/access
ds-logpipe.py
in this way has the advantage of being simple to implement and not requiring any Directory Server configuration changes. This is useful for fast debugging or monitoring, especially if you are looking for a specific type of event.
- The log file to use has to be changed to the pipe (
nsslapd-*log
, where the * can be access, error, or audit[2], depending on the log type being configured) - Buffering should be disabled because the script already buffers the log entries (
nsslapd-*log-logbuffering
) - Log rotation should be disabled so that the server does not attempt to rotate the named pipe (
nsslapd-*log-maxlogsperdir
,nsslapd-*log-logexpirationtime
, andnsslapd-*log-logrotationtime
)
ldapmodify
.
access.pipe
:
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=config changetype: modify replace: nsslapd-accesslog nsslapd-accesslog: /var/log/dirsrv/slapd-instance/access.pipe - replace: nsslapd-accesslog-logbuffering nsslapd-accesslog-logbuffering: off - replace: nsslapd-accesslog-maxlogsperdir nsslapd-accesslog-maxlogsperdir: 1 - replace: nsslapd-accesslog-logexpirationtime nsslapd-accesslog-logexpirationtime: -1 - replace: nsslapd-accesslog-logrotationtime nsslapd-accesslog-logrotationtime: -1
Note
7.5.2. Starting the Named Pipe with the Server
Note
dse.ldif
file before it can be called at server startup.
- Open the instance configuration file for the server system.
/etc/sysconfig/dirsrv-instance_name
Warning
Do not edit the/etc/sysconfig/dirsrv
file. - At the end of the file, there will be a line that reads:
# Put custom instance specific settings below here.
Below that line, insert theds-logpipe.py
command to launch when the server starts. For example:# only keep the last 1000 lines of the error log python /usr/bin/ds-logpipe.py /var/log/dirsrv/slapd-example/errors.pipe -m 1000 -u dirsrv -s /var/run/dirsrv/slapd-example.pid > /var/log/dirsrv/slapd-example/errors & # only log failed binds python /usr/bin/ds-logpipe.py /var/log/dirsrv/slapd-example/access.pipe -u dirsrv -s /var/run/dirsrv/slapd-example.pid --plugin=/usr/share/dirsrv/data/failedbinds.py failedbinds.logfile=/var/log/dirsrv/slapd-example/access.failedbinds &
Note
The-s
option both specifies the .pid file for the server to write its PID to and sets the script to start and stop with the server process.
7.5.3. Using Plug-ins with the Named Pipe Log
- The plug-in function is called for every line read from the named pipe.
- The plug-in function must be a Python script and must end in
.py
. - Any plug-in arguments are passed in the command line to the named pipe log script.
- A pre-operation function can be specified for when the plug-in is loaded.
- A post-operation function can be called for when the script exits.
7.5.3.1. Loading Plug-ins with the Named Pipe Log Script
ds-logpipe.py
to use for plug-ins:
- The
--plugin
option gives the path to the plug-in file (which must be a Python script and must end in.py
). - The plugin.arg option passes plug-in arguments to the named pipe log script. The plug-in file name (without the
.py
extension) is plugin and any argument allowed in that plug-in can be arg .
ds-logpipe.py /var/log/dirsrc/slapd-example/errors.pipe --plugin=/usr/share/dirsrv/data/example-funct.py example-funct.regex="warning"
> warnings.txt
arg1
:
--plugin=/path/to/pluginname.py pluginname.arg1=foo pluginname.arg1=bar pluginname.arg2=baz
{'arg1': ['foo', 'bar'], 'arg2': 'baz'}
dict
object with two keys. The first key is the string arg1
, and its value is a Python list object with two elements, the strings foo
and bar
. The second key is the string arg2
, and its value is the string baz
. If an argument has only a single value, it is left as a simple string. Multiple values for a single argument name are converted into a list of strings.
7.5.3.2. Writing Plug-ins to Use with the Named Pipe Log Script
ds-logpipe.py
command expects up to three functions in any plug-in: plugin ()
, pre ()
, and post ()
.
ds-logpipe.py
command must specify the plugin
function.
plugin ()
function is performed against every line in the log data, while the pre ()
and post ()
functions are run when the script is started and stopped, respectively.
Example 7.8. Simple Named Pipe Log Plug-in
def pre(myargs): retval = True myarg = myargs['argname'] if isinstance(myarg, list): # handle list of values else: # handle single value if bad_problem: retval = False return retval def plugin(line): retval = True # do something with line if something_is_bogus: retval = False return retval def post(): # no arguments # do something # no return value