Chapter 14. Monitoring Server and Database Activity

This chapter describes monitoring database and Red Hat Directory Server logs. For information on using SNMP to monitor the Directory Server, see Chapter 15, Monitoring Directory Server Using SNMP.

14.1. Viewing and Configuring Log Files

Directory Server provides three types of logs to help better manage the directory and tune performance. There are three types of logs:
  • Access
  • Errors
  • Audit
For all types of logs, the log creation and log deletion policies have to be configured. The log creation policy sets when a new log file is started, and the log deletion policy sets when an old log file is deleted. The following sections describe how to define the log file creation and deletion policy and how to view and configure each type of log.

NOTE

When the server is not running, the log files cannot be viewed in the Directory Server Console, but they can be viewed in the Admin Express. Open the Administration Server URL in a browser:
http://hostname:admin_server_port
Then log in with the admin login ID and password, and click the link for Administration Express.

14.1.1. Defining a Log File Rotation Policy

For the directory to archive the current log periodically and start a new one, define a log file rotation policy in the Directory Server Console. The log file rotation policy has the following configuration parameters:
  • The access mode or file permissions with which log files are to be created. The default value is 600. The valid values are any combination of 000 to 777, as they mirror numbered or absolute UNIX file permissions. This value must be a combination of a 3-digit number, the digits varying from 0 through 7:
    0 — None
    1 — Execute only
    2 — Write only
    3 — Write and execute
    4 — Read only
    5 — Read and execute
    6 — Read and write
    7 — Read, write, and execute
    In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, keep in mind that 000 will not allow access to the logs and that allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.
    The newly configured access mode will only affect new logs that are created; the mode will be set when the log rotates to a new file.
  • The maximum number of logs for the directory to keep. When the directory reaches this number of logs, it deletes the oldest log file in the folder before creating a new log. The default is 10 logs. Do not set this value to 1, or the directory will not rotate the log, and the log will grow indefinitely.
  • The maximum size (in megabytes) for each log file. To keep from setting a maximum size, type -1 in this field. The default is 100 megabytes. Once a log file reaches this maximum size (or the maximum age), the directory archives the file and starts a new one. Setting the maximum number of logs to 1 causes the directory to ignore this attribute.
  • How often the directory archives the current log file and creates a new one. The maximum age of the file can be set in minutes, hours, days, weeks, or months. The logs can also be rotated at a particular time of the day; for example, every day at midnight. The default is every day. Setting the maximum number of logs to 1 causes the directory to ignore this attribute.
Each log file includes a title, which identifies the server version, hostname, and port, for ease of archiving or exchanging log files. The title has the following form:
Red Hat-Directory/version build_number hostname:port (/etc/dirsrv/slapd-instance_name)
For example, the first couple of lines of any log files generated by a Directory Server instance may show lines similar to these:
Red Hat-Directory/8.1 B2007.188.1157 myhost.example.com:389 (/usr/lib/dirsrv/slapd-example)

14.1.2. Defining a Log File Deletion Policy

For the directory to automatically delete old archived logs, define a log file deletion policy from the Directory Server Console.

NOTE

The log deletion policy only makes sense if there is already a defined log file rotation policy. Log file deletion will not work if there is just one log file. The server evaluates the log file deletion policy at the time of log rotation.
The log file deletion policy can be configured with the following parameters:
  • The maximum size of the combined archived logs. When the maximum size is reached, the oldest archived log is automatically deleted. The default size is -1, which sets an unlimited maximum size. This parameter is ignored if the maximum number of log files is set to 1.
  • The minimum amount of free disk space. When the free disk space reaches this minimum value, the oldest archived log is automatically deleted. The default is -1, which means that the server does not check or require a minimum amount of free disk space. This parameter is ignored if the maximum number of log files is set to 1.
  • The maximum age of log files. When a log file reaches this maximum age, it is automatically deleted. The default is 1 month. This parameter is ignored if the maximum number of log files is set to 1.

14.1.3. Access Log

The access log contains detailed information about client connections to the directory.

14.1.3.1. Viewing the Access Log

To view the access log in the Directory Server Console:
  1. In the Directory Server Console, select the Status tab.
  2. In the navigation tree, expand the Log folder, and select the Access Log icon.
    A table displays a list of the last 25 entries in the access log.
    • To refresh the current display, click Refresh. Select the Continuous checkbox for the display to refresh automatically every ten seconds.

      NOTE

      Continuous log refresh does not work well with log files over 10 megabytes.
    • To view an archived access log, select it from the Select Log pull-down menu.
    • To display a different number of messages, enter the number to view in the Lines to show text box, and then click Refresh.
    • To display messages containing a specified string,y enter the string in the Show only lines containing text box, and click Refresh.

14.1.3.2. Configuring the Access Log

There are a number of settings that can be configured to customize the access log, including where the directory stores the access log and the creation and deletion policies.
It is also possible to disable access logging for the directory. It may be useful to disable access logging because the access log can grow very quickly; every 2,000 accesses to the directory increases the access log by approximately 1 megabyte. However, before turning off access logging, consider that the access log provides beneficial troubleshooting information.
To configure the access log for the directory:
  1. In the Directory Server Console, select the Configuration tab.
  2. In the navigation tree, expand the Log folder, and select the Access Log icon.
    The access log configuration attributes are displayed in the right pane.
  3. To enable access logging, select the Enable Logging checkbox.
    Clear this checkbox to keep the directory from maintaining an access log. Access logging is enabled by default.
  4. Enter the full path and filename for the directory to use for the access log in the Log File field. The default path is /var/log/dirsrv/slapd-instance_name/access.
  5. Set the maximum number of logs, log size, and archive time period.
    For information on these parameters, see Section 14.1.1, “Defining a Log File Rotation Policy”.
  6. Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
    For information on these parameters, see Section 14.1.2, “Defining a Log File Deletion Policy”.
  7. Click Save.
The logconv.pl Perl script reports the statistical information retrieved from the access log. For more information on logconv.pl, refer to the Directory Server Configuration and Command Reference.

14.1.4. Error Log

The error log contains detailed messages of errors and events the directory experiences during normal operations.

WARNING

If the Directory Server fails to write to the errors log, the server sends the message to syslog and exits.

14.1.4.1. Viewing the Error Log

To view the error log: [20]
  1. In the Directory Server Console, select the Status tab.
  2. In the navigation tree, expand the Log folder, and select the Error Log icon.
    A table displays a list of the last 25 entries in the error log.
    • To refresh the current display, click Refresh. Select the Continuous checkbox for the display to refresh automatically every ten seconds.

      NOTE

      Continuous log refresh does not work well with log files over 10 megabytes.
    • To view an archived error log, select it from the Select Log pull-down menu.
    • To specify a different number of messages, enter the number of lines to view in the Lines to show text box, and click Refresh.
    • To display messages containing a specified string, enter the string in the Show only lines containing text box, and click Refresh.

14.1.4.2. Configuring the Error Log

There are several configuration settings for the error log, including where the directory stores the log and what information the directory includes in the log. To configure the error log:
  1. In the Directory Server Console, select the Configuration tab.
  2. In the navigation tree, expand the Logs folder, and select the Error Log icon.
    The error log configuration attributes are displayed in the right pane.
  3. Select the Error Log tab in the right pane.
  4. To enable error logging, select the Enable Logging checkbox.
    Clear this checkbox to keep the directory from maintaining an error log. Error logging is enabled by default.
  5. Enter the full path and filename for the directory to use for the error log in the Log File field. The default path is the /var/log/dirsrv/slapd-instance_name/errors directory.
  6. Set the maximum number of logs, log size, and time period when the file is archived.
    For information on these parameters, see Section 14.1.1, “Defining a Log File Rotation Policy”.
  7. Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
    For information on these parameters, see Section 14.1.2, “Defining a Log File Deletion Policy”.
  8. To set the log level, use the Ctrl key and click the options for the directory to include in the Log Level list box.
    For more information about log level options, see Log Level in the Directory Server Configuration and Command Reference.

    NOTE

    Changing these values from the defaults may cause the error log to grow very rapidly, so Red Hat recommends not changing the logging level without being asked to do so by Red Hat technical support.
  9. Click Save.

14.1.5. Audit Log

The audit log contains detailed information about changes made to each database as well as to server configuration.

14.1.5.1. Viewing the Audit Log

Before the audit log can be viewed, audit logging must be enabled for the directory, so the audit log will not be kept. Section 14.1.5.2, “Configuring the Audit Log” has more information.
To view the audit log:
  1. In the Directory Server Console, select the Status tab.
  2. In the navigation tree, expand the Log folder, and select the Audit Log icon.
    A table displays a list of the last 25 entries in the audit log.
    • To refresh the current display, click Refresh. Select the Continuous checkbox for the display to refresh automatically every ten seconds.

      NOTE

      Continuous log refresh does not work well with log files over 10 megabytes.
    • To view an archived audit log, select it from the Select Log pull-down menu.
    • To display a different number of messages, enter the number of lines to view in the Lines to show text box, and click Refresh.
    • To display messages containing a specified string, enter the string in the Show only lines containing text box, and click Refresh.

14.1.5.2. Configuring the Audit Log

The Directory Server Console can be used to enable and disable audit logging and to specify where the audit log file is stored. To configure audit logging:
  1. In the Directory Server Console, select the Configuration tab.
  2. In the navigation tree, expand the Log folder, and select the Audit Log icon.
    The audit log configuration attributes are displayed in the right pane.
  3. To enable audit logging, select the Enable Logging checkbox.
    To disable audit logging, clear the checkbox. By default, audit logging is disabled.
  4. Enter the full path and filename for the directory to use for the audit log in the field provided. The default path is /var/log/dirsrv/slapd-instance_name/audit.
  5. Set the maximum number of logs, log size, and time period when the file is archived.
    For information on these parameters, see Section 14.1.1, “Defining a Log File Rotation Policy”.
  6. Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
    For information on these parameters, see Section 14.1.2, “Defining a Log File Deletion Policy”.
  7. Click Save.


[20] If the Directory Server fails to write to the errors log, the server sends the message to syslog and exits.