mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-20 22:59:34 -05:00
163da8d217
The default behaviour of fopen() when called on a named pipe which does not have any reader, is to block, until a reader opens the pipe. This blocks slapo-auditlog when it attempts to write output. Depending on how critical the audit log is, it may be preferable to discard audit log output and continue processing requests if there's no reader available. For clarity the call to fopen() is removed and replaced with open()/fdopen(), allowing us to specify O_* flags as opposed to using fopen() or open()/fdopen(). 0666 are the base permissions used by fopen() when files are created.
100 lines
2.7 KiB
Groff
100 lines
2.7 KiB
Groff
.TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
|
.\" Copyright 2005-2024 The OpenLDAP Foundation All Rights Reserved.
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
.\" $OpenLDAP$
|
|
.SH NAME
|
|
slapo\-auditlog \- Audit Logging overlay to slapd
|
|
.SH SYNOPSIS
|
|
ETCDIR/slapd.conf
|
|
.TP
|
|
ETCDIR/slapd.d
|
|
.SH DESCRIPTION
|
|
The Audit Logging overlay can be used to record all changes on a given
|
|
backend database to a specified log file. Changes are logged as standard
|
|
LDIF, with an additional comment header providing six fields of
|
|
information about the change. A second comment header is added at the end
|
|
of the operation to note the termination of the change.
|
|
.LP
|
|
For Add and Modify operations the identity comes from the modifiersName
|
|
associated with the operation. This is usually the same as the requestor's
|
|
identity, but may be set by other overlays to reflect other values.
|
|
.SH CONFIGURATION
|
|
Both slapd.conf and back-config style configuration are supported.
|
|
.TP
|
|
.B overlay auditlog
|
|
This directive loads the auditlog overlay.
|
|
.TP
|
|
.B auditlog <filename>
|
|
.TP
|
|
.B olcAuditlogFile: <filename>
|
|
Specify the fully qualified path for the log file.
|
|
.TP
|
|
.B auditlognonblocking {on|off}
|
|
.TP
|
|
.B olcAuditlogNonBlocking: {on|off}
|
|
Open <filename> in non-blocking mode. Useful if <filename> is a named pipe
|
|
and slapd should not block if no reader is available.
|
|
.SH COMMENT FIELD INFORMATION
|
|
The first field is the operation type.
|
|
.br
|
|
The second field is the timestamp of the operation in seconds since epoch.
|
|
.br
|
|
The third field is the suffix of the database.
|
|
.br
|
|
The fourth field is the recorded modifiersName.
|
|
.br
|
|
The fifth field is the originating IP address and port.
|
|
.br
|
|
The sixth field is the connection number. A connection number of -1
|
|
indicates an internal slapd operation.
|
|
.SH EXAMPLE
|
|
The following LDIF could be used to add this overlay to
|
|
.B cn=config
|
|
(adjust to suit)
|
|
.LP
|
|
.RS
|
|
.nf
|
|
dn: olcOverlay=auditlog,olcDatabase={1}mdb,cn=config
|
|
changetype: add
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcAuditLogConfig
|
|
olcOverlay: auditlog
|
|
olcAuditlogFile: /tmp/auditlog.ldif
|
|
.fi
|
|
.RE
|
|
.LP
|
|
.LP
|
|
.SH EXAMPLE CHANGELOG
|
|
.LP
|
|
.RS
|
|
.nf
|
|
# modify 1614223245 dc=example,dc=com cn=admin,dc=example,dc=com IP=[::1]:47270 conn=1002
|
|
dn: uid=joepublic,ou=people,dc=example,dc=com
|
|
changetype: modify
|
|
replace: displayName
|
|
displayName: Joe Public
|
|
-
|
|
replace: entryCSN
|
|
entryCSN: 20210225032045.045229Z#000000#001#000000
|
|
-
|
|
replace: modifiersName
|
|
modifiersName: cn=admin,dc=example,dc=com
|
|
-
|
|
replace: modifyTimestamp
|
|
modifyTimestamp: 20210225032045Z
|
|
-
|
|
# end modify 1614223245
|
|
|
|
.fi
|
|
.RE
|
|
.LP
|
|
.SH FILES
|
|
.TP
|
|
ETCDIR/slapd.conf
|
|
default slapd configuration file
|
|
.TP
|
|
ETCDIR/slapd.d
|
|
default slapd configuration directory
|
|
.SH SEE ALSO
|
|
.BR slapd.conf (5),
|
|
.BR slapd\-config(5).
|