Hello !
I installed recently FreeIPA 3.0.0-47 and I have a question related to the logging dir used. We know that the logs are stored in /var/log/dirsrv folder but we would like to move this elsewhere ?
Do you know if it is possible ?
Best regards.
Bahan
On 20/08/15 13:53, bahan w wrote:
Hello !
I installed recently FreeIPA 3.0.0-47 and I have a question related to the logging dir used. We know that the logs are stored in /var/log/dirsrv folder but we would like to move this elsewhere ?
Do you know if it is possible ?
It is.
Set "nsslapd-accesslog" and "nsslapd-errorlog" under "cn=config" accordingly.
see: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
J.
Hm ok.
Ok, and to do that I use the ldapmodify command ?
Something like :
ldapmodify -x -D "cn=Directory Manager" -w <mdp password manager> -h <FQDN hosting server> -p 389
dn:cn=configchangetype:modifyreplace:nsslapd-accesslog nsslapd-accesslog:<MYPATH>
dn:cn=configchangetype:modifyreplace:nsslapd-errorlog nsslapd-errorlog:<MYPATH>
And then two ctrl+D to close the CLI ?
Best regards.
Bahan
On Thu, Aug 20, 2015 at 3:49 PM, Jochen Schneider scne59@gmail.com wrote:
On 20/08/15 13:53, bahan w wrote:
Hello !
I installed recently FreeIPA 3.0.0-47 and I have a question related to the logging dir used. We know that the logs are stored in /var/log/dirsrv folder but we would like to move this elsewhere ?
Do you know if it is possible ?
It is.
Set "nsslapd-accesslog" and "nsslapd-errorlog" under "cn=config" accordingly.
see:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
J.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 08/20/2015 10:20 AM, bahan w wrote:
Hm ok.
Ok, and to do that I use the ldapmodify command ?
Something like : ldapmodify -x -D "cn=Directory Manager" -w <mdp password manager> -h <FQDN hosting server> -p 389
dn:cn=config changetype:modify replace:nsslapd-accesslog nsslapd-accesslog:<MYPATH>
dn:cn=config changetype:modify replace:nsslapd-errorlog nsslapd-errorlog:<MYPATH>
And then two ctrl+D to close the CLI ?
Yes, but you need to restart the Directory Server for those changes to take effect. (restart-dirsrv)
Best regards.
Bahan
On Thu, Aug 20, 2015 at 3:49 PM, Jochen Schneider <scne59@gmail.com mailto:scne59@gmail.com> wrote:
On 20/08/15 13:53, bahan w wrote: > Hello ! > > I installed recently FreeIPA 3.0.0-47 and I have a question related to > the logging dir used. > We know that the logs are stored in /var/log/dirsrv folder but we would > like to move this elsewhere ? > > Do you know if it is possible ? It is. Set "nsslapd-accesslog" and "nsslapd-errorlog" under "cn=config" accordingly. see: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_Access_Log J. -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thank you for your answer.
Best regards.
Bahan
On Thu, Aug 20, 2015 at 4:31 PM, Mark Reynolds mareynol@redhat.com wrote:
On 08/20/2015 10:20 AM, bahan w wrote:
Hm ok.
Ok, and to do that I use the ldapmodify command ?
Something like :
ldapmodify -x -D "cn=Directory Manager" -w <mdp password manager> -h <FQDN hosting server> -p 389
dn:cn=configchangetype:modifyreplace:nsslapd-accesslog nsslapd-accesslog:<MYPATH>
dn:cn=configchangetype:modifyreplace:nsslapd-errorlog nsslapd-errorlog:<MYPATH>
And then two ctrl+D to close the CLI ?
Yes, but you need to restart the Directory Server for those changes to take effect. (restart-dirsrv)
Best regards.
Bahan
On Thu, Aug 20, 2015 at 3:49 PM, Jochen Schneider scne59@gmail.com wrote:
On 20/08/15 13:53, bahan w wrote:
Hello !
I installed recently FreeIPA 3.0.0-47 and I have a question related to the logging dir used. We know that the logs are stored in /var/log/dirsrv folder but we would like to move this elsewhere ?
Do you know if it is possible ?
It is.
Set "nsslapd-accesslog" and "nsslapd-errorlog" under "cn=config" accordingly.
see:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
J.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hm, thinking about that, I'm using FreeIPA and I can see two instances in /var/log/dirsrv : ls -l /var/log/dirsrv total 8 drwxrwx--- 2 dirsrv dirsrv 4096 Aug 21 11:45 slapd-<MYINSTANCE> drwxrwx--- 2 pkisrv dirsrv 4096 Aug 21 11:50 slapd-PKI-IPA
If I change the value of "nsslapd-accesslog" and "nsslapd-errorlog", it will modify the value for both of them no ? According to the documentation : ### Default Value /var/log/dirsrv/slapd-*instance_name*/access ###
Can I use the value "instance_name" ? Is it a variable that can be translated by dirsrv to correspond to each instance ? Or is it me who has to put by myself the name of the instance, but in this case how to set this value differently for each instance ?
Best regards.
Bahan
On Thu, Aug 20, 2015 at 6:14 PM, bahan w bahanw042014@gmail.com wrote:
Thank you for your answer.
Best regards.
Bahan
On Thu, Aug 20, 2015 at 4:31 PM, Mark Reynolds mareynol@redhat.com wrote:
On 08/20/2015 10:20 AM, bahan w wrote:
Hm ok.
Ok, and to do that I use the ldapmodify command ?
Something like :
ldapmodify -x -D "cn=Directory Manager" -w <mdp password manager> -h <FQDN hosting server> -p 389
dn:cn=configchangetype:modifyreplace:nsslapd-accesslog nsslapd-accesslog:<MYPATH>
dn:cn=configchangetype:modifyreplace:nsslapd-errorlog nsslapd-errorlog:<MYPATH>
And then two ctrl+D to close the CLI ?
Yes, but you need to restart the Directory Server for those changes to take effect. (restart-dirsrv)
Best regards.
Bahan
On Thu, Aug 20, 2015 at 3:49 PM, Jochen Schneider scne59@gmail.com wrote:
On 20/08/15 13:53, bahan w wrote:
Hello !
I installed recently FreeIPA 3.0.0-47 and I have a question related to the logging dir used. We know that the logs are stored in /var/log/dirsrv folder but we would like to move this elsewhere ?
Do you know if it is possible ?
It is.
Set "nsslapd-accesslog" and "nsslapd-errorlog" under "cn=config" accordingly.
see:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
J.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
bahan w wrote:
Hm, thinking about that, I'm using FreeIPA and I can see two instances in /var/log/dirsrv : ls -l /var/log/dirsrv total 8 drwxrwx--- 2 dirsrv dirsrv 4096 Aug 21 11:45 slapd-<MYINSTANCE> drwxrwx--- 2 pkisrv dirsrv 4096 Aug 21 11:50 slapd-PKI-IPA
If I change the value of "nsslapd-accesslog" and "nsslapd-errorlog", it will modify the value for both of them no ? According to the documentation : ### Default Value /var/log/dirsrv/slapd-/instance_name//access ###
Can I use the value "instance_name" ? Is it a variable that can be translated by dirsrv to correspond to each instance ? Or is it me who has to put by myself the name of the instance, but in this case how to set this value differently for each instance ?
An instance is a standalone, separate set of configuration and data for 389-ds. Each instance is completely indedependent of any others.
Each instance has its own cn=config so you need to set new values for both. instance_name in this documentation is just a placeholder. You'd use either slapd-<MYINSTANCE> or slapd-PKI-IPA.
rob
Best regards.
Bahan
On Thu, Aug 20, 2015 at 6:14 PM, bahan w <bahanw042014@gmail.com mailto:bahanw042014@gmail.com> wrote:
Thank you for your answer. Best regards. Bahan On Thu, Aug 20, 2015 at 4:31 PM, Mark Reynolds <mareynol@redhat.com <mailto:mareynol@redhat.com>> wrote: On 08/20/2015 10:20 AM, bahan w wrote:
Hm ok. Ok, and to do that I use the ldapmodify command ? Something like : ldapmodify -x -D "cn=Directory Manager" -w <mdp password manager> -h <FQDN hosting server> -p 389 dn:cn=config changetype:modify replace:nsslapd-accesslog nsslapd-accesslog:<MYPATH> dn:cn=config changetype:modify replace:nsslapd-errorlog nsslapd-errorlog:<MYPATH> And then two ctrl+D to close the CLI ?
Yes, but you need to restart the Directory Server for those changes to take effect. (restart-dirsrv)
Best regards. Bahan On Thu, Aug 20, 2015 at 3:49 PM, Jochen Schneider <scne59@gmail.com <mailto:scne59@gmail.com>> wrote: On 20/08/15 13:53, bahan w wrote: > Hello ! > > I installed recently FreeIPA 3.0.0-47 and I have a question related to > the logging dir used. > We know that the logs are stored in /var/log/dirsrv folder but we would > like to move this elsewhere ? > > Do you know if it is possible ? It is. Set "nsslapd-accesslog" and "nsslapd-errorlog" under "cn=config" accordingly. see: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_Access_Log J. -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org