Sunday, October 9, 2011

Protect Access Logs for the Sun Java System Directory Server


Protect Access Logs for the Sun Java System Directory Server
The LDIF script that this procedure creates sets up the following rules for access logs:
  • Log events at log level 256 and create buffered logs (default).
  • Rotate logs daily.
  • Keep a maximum of 100 log files, and each file is at most 500 MBytes.
  • Expire log files that are older than 3 months.
  • Delete oldest logs if less than 500 MBytes free disk space is available.
  • All log files use a maximum of 20,000 MBytes of disk space.
  1. Create a script to manage access logs.
Create a /var/tmp/logs-access.ldif file with the following content:
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-logging-enabled
nsslapd-accesslog-logging-enabled: on
-
replace: nsslapd-accesslog-level
nsslapd-accesslog-level: 256
-
replace: nsslapd-accesslog-logbuffering
nsslapd-accesslog-logbuffering: on
-
replace: nsslapd-accesslog-logrotationtime
nsslapd-accesslog-logrotationtime: 1
-
replace: nsslapd-accesslog-logrotationtimeunit
nsslapd-accesslog-logrotationtimeunit: day
-
replace: nsslapd-accesslog-maxlogsize
nsslapd-accesslog-maxlogsize: 500
-
replace: nsslapd-accesslog-maxlogsperdir
nsslapd-accesslog-maxlogsperdir: 100
-
replace: nsslapd-accesslog-logexpirationtime
nsslapd-accesslog-logexpirationtime: 3
-
replace: nsslapd-accesslog-logexpirationtimeunit
nsslapd-accesslog-logexpirationtimeunit: month
-
replace: nsslapd-accesslog-logmaxdiskspace
nsslapd-accesslog-logmaxdiskspace: 20000
-
replace: nsslapd-accesslog-logminfreediskspace
nsslapd-accesslog-logminfreediskspace: 500
  1. Run the script.
# ldapmodify -h localhost -D 'cn=directory manager' \ -f /var/tmp/logs-access.ldif
  1. Type the password.
4.           Enter bind password: Type the appropriate password
modifying entry cn=config

No comments:

Post a Comment