Protect
Access Logs for the Sun Java System Directory Server
- Log events at log level 256 and create
buffered logs (default).
- Rotate logs daily.
- Keep a maximum of 100 log files, and each
file is at most 500 MBytes.
- Expire log files that are older than 3
months.
- Delete oldest logs if less than 500 MBytes
free disk space is available.
- All log files use a maximum of 20,000
MBytes of disk space.
- Create a script to manage access
logs.
Create
a /var/tmp/logs-access.ldif file with the following
content:
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-logging-enabled
nsslapd-accesslog-logging-enabled: on
-
replace: nsslapd-accesslog-level
nsslapd-accesslog-level: 256
-
replace: nsslapd-accesslog-logbuffering
nsslapd-accesslog-logbuffering: on
-
replace: nsslapd-accesslog-logrotationtime
nsslapd-accesslog-logrotationtime: 1
-
replace:
nsslapd-accesslog-logrotationtimeunit
nsslapd-accesslog-logrotationtimeunit: day
-
replace: nsslapd-accesslog-maxlogsize
nsslapd-accesslog-maxlogsize: 500
-
replace: nsslapd-accesslog-maxlogsperdir
nsslapd-accesslog-maxlogsperdir: 100
-
replace: nsslapd-accesslog-logexpirationtime
nsslapd-accesslog-logexpirationtime: 3
-
replace: nsslapd-accesslog-logexpirationtimeunit
nsslapd-accesslog-logexpirationtimeunit:
month
-
replace: nsslapd-accesslog-logmaxdiskspace
nsslapd-accesslog-logmaxdiskspace: 20000
-
replace:
nsslapd-accesslog-logminfreediskspace
nsslapd-accesslog-logminfreediskspace: 500
- Run the script.
# ldapmodify -h localhost -D 'cn=directory
manager' \ -f /var/tmp/logs-access.ldif
- Type the password.
4.
Enter
bind password: Type the appropriate password
modifying entry cn=config
No comments:
Post a Comment