[Freeipa-users] Where do I change the nsslapd-accesslog-level?

Richard Megginson rmeggins at redhat.com
Tue May 13 20:26:44 UTC 2014 

----- Original Message -----
> On Tue, May 13, 2014 at 1:28 PM, Richard Megginson
> <rmeggins at redhat.com>wrote:
> 
> > ----- Original Message -----
> > > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64).
> > >
> > > Where do I change the verbosity of access logging?
> >
> >
> > Why do you need to change the verbosity of access logging?  Do you mean
> > error logging?  If so, see http://port389.org/wiki/FAQ#Troubleshooting
> >
> 
> I do mean access logging. I want to change it because it's too verbose :-)
> . It's causing high load / iowait on the server.

There isn't a way to change the access log level to make it less verbose.
You can turn it off completely nsslapd-accesslog-enabled: off
Note that the access log is buffered, specifically to reduce the I/O load.  If that buffered load is _still_ too high, then you might want to investigate replacing the access log file with a named pipe, then writing a small bit of python code to filter out only the events you are interested in.  See https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/using-named-pipe.html

> 
> Based on the link you sent if I crafted an ldif like:
> 
> dn: cn=config
> changetype: modify
> replace: nsslapd-accesslog-level
> nsslapd-accesslog-level: 4
> 
> that would presumably get me what I want.

I don't think so.  The error log levels are completely different than the access log levels, in that there are no access log levels.

> 
> Does it require a dirsrv restart?

No, but . . .

> 
> Please advise.
> 
> Thanks!
> 
> 
> 
> >
> > >
> > > This doc:
> > >
> > >
> > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/server-config.html
> > >
> > > discusses turning on global debugging but doesn't help me. The same doc
> > links
> > > to:
> > >
> > >
> > https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Configuration_and_Command-Line_Tool_Reference/logs-reference.html
> > >
> > > which tells me that I need to change the nsslapd-accesslog-level but the
> > link
> > > on that page is a 404.
> > >
> > > So what do I need to do to change the level? I would assume that setting
> > the
> > > level to 4 would be indicated if 256 is too verbose but can someone
> > please
> > > confirm?
> > >
> > > I tried looking in the Configuration tab of the admin GUI but I get
> > thrown:
> > >
> > > IPA Error 4204
> > >
> > > limits exceeded for this query
> > >
> > > Not sure what's going on there, might be symptomatic of the high load the
> > > server is under due to iowait perhaps...
> > >
> > > Thanks!
> > >
> > > _______________________________________________
> > > Freeipa-users mailing list
> > > Freeipa-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
>

More information about the Freeipa-users mailing list