[Freeipa-users] Where do I change the nsslapd-accesslog-level?

Jason Becker jasondbecker at gmail.com
Tue May 13 21:27:19 UTC 2014 

On Tue, May 13, 2014 at 2:26 PM, Richard Megginson <rmeggins at redhat.com>wrote:

> ----- Original Message -----
> > On Tue, May 13, 2014 at 1:28 PM, Richard Megginson
> > <rmeggins at redhat.com>wrote:
> >
> > > ----- Original Message -----
> > > > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64).
> > > >
> > > > Where do I change the verbosity of access logging?
> > >
> > >
> > > Why do you need to change the verbosity of access logging?  Do you mean
> > > error logging?  If so, see http://port389.org/wiki/FAQ#Troubleshooting
> > >
> >
> > I do mean access logging. I want to change it because it's too verbose
> :-)
> > . It's causing high load / iowait on the server.
>
> There isn't a way to change the access log level to make it less verbose.
> You can turn it off completely nsslapd-accesslog-enabled: off
>

Sorry, you've confused me. Are you saying that "nsslapd-accesslog-level: 4"
is just as verbose as "nsslapd-accesslog-level: 256"? Or that there is
literally no way to change the level despite the fact that there are levels?

Cheers



> Note that the access log is buffered, specifically to reduce the I/O load.
>  If that buffered load is _still_ too high, then you might want to
> investigate replacing the access log file with a named pipe, then writing a
> small bit of python code to filter out only the events you are interested
> in.  See
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/using-named-pipe.html
>
> >
> > Based on the link you sent if I crafted an ldif like:
> >
> > dn: cn=config
> > changetype: modify
> > replace: nsslapd-accesslog-level
> > nsslapd-accesslog-level: 4
> >
> > that would presumably get me what I want.
>
> I don't think so.  The error log levels are completely different than the
> access log levels, in that there are no access log levels.
>
> >
> > Does it require a dirsrv restart?
>
> No, but . . .
>
> >
> > Please advise.
> >
> > Thanks!
> >
> >
> >
> > >
> > > >
> > > > This doc:
> > > >
> > > >
> > >
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/server-config.html
> > > >
> > > > discusses turning on global debugging but doesn't help me. The same
> doc
> > > links
> > > > to:
> > > >
> > > >
> > >
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Configuration_and_Command-Line_Tool_Reference/logs-reference.html
> > > >
> > > > which tells me that I need to change the nsslapd-accesslog-level but
> the
> > > link
> > > > on that page is a 404.
> > > >
> > > > So what do I need to do to change the level? I would assume that
> setting
> > > the
> > > > level to 4 would be indicated if 256 is too verbose but can someone
> > > please
> > > > confirm?
> > > >
> > > > I tried looking in the Configuration tab of the admin GUI but I get
> > > thrown:
> > > >
> > > > IPA Error 4204
> > > >
> > > > limits exceeded for this query
> > > >
> > > > Not sure what's going on there, might be symptomatic of the high
> load the
> > > > server is under due to iowait perhaps...
> > > >
> > > > Thanks!
> > > >
> > > > _______________________________________________
> > > > Freeipa-users mailing list
> > > > Freeipa-users at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140513/66df697e/attachment.htm>

More information about the Freeipa-users mailing list