Discussion:
openldap does not want to write log files?
Mauricio Tavares
2011-03-01 14:17:41 UTC
Permalink
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.

So, in the /etc/syslog.conf file I have:

local4.info /var/log/ldap.log
local4.err /var/log/ldap.log
local4.notice /var/log/ldap.log

which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as

-rw------- 1 root sys 0 Feb 28 16:21 ldap.log

and in the slapd.conf file I have

loglevel 11560
logfile /var/log/slapd.log

which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,

-rw------- 1 root sys 0 Mar 1 07:39 slapd.log

When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
happened is the data in slapd.log changed:

-rw------- 1 root sys 0 Feb 28 16:21 ldap.log
-rw------- 1 root sys 0 Mar 1 07:40 slapd.log

Anything I am missing here?
Germ van Ek
2011-03-01 14:27:17 UTC
Permalink
Unless your openldap is running as root (which it shouldn't), it won't
be able to write to the logfile, as only the user root has permissions
to do this.
Make sure your ldap user can write to this file.

-----Oorspronkelijk bericht-----
Van: openldap-technical-***@OpenLDAP.org
[mailto:openldap-technical-***@OpenLDAP.org] Namens Mauricio Tavares
Verzonden: dinsdag 1 maart 2011 15:18
Aan: openldap-technical
Onderwerp: openldap does not want to write log files?

I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.

So, in the /etc/syslog.conf file I have:

local4.info /var/log/ldap.log
local4.err /var/log/ldap.log
local4.notice /var/log/ldap.log

which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as

-rw------- 1 root sys 0 Feb 28 16:21 ldap.log

and in the slapd.conf file I have

loglevel 11560
logfile /var/log/slapd.log

which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,

-rw------- 1 root sys 0 Mar 1 07:39 slapd.log

When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
happened is the data in slapd.log changed:

-rw------- 1 root sys 0 Feb 28 16:21 ldap.log
-rw------- 1 root sys 0 Mar 1 07:40 slapd.log

Anything I am missing here?

--



--
Mauricio Tavares
2011-03-01 14:40:03 UTC
Permalink
Post by Germ van Ek
Unless your openldap is running as root (which it shouldn't), it won't
be able to write to the logfile, as only the user root has permissions
to do this.
Make sure your ldap user can write to this file.
I agree it shouldn't but as I mentioned in the original
message I decided to run it as root to see if I can eliminate the user
permission issue from this equation. I mean if root can't write to
those files, I am in trouble. =)

BTW, if I run slapd (/usr/local/libexec/slapd) in debug mode, it will
spit out the messages I was hoping to see in the logs.
Post by Germ van Ek
-----Oorspronkelijk bericht-----
Verzonden: dinsdag 1 maart 2011 15:18
Aan: openldap-technical
Onderwerp: openldap does not want to write log files?
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.
local4.info                                     /var/log/ldap.log
local4.err                                      /var/log/ldap.log
local4.notice                                   /var/log/ldap.log
which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
and in the slapd.conf file I have
loglevel        11560
logfile         /var/log/slapd.log
which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,
-rw-------   1 root     sys            0 Mar  1 07:39 slapd.log
When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
-rw-------   1 root     sys            0 Mar  1 07:40 slapd.log
Anything I am missing here?
--
--
Chris Jackson
2011-03-01 14:43:56 UTC
Permalink
Based on the way he appears to be trying to route log messages syslogd would need the ability to write to the log file in /var/log not the slapd user unless he is using the slapd.conf call to logfile.

A couple of things to look at:

Is there an entry in you slapd.conf for logfile?
i.e. logfile /var/log/slapd
Try using a a different local4 call in your syslogd.conf.
local4.* /var/log/slapd


I have found that if you have the local4.* redirect in syslogd and a logfile call in your slapd.conf going to same /var/log/slapd it will get overwritten, have permission issues, and not log.


Chris Jackson
Post by Germ van Ek
Unless your openldap is running as root (which it shouldn't), it won't
be able to write to the logfile, as only the user root has permissions
to do this.
Make sure your ldap user can write to this file.
-----Oorspronkelijk bericht-----
Verzonden: dinsdag 1 maart 2011 15:18
Aan: openldap-technical
Onderwerp: openldap does not want to write log files?
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.
local4.info /var/log/ldap.log
local4.err /var/log/ldap.log
local4.notice /var/log/ldap.log
which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as
-rw------- 1 root sys 0 Feb 28 16:21 ldap.log
and in the slapd.conf file I have
loglevel 11560
logfile /var/log/slapd.log
which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,
-rw------- 1 root sys 0 Mar 1 07:39 slapd.log
When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
-rw------- 1 root sys 0 Feb 28 16:21 ldap.log
-rw------- 1 root sys 0 Mar 1 07:40 slapd.log
Anything I am missing here?
--
--
Chris Jackson
2011-03-01 14:57:02 UTC
Permalink
I meant to say:

Comment out the logfile call in slapd.conf.
Post by Chris Jackson
Is there an entry in you slapd.conf for logfile?
i.e. logfile /var/log/slapd
Chris Jackson
Supervisor of Information Services
District School Board of Pasco County
813-794-2926
Post by Chris Jackson
Based on the way he appears to be trying to route log messages syslogd would need the ability to write to the log file in /var/log not the slapd user unless he is using the slapd.conf call to logfile.
Is there an entry in you slapd.conf for logfile?
i.e. logfile /var/log/slapd
Try using a a different local4 call in your syslogd.conf.
local4.* /var/log/slapd
I have found that if you have the local4.* redirect in syslogd and a logfile call in your slapd.conf going to same /var/log/slapd it will get overwritten, have permission issues, and not log.
Chris Jackson
Post by Germ van Ek
Unless your openldap is running as root (which it shouldn't), it won't
be able to write to the logfile, as only the user root has permissions
to do this.
Make sure your ldap user can write to this file.
-----Oorspronkelijk bericht-----
Verzonden: dinsdag 1 maart 2011 15:18
Aan: openldap-technical
Onderwerp: openldap does not want to write log files?
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.
local4.info /var/log/ldap.log
local4.err /var/log/ldap.log
local4.notice /var/log/ldap.log
which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as
-rw------- 1 root sys 0 Feb 28 16:21 ldap.log
and in the slapd.conf file I have
loglevel 11560
logfile /var/log/slapd.log
which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,
-rw------- 1 root sys 0 Mar 1 07:39 slapd.log
When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
-rw------- 1 root sys 0 Feb 28 16:21 ldap.log
-rw------- 1 root sys 0 Mar 1 07:40 slapd.log
Anything I am missing here?
--
--
Mauricio Tavares
2011-03-01 15:02:27 UTC
Permalink
Post by Chris Jackson
Based on the way he appears to be trying to route log messages syslogd would need the ability to write to the log file in /var/log not the slapd user unless he is using the slapd.conf call to logfile.
Is there an entry in you slapd.conf for logfile?
                                                               i.e. logfile /var/log/slapd
Post by Mauricio Tavares
and in the slapd.conf file I have
loglevel        11560
logfile         /var/log/slapd.log
Try using a a different local4 call in your syslogd.conf.
                                                       local4.*           /var/log/slapd
Well, I found out I really can't. It seems the stock solaris
syslog does not like a "*" as the priority. It took me a bit to figure
that one out, but that is why I chose to be explicit. I know I should
just but rsyslog or syslog-ng, but right now I just want to make sure
I can make it talk to the stock syslog before adding more variables to
my mess. =)
Post by Chris Jackson
I have found that if you have the local4.* redirect in syslogd and a logfile call in your slapd.conf going to same /var/log/slapd  it will get overwritten, have permission issues, and not log.
Chris Jackson
Post by Mauricio Tavares
Unless your openldap is running as root (which it shouldn't), it won't
be able to write to the logfile, as only the user root has permissions
to do this.
Make sure your ldap user can write to this file.
-----Oorspronkelijk bericht-----
Verzonden: dinsdag 1 maart 2011 15:18
Aan: openldap-technical
Onderwerp: openldap does not want to write log files?
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.
local4.info                                     /var/log/ldap.log
local4.err                                      /var/log/ldap.log
local4.notice                                   /var/log/ldap.log
which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
and in the slapd.conf file I have
loglevel        11560
logfile         /var/log/slapd.log
which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,
-rw-------   1 root     sys            0 Mar  1 07:39 slapd.log
When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
-rw-------   1 root     sys            0 Mar  1 07:40 slapd.log
Anything I am missing here?
--
--
Brett @Google
2011-03-01 14:55:43 UTC
Permalink
you are missing local4.debug in your syslog.conf, syslog messages are
logged at DEBUG level by default, unless you say otherwise.

" -s syslog-level
This option tells slapd at what level debugging statements
should be logged to the syslog(8) facility. The value "sys-
log-level" can be set to any value or combination allowed by the
"-d" switch. Slapd logs all messages selected by "syslog-level"
at the syslog(3) severity level "DEBUG", on the unit specified
with "-l".
"

dont know why the other log is not working, perhaps check you are not
writing logs as the ldap user or you need to --enable-debug during
configure ?.

Cheers
Brett
Post by Mauricio Tavares
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.
local4.info                                     /var/log/ldap.log
local4.err                                      /var/log/ldap.log
local4.notice                                   /var/log/ldap.log
which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
and in the slapd.conf file I have
loglevel        11560
logfile         /var/log/slapd.log
which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,
-rw-------   1 root     sys            0 Mar  1 07:39 slapd.log
When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
-rw-------   1 root     sys            0 Mar  1 07:40 slapd.log
Anything I am missing here?
Mauricio Tavares
2011-03-01 15:24:48 UTC
Permalink
Post by Brett @Google
you are missing local4.debug in your syslog.conf, syslog messages are
logged at DEBUG level by default, unless you say otherwise.
"       -s syslog-level
             This option tells  slapd  at  what  level  debugging  statements
             should  be  logged  to  the syslog(8) facility.  The value "sys-
             log-level" can be set to any value or combination allowed by the
             "-d" switch.  Slapd logs all messages selected by "syslog-level"
             at the syslog(3) severity level "DEBUG", on the  unit  specified
             with "-l".
"
Thanks! Now I am getting the same output as I would get if I ran
slapd in debug mode (will fine tune later now I know what I am looking
for). I honestly did not expect it, but hey I am learning something
new! =)
Post by Brett @Google
dont know why the other log is not working, perhaps check you are not
writing logs as the ldap user or you need to --enable-debug during
configure ?.
Good question, specially since now /var/log/ldap is being
written. At the same time, it barking that I did not setup monitoring
(probably need to --enable-debug and recompile):

Mar 1 09:45:09 auth slapd[12169]: [ID 468869 local4.debug]
bdb_monitor_db_open: monitoring disabled; configure monitor database
to enable

Do I need that to write to a log file defined in slapd.conf?
Post by Brett @Google
Cheers
Brett
Post by Mauricio Tavares
I am feeling rather confused here. I installed openldap in a
solaris10/sparc box but I do not seem to persuade it to write to a log
file. FYI, right now I am running slapd as root so permissions AFAIk
should not be the issue. FYI, syslog here is the old,
non-rsyslog/syslog-ng variety.
local4.info                                     /var/log/ldap.log
local4.err                                      /var/log/ldap.log
local4.notice                                   /var/log/ldap.log
which makes me think I should be covering every possible message sent
by slapd. Now /var/log/ldap.log is created as
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
and in the slapd.conf file I have
loglevel        11560
logfile         /var/log/slapd.log
which not only should mean slapd is blabbing a lot to the log file.
Also note I am telling it to write to /var/log/slapd.log,
-rw-------   1 root     sys            0 Mar  1 07:39 slapd.log
When I start slapd (after restarting syslog just in case), nothing is
written to those two log files. In fact, the only clue that something
-rw-------   1 root     sys            0 Feb 28 16:21 ldap.log
-rw-------   1 root     sys            0 Mar  1 07:40 slapd.log
Anything I am missing here?
Brett Maxfield
2011-03-01 23:53:41 UTC
Permalink
Post by Mauricio Tavares
Post by Brett @Google
dont know why the other log is not working, perhaps check you are not
writing logs as the ldap user or you need to --enable-debug during
configure ?.
Good question, specially since now /var/log/ldap is being
written. At the same time, it barking that I did not setup monitoring
It just wants "Database monitor" at the end of your slapd.conf, and it will stop complaining.
Post by Mauricio Tavares
Mar 1 09:45:09 auth slapd[12169]: [ID 468869 local4.debug]
bdb_monitor_db_open: monitoring disabled; configure monitor database
to enable
Do I need that to write to a log file defined in slapd.conf?
Not related, the monitoring backend you access via ldap, gives statistics of slapd operations. Can be very useful for monitoring health of your ldap server the number of queries etc.,

I'd also make sure your log file is writable by the ldap user. Although i think you only need the one log anyway, they probably contain similar stuff, so you double the overhead of writing logs.

Cheers
Brett
Loading...