Definition: Access Log
The Directory Server access log provides a mechanism for keeping track of every operation processed by the server, including every request received and response returned. It may also be used to obtain information about the internal operations performed within the server.
Sun OpenDS SE provides an extensible framework for implementing access loggers (as well as error and debug loggers). The default access control log implementation writes information to a log file with two records per operation. The first record reflects the request received from the client and the second provides information about the result of the operation processing.
All messages will include a common set of elements including:
- The time that the message was logged.
- The type of operation being processed.
- The connection ID of the client connection that requested the operation.
- The operation ID of the operation on that client connection.
- The message ID of the LDAP message used to request the operation.
For abandon operations, request log messages include the message ID of the message to abandon. There is no response to an abandon operation, but the server will nevertheless log a result message indicating whether the abandon was successful and the processing time in milliseconds.
For add operations, request log messages include the DN of the entry to add. The response log message may include the result code, diagnostic message, matched DN, the authorization ID for the operation, and the processing time in milliseconds.
For bind operations, request log messages include the authentication type (either "SIMPLE" or "SASL" followed by the mechanism name) and the bind DN. The response log message may include the result code, diagnostic message, matched DN, authentication ID, authorization ID, and processing time in milliseconds.
For compare operations, request log messages include the target entry DN and the attribute type. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.
For delete operations, request log messages include the target entry DN. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.
For extended operations, request log messages include the OID for the extended reqeust. The response log message may include the OID of the extended response, the result code, diagnostic message, matched DN, and the processing time in milliseconds.
For modify operations, request log messages include the target entry DN. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.
For modify DN operations, request log messages include the target entry DN, the new RDN, a flag indicating whether to delete the old RDN values, and the new superior DN. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.
For search operations, request log messages include the search base DN, scope, filter, and search attributes. The response log message may include the result code, number of entries returned, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.
For unbind operations, the request message will simply indicate that an unbind request has been received. There is no response to an unbind request, and no result log message.
Sign up or Log in to add a comment or watch this page.