Question:Is it possible to have Centrify Ldapproxy log to a specific syslog file without having Centrify debug logging turned on?
Answer:Yes. It is possible to have a specific log for ldapproxy without having Centrify debug (addebug) logging turned on.
Here are the steps on how that can be accomplished:
As root or root equivalent user:
1. Edit the /etc/rsyslog.conf
2. Add the following
#LDAP
:programname, contains, "slapd" -/var/log/ldap.log
Programname is the process/app found in logs that usually has a pid after it. ie, slapd[767] would be slapd.
The - (dash) sign in front of the /var/log/ldap.log, is used to put the log writing process in async mode, so that Rsyslog can proceed with other filtering and won't wait for disk I/O to confirm a successful write before proceeding to something else.
3. Save file.
4. Restart rsyslog.
service rsyslog restart
The log level can be controlled by the loglevel setting in the /etc/centrifydc/openldap/slapd.conf
After adjusting the loglevel in the /etc/centrifydc/openldap/slapd.conf, restart centrify-ldapproxy.
service centrify-ldapproxy restartAdditional info: To see the loglevels for slapd, see following link, under section, 6.2.1.5. loglevel <level>
https://www.openldap.org/doc/admin24/slapdconfig.html http://www.rsyslog.com/doc/v8-stable/configuration/filters.htmlhttp://blog.endpoint.com/2014/09/rsyslog-new-filtering-features.htmlhttps://www.systutorials.com/docs/linux/man/5-rsyslog.conf/ (All links are provided as a courtesy and Centrify takes no responsibility for the availability or content of those links)