Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-9213: How to have ldapproxy log to syslog without addebug on

Authentication Service ,  

27 September,17 at 06:30 PM


Is it possible to have Centrify Ldapproxy log to a specific syslog file without having Centrify debug logging turned on?


Yes. It is possible to have a specific log for ldapproxy without having Centrify debug (addebug) logging turned on.

Here are the steps on how that can be accomplished:

As root or root equivalent user:
    1. Edit the /etc/rsyslog.conf

    2. Add the following 
     :programname, contains, "slapd" -/var/log/ldap.log
Programname is the process/app found in logs that usually has a pid after it. ie, slapd[767] would be slapd.
The - (dash) sign in front of the /var/log/ldap.log, is used to put the log writing process in async mode, so that Rsyslog can proceed with other filtering and won't wait for disk I/O to confirm a successful write before proceeding to something else.

    3. Save file.

    4. Restart rsyslog.

        service rsyslog restart

The log level can be controlled by the loglevel setting in the /etc/centrifydc/openldap/slapd.conf

After adjusting the loglevel in the /etc/centrifydc/openldap/slapd.conf, restart centrify-ldapproxy.

    service centrify-ldapproxy restart

Additional info:

To see the loglevels for slapd, see following link, under section, loglevel <level>

(All links are provided as a courtesy and Centrify takes no responsibility for the availability or content of those links)