Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9213: How to have ldapproxy log to syslog without addebug on

Authentication Service ,  

27 September,17 at 06:30 PM

Question:

Is it possible to have Centrify Ldapproxy log to a specific syslog file without having Centrify debug logging turned on?


Answer:

Yes. It is possible to have a specific log for ldapproxy without having Centrify debug (addebug) logging turned on.

Here are the steps on how that can be accomplished:

As root or root equivalent user:
 
    1. Edit the /etc/rsyslog.conf

    2. Add the following 
    
        #LDAP
     :programname, contains, "slapd" -/var/log/ldap.log
       
Programname is the process/app found in logs that usually has a pid after it. ie, slapd[767] would be slapd.
 
The - (dash) sign in front of the /var/log/ldap.log, is used to put the log writing process in async mode, so that Rsyslog can proceed with other filtering and won't wait for disk I/O to confirm a successful write before proceeding to something else.

    3. Save file.

    4. Restart rsyslog.

        service rsyslog restart


The log level can be controlled by the loglevel setting in the /etc/centrifydc/openldap/slapd.conf

After adjusting the loglevel in the /etc/centrifydc/openldap/slapd.conf, restart centrify-ldapproxy.

    service centrify-ldapproxy restart


Additional info:

To see the loglevels for slapd, see following link, under section, 6.2.1.5. loglevel <level>
https://www.openldap.org/doc/admin24/slapdconfig.html
 
http://www.rsyslog.com/doc/v8-stable/configuration/filters.html
http://blog.endpoint.com/2014/09/rsyslog-new-filtering-features.html
https://www.systutorials.com/docs/linux/man/5-rsyslog.conf/

(All links are provided as a courtesy and Centrify takes no responsibility for the availability or content of those links)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-2000: "addebug on" command fails with syslog ng installed articleKB-10824 Running addebug with /var 100% full results in syslog corruption articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-4317: How to stop INFO AUDIT_TRAIL messages that are writen to /var/log/messages without filtering them via syslog.conf on systems using syslog and not rsyslog articleIntegration of legacy platforms with Centrify Server Suite - agentless integration w/LDAP part 1