Data Governance Server Documentation Index
Configuration Reference Home

LDAP SDK Debug Logger

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The LDAP SDK Debug Logger may be used to capture and record debug messages generated by the UnboundID LDAP SDK for Java.

Relations from This Component
Properties
dsconfig Usage

Relations from This Component

The following components have a direct aggregation relation from LDAP SDK Debug Logger:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description ↓ time-interval
↓ enabled ↓ auto-flush
↓ log-file ↓ asynchronous
↓ debug-level ↓ queue-size
↓ debug-type ↓ buffer-size
↓ include-stack-trace ↓ compression-mechanism
↓ log-file-permissions
↓ append
↓ rotation-policy
↓ rotation-listener
↓ retention-policy
↓ sign-log
↓ encrypt-log
↓ encryption-settings-definition-id
↓ timestamp-precision
↓ logging-error-behavior

Basic Properties

description

Description
A description for this LDAP SDK Debug Logger
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether this LDAP SDK Debug Logger is enabled.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

log-file

Description
The path and base name of the file to use for log files generated by this LDAP SDK Debug Logger. The path may be either absolute or relative to the server root.
Default Value
ldap-sdk-debug
Allowed Values
A filesystem path
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

debug-level

Description
The minimum debug level that should be used for messages to be logged.
Default Value
info
Allowed Values
severe - Indicates that error messages should be logged.

warning - Indicates that warning and error messages should be logged.

info - Indicates that info, warning, and error messages should be logged.

config - Indicates that config, info, warning, and error messages should be logged.

fine - Indicates that fine, config, info, warning, and error messages should be logged.

finer - Indicates that finer, fine, config, info, warning, and error messages should be logged.

finest - Indicates that finest, finer, fine, config, info, warning, and error messages should be logged.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

debug-type

Description
The types of debug messages that should be logged.
Default Value
coding-error
connect
exception
ldap
Allowed Values
asn1 - Indicates that messages related to ASN.1 encoding and decoding should be logged.

coding-error - Indicates that messages related to incorrect use of the LDAP SDK should be logged.

connect - Indicates that messages related to connection establishment and termination should be logged.

exception - Indicates that messages related to exceptions that were caught within the LDAP SDK should be logged.

ldap - Indicates that messages related to LDAP communication should be logged.

ldif - Indicates that messages related to LDIF encoding and decoding should be logged.

monitor - Indicates that messages related to monitor entry retrieval and parsing should be logged.

other - Indicates that all other messages not covered by any other message type should be logged.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

include-stack-trace

Description
Indicates whether a stack trace of the thread which called the debug method should be included in debug log messages.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

log-file-permissions

Description
The UNIX permissions of the log files created by this LDAP SDK Debug Logger.
Default Value
600
Allowed Values
A valid UNIX mode string. The mode string must contain three digits between zero and seven.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

append

Description
Specifies whether to append to existing log files.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

rotation-policy

Description
The rotation policy to use for the LDAP SDK Debug Logger . When multiple policies are used, rotation will occur if any policy's conditions are met.
Default Value
No rotation policy is used and log rotation will not occur.
Allowed Values
The DN of any Log Rotation Policy.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

rotation-listener

Description
A listener that should be notified whenever a log file is rotated out of service.
Default Value
None
Allowed Values
The DN of any Log File Rotation Listener. If this LDAP SDK Debug Logger is enabled, then the associated log file rotation listener must also be enabled.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

retention-policy

Description
The retention policy to use for the LDAP SDK Debug Logger . When multiple policies are used, log files are cleaned when any of the policy's conditions are met.
Default Value
No retention policy is used and log files are never cleaned.
Allowed Values
The DN of any Log Retention Policy.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

sign-log

Description
Indicates whether the log should be cryptographically signed so that the log content cannot be altered in an undetectable manner. Log file signatures can be validated using the validate-file-signature tool provided with the server.
Note that when enabling signing for a logger that already exists and was enabled without signing, the first log file will not be completely verifiable because it will still contain unsigned content from before signing was enabled. Only log files whose entire content was written with signing enabled will be considered completely valid.
For the same reason, if a log file is still open for writing, then signature validation will not indicate that the log is completely valid because the log will not include the necessary "end signed content" indicator at the end of the file.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
The LDAP SDK Debug Logger must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

encrypt-log (Read-Only)

Description
Indicates whether log files should be encrypted so that their content is not available to unauthorized users. If this property is configured with a value of true, then log data will be encrypted using a key generated from an encryption settings definition. If the encryption-settings-definition-id property has a value, then the specified encryption settings definition will be used; otherwise, the server's preferred encryption settings definition will be used. For best compatibility, you should use an encryption settings definition that was created from a user-supplied passphrase, so that passphrase can be used to decrypt its content.
If this property is configured with a value of false, then log data will not be encrypted.
Encrypted log files can be decrypted on the command line with the encrypt-file tool (using the --decrypt argument). Encrypted log files can be accessed programmatically using the com.unboundid.util.PassphraseEncryptedInputStream class in the UnboundID LDAP SDK for Java.
If a log file is to be encrypted, then you will also likely want to enable compression (by giving the compression-mechanism property a value of 'gzip'). This will reduce the amount of data that needs to be encrypted, and will also dramatically reduce the size of the log files that are generated.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
The LDAP SDK Debug Logger must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

encryption-settings-definition-id

Description
Specifies the ID of the encryption settings definition that should be used to encrypt the data. If this is not provided, the server's preferred encryption settings definition will be used. The "encryption-settings list" command can be used to obtain a list of the encryption settings definitions available in the server.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

timestamp-precision

Description
Specifies the smallest time unit to be included in timestamps.
Default Value
milliseconds
Allowed Values
seconds - Timestamps will be precise to the nearest second.

milliseconds - Timestamps will be precise to the nearest millisecond.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

logging-error-behavior

Description
Specifies the behavior that the server should exhibit if an error occurs during logging processing.
Default Value
standard-error
Allowed Values
standard-error - Write a message to standard error in the event of a logging failure.

lockdown-mode - Place the server in lockdown mode in the event of a logging failure.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

time-interval (Advanced Property)

Description
Specifies the interval at which to check whether the log files need to be rotated.
Default Value
5s
Allowed Values
A duration. Lower limit is 1 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

auto-flush (Advanced Property)

Description
Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

asynchronous (Advanced Property)

Description
Indicates whether the LDAP SDK Debug Logger will publish records asynchronously.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

queue-size (Advanced Property)

Description
The maximum number of log records that can be stored in the asynchronous queue. The server will continuously flush messages from the queue to the log. That is, it does not wait for the queue to fill up before flushing to the log. Lowering this value can impact performance.
Default Value
10000
Allowed Values
An integer value. Lower limit is 1000. Upper limit is 100000 .
Multi-Valued
No
Required
No
Admin Action Required
The LDAP SDK Debug Logger must be restarted if this property is changed and the asynchronous property is set to true.

buffer-size (Advanced Property)

Description
Specifies the log file buffer size.
Default Value
64kb
Allowed Values
A positive integer representing a size. Lower limit is 1.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

compression-mechanism (Advanced Property, Read-Only)

Description
Specifies the type of compression (if any) to use for log files that are written. Note that this setting cannot be changed once the logger has been created, because of the possibility of mixing compressed and uncompressed data in the same file. Further, because it is difficult to append to a compressed file, any existing active log file will automatically be rotated when the server is started.
If compressed logging is used, it may also be desirable to have another logger enabled that does not use compression. The rotation and retention policies for the uncompressed logger can be configured to minimize the amount of space it consumes, but having ready access to information about recent operations in uncompressed form may be convenient for debugging purposes. Alternately, you could consider having the uncompressed logger defined but not enabled so that it can be turned on as needed for debugging such problems.
Default Value
none
Allowed Values
none - No compression will be performed.

gzip - Compress file data using gzip with the default compression level. If this compression level is specified, then files will automatically be given a ".gz" extension.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To view the LDAP SDK Debug Logger configuration:

dsconfig get-ldap-sdk-debug-logger-prop
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the LDAP SDK Debug Logger configuration:

dsconfig set-ldap-sdk-debug-logger-prop
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...