Metrics Engine Documentation Index
Configuration Reference Home

File Based Audit Log Publisher

File Based Audit Log Publishers publish audit messages to the file system.

Parent Component
Relations from This Component
Properties
dsconfig Usage

Parent Component

The File Based Audit Log Publisher component inherits from the Log Publisher

Relations from This Component

The following components have a direct aggregation relation from File Based Audit Log Publishers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description ↓ auto-flush
↓ enabled ↓ asynchronous
↓ suppress-internal-operations ↓ queue-size
↓ suppress-replication-operations ↓ time-interval
↓ log-security-negotiation ↓ buffer-size
↓ log-intermediate-responses ↓ compression-mechanism
↓ connection-criteria ↓ include-thread-id
↓ request-criteria
↓ result-criteria
↓ timestamp-precision
↓ log-file
↓ log-file-permissions
↓ append
↓ rotation-policy
↓ retention-policy
↓ sign-log
↓ include-instance-name
↓ include-startup-id
↓ include-requester-ip-address
↓ use-reversible-form
↓ obscure-attribute
↓ exclude-attribute

Basic Properties

description

Description
A description for this Log Publisher
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Log Publisher is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

suppress-internal-operations

Description
Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-replication-operations

Description
Indicates whether access messages that are generated by replication operations should be suppressed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-security-negotiation

Description
Indicates whether to log information about the result of any security negotiation (e.g., SSL handshake) processing that has been performed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-intermediate-responses

Description
Indicates whether to log information about intermediate responses sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

connection-criteria

Description
Specifies a set of connection criteria that must match the associated client connection in order for a connect, disconnect, request, or result message to be logged.
Default Value
None
Allowed Values
The DN of any Connection Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

request-criteria

Description
Specifies a set of request criteria that must match the associated operation request in order for a request or result to be logged by this Log Publisher.
Default Value
None
Allowed Values
The DN of any Request Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

result-criteria

Description
Specifies a set of result criteria that must match the associated operation result in order for that result to be logged by this Log Publisher.
Default Value
None
Allowed Values
The DN of any Result Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

timestamp-precision

Description
Specifies the smallest time unit to be included in timestamps.
Default Value
milliseconds
Allowed Values
seconds - Timestamps will be precise to the nearest second.

milliseconds - Timestamps will be precise to the nearest millisecond.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-file

Description
The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file can be specified either as relative to the server root or as an absolute path.
Default Value
None
Allowed Values
Unknown
Multi-Valued
No
Required
Yes
Admin Action Required
The File Based Audit Log Publisher must be disabled and re-enabled for changes to this setting to take effect. This modification requires that you disable and then re-enable this component for the change to take effect

log-file-permissions

Description
The UNIX permissions of the log files created by this File Based Audit Log Publisher.
Default Value
640
Allowed Values
A valid UNIX mode string. The mode string must contain three digits between zero and seven.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

append

Description
Specifies whether to append to existing log files.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

rotation-policy

Description
The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met.
Default Value
No rotation policy is used and log rotation will not occur.
Allowed Values
The DN of any Log Rotation Policy.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

retention-policy

Description
The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met.
Default Value
No retention policy is used and log files are never cleaned.
Allowed Values
The DN of any Log Retention Policy.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

sign-log

Description
Indicates whether the log should be cryptographically signed so that the log content cannot be altered in an undetectable manner. Log file signatures can be validated using the validate-file-signature tool provided with the server.
Note that when enabling signing for a logger that already exists and was enabled without signing, the first log file will not be completely verifiable because it will still contain unsigned content from before signing was enabled. Only log files whose entire content was written with signing enabled will be considered completely valid.
For the same reason, if a log file is still open for writing, then signature validation will not indicate that the log is completely valid because the log will not include the necessary "end signed content" indicator at the end of the file.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
The File Based Audit Log Publisher must be disabled and re-enabled for changes to this setting to take effect. This modification requires that you disable and then re-enable this component for the change to take effect

include-instance-name

Description
Indicates whether log messages should include the instance name for the Metrics Engine.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-startup-id

Description
Indicates whether log messages should include the startup ID for the Metrics Engine, which is a value assigned to the server instance at startup and may be used to identify when the server has been restarted.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-ip-address

Description
Indicates whether log messages for operation requests should include the IP address of the client that requested the operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

use-reversible-form

Description
Indicates whether the audit log should be written in reversible form so that it is possible to revert the changes if desired. If this property is set true then the audit log is written in reversible form. For delete operations there will be comments with the contents of the entry. For modify operations the changes will only contain delete of the previous values and add of the new values (omitting those that didn't change). For modify DN operations there will be comments with the attribute additions or deletions, if any, caused by the RDN change.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

obscure-attribute

Description
Specifies the names of any attribute types that should have their values obscured in the audit log because they may be considered sensitive. Note that values are not obscured from any DN.
Default Value
No attribute types have their values obscured in the audit log.
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

exclude-attribute

Description
Specifies the names of any attribute types that should be excluded from the audit log.
Default Value
ds-sync-hist
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

auto-flush (Advanced Property)

Description
Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

asynchronous (Advanced Property)

Description
Indicates whether the File Based Audit Log Publisher will publish records asynchronously.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

queue-size (Advanced Property)

Description
The maximum number of log records that can be stored in the asynchronous queue. The server will continuously flush messages from the queue to the log. That is, it does not wait for the queue to fill up before flushing to the log. Lowering this value can impact performance.
Default Value
10000
Allowed Values
An integer value. Lower limit is 1000. Upper limit is 100000 .
Multi-Valued
No
Required
No
Admin Action Required
The File Based Audit Log Publisher must be restarted if this property is changed and the asynchronous property is set to true.

time-interval (Advanced Property)

Description
Specifies the interval at which to check whether the log files need to be rotated.
Default Value
5s
Allowed Values
A duration. Lower limit is 1 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

buffer-size (Advanced Property)

Description
Specifies the log file buffer size.
Default Value
64kb
Allowed Values
A positive integer representing a size. Lower limit is 1.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

compression-mechanism (Advanced Property, Read-Only)

Description
Specifies the type of compression (if any) to use for log files that are written. Note that this setting cannot be changed once the logger has been created, because of the possibility of mixing compressed and uncompressed data in the same file. Further, because it is difficult to append to a compressed file, any existing active log file will automatically be rotated when the server is started.
If compressed logging is used, it may also be desirable to have another logger enabled that does not use compression. The rotation and retention policies for the uncompressed logger can be configured to minimize the amount of space it consumes, but having ready access to information about recent operations in uncompressed form may be convenient for debugging purposes. Alternately, you could consider having the uncompressed logger defined but not enabled so that it can be turned on as needed for debugging such problems.
Default Value
none
Allowed Values
none - No compression will be performed.

gzip - Compress file data using gzip with the default compression level. If this compression level is specified, then files will automatically be given a ".gz" extension.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-thread-id (Advanced Property)

Description
Indicates whether log messages should include the thread ID for the Metrics Engine in each log message. This ID can be used to correlate log messages from the same thread within a single log as well as generated by the same thread across different types of log files. More information about the thread with a specific ID can be obtained using the cn=JVM Stack Trace,cn=monitor entry.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Log Publishers:

dsconfig list-log-publishers
     [--property {propertyName}] ...

To view the configuration for an existing Log Publisher:

dsconfig get-log-publisher-prop
     --publisher-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Publisher:

dsconfig set-log-publisher-prop
     --publisher-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new File Based Audit Log Publisher:

dsconfig create-log-publisher
     --publisher-name {name}
     --type {type}
     --set enabled:{propertyValue}
     --set log-file:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Log Publisher:

dsconfig delete-log-publisher
     --publisher-name {name}