Debug Access Log Publishers provide multi-line records with detailed information about requests received and responses returned by the Directory Server. Note that because requests and responses may contain sensitive information, log files generated by this logger should be handled carefully.
The Debug Access Log Publisher component inherits from the Access Log Publisher
The following components have a direct aggregation relation from Debug Access Log Publishers:
The properties supported by this managed object are as follows:
Property Group | General Configuration |
Description | A description for this Log Publisher |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Indicates whether the Log Publisher is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Specifies the behavior that the server should exhibit if an error occurs during logging processing. |
Default Value | standard-error |
Allowed Values | standard-error - Write a message to standard error in the event of a logging failure. lockdown-mode - Place the server in lockdown mode in the event of a logging failure. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log File Management |
Description | The file name to use for the log files generated by the Debug Access Log Publisher. The path to the file can be specified either as relative to the server root or as an absolute path. |
Default Value | None |
Allowed Values | A filesystem path |
Multi-Valued | No |
Required | Yes |
Admin Action Required | The Debug Access Log Publisher must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
Property Group | Log File Management |
Description | The UNIX permissions of the log files created by this Debug Access Log Publisher. |
Default Value | 600 |
Allowed Values | A valid UNIX mode string. The mode string must contain three digits between zero and seven. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | Log File Management |
Description | The rotation policy to use for the Debug Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. |
Default Value | No rotation policy is used and log rotation will not occur. |
Allowed Values | The DN of any Log Rotation Policy. |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | Log File Management |
Description | A listener that should be notified whenever a log file is rotated out of service. |
Default Value | None |
Allowed Values | The DN of any Log File Rotation Listener. If this Debug Access Log Publisher is enabled, then the associated log file rotation listener must also be enabled. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log File Management |
Description | The retention policy to use for the Debug Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. |
Default Value | No retention policy is used and log files are never cleaned. |
Allowed Values | The DN of any Log Retention Policy. |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | Log File Management |
Description | Indicates whether the log should be cryptographically signed so that the log content cannot be altered in an undetectable manner. Log file signatures can be validated using the validate-file-signature tool provided with the server. Note that when enabling signing for a logger that already exists and was enabled without signing, the first log file will not be completely verifiable because it will still contain unsigned content from before signing was enabled. Only log files whose entire content was written with signing enabled will be considered completely valid. For the same reason, if a log file is still open for writing, then signature validation will not indicate that the log is completely valid because the log will not include the necessary "end signed content" indicator at the end of the file. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | The Debug Access Log Publisher must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
Property Group | Log File Management |
Description | Indicates whether log files should be encrypted so that their content is not available to unauthorized users. If this property is configured with a value of true, then log data will be encrypted using a key generated from an encryption settings definition. If the encryption-settings-definition-id property has a value, then the specified encryption settings definition will be used; otherwise, the server's preferred encryption settings definition will be used. For best compatibility, you should use an encryption settings definition that was created from a user-supplied passphrase, so that passphrase can be used to decrypt its content. If this property is configured with a value of false, then log data will not be encrypted. Encrypted log files can be decrypted on the command line with the encrypt-file tool (using the --decrypt argument). Encrypted log files can be accessed programmatically using the com.unboundid.util.PassphraseEncryptedInputStream class in the UnboundID LDAP SDK for Java. If a log file is to be encrypted, then you will also likely want to enable compression (by giving the compression-mechanism property a value of 'gzip'). This will reduce the amount of data that needs to be encrypted, and will also dramatically reduce the size of the log files that are generated. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | The Debug Access Log Publisher must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
encryption-settings-definition-id
Property Group | Log File Management |
Description | Specifies the ID of the encryption settings definition that should be used to encrypt the data. If this is not provided, the server's preferred encryption settings definition will be used. The "encryption-settings list" command can be used to obtain a list of the encryption settings definitions available in the server. |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log File Management |
Description | Specifies whether to append to existing log files. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about connections established to the server. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about connections that have been closed by the client or terminated by the server. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about the result of any security negotiation (e.g., SSL handshake) processing that has been performed. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about any client certificates presented to the server. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about requests received from clients. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about the results of client requests. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about the result of replication assurance processing. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about search result entries sent to the client. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about search result references sent to the client. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether to log information about intermediate responses sent to the client. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Messages To Include |
Description | Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
suppress-replication-operations
Property Group | Log Messages To Include |
Description | Indicates whether access messages that are generated by replication operations should be suppressed. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
correlate-requests-and-results
Property Group | Log Messages To Include |
Description | Indicates whether to automatically log result messages for any operation in which the corresponding request was logged. In such cases, the result, entry, and reference criteria will be ignored, although the log-responses, log-search-entries, and log-search-references properties will be honored. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Filtering Criteria |
Description | Specifies a set of connection criteria that must match the associated client connection in order for a connect, disconnect, request, or result message to be logged. |
Default Value | None |
Allowed Values | The DN of any Connection Criteria. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Filtering Criteria |
Description | Specifies a set of request criteria that must match the associated operation request in order for a request or result to be logged by this Access Log Publisher. |
Default Value | None |
Allowed Values | The DN of any Request Criteria. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Filtering Criteria |
Description | Specifies a set of result criteria that must match the associated operation result in order for that result to be logged by this Access Log Publisher. |
Default Value | None |
Allowed Values | The DN of any Result Criteria. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Filtering Criteria |
Description | Specifies a set of search entry criteria that must match the associated search result entry in order for that it to be logged by this Access Log Publisher. |
Default Value | None |
Allowed Values | The DN of any Search Entry Criteria. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Filtering Criteria |
Description | Specifies a set of search reference criteria that must match the associated search result reference in order for that it to be logged by this Access Log Publisher. |
Default Value | None |
Allowed Values | The DN of any Search Reference Criteria. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Message Elements To Include |
Description | Indicates whether the resulting log file should attempt to obscure content that may be considered sensitive. This primarily includes the credentials for bind requests, the values of password modify extended requests and responses, and the values of any attributes specified in the obscure-attribute property. Note that the use of this option does not guarantee no sensitive information will be exposed, so the log output should still be carefully guarded. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Log Message Elements To Include |
Description | Specifies the names of any attribute types that should have their values obscured if the obscure-sensitive-content property has a value of true. |
Default Value | userPassword authPassword |
Allowed Values | The name or OID of an attribute type defined in the server schema. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
compression-mechanism (Advanced Property, Read-Only)
Property Group | Log File Management |
Description | Specifies the type of compression (if any) to use for log files that are written. Note that this setting cannot be changed once the logger has been created, because of the possibility of mixing compressed and uncompressed data in the same file. Further, because it is difficult to append to a compressed file, any existing active log file will automatically be rotated when the server is started. If compressed logging is used, it may also be desirable to have another logger enabled that does not use compression. The rotation and retention policies for the uncompressed logger can be configured to minimize the amount of space it consumes, but having ready access to information about recent operations in uncompressed form may be convenient for debugging purposes. Alternately, you could consider having the uncompressed logger defined but not enabled so that it can be turned on as needed for debugging such problems. |
Default Value | none |
Allowed Values | none - No compression will be performed. gzip - Compress file data using gzip with the default compression level. If this compression level is specified, then files will automatically be given a ".gz" extension. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
debug-aci-enabled (Advanced Property)
Property Group | Log Message Elements To Include |
Description | Indicates whether to include debugging information about ACIs being used by the operations being logged. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
asynchronous (Advanced Property)
Property Group | Other Configuration |
Description | Indicates whether the Debug Access Log Publisher will publish records asynchronously. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
auto-flush (Advanced Property)
Property Group | Other Configuration |
Description | Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
buffer-size (Advanced Property)
Property Group | Other Configuration |
Description | Specifies the log file buffer size. |
Default Value | 64kb |
Allowed Values | A positive integer representing a size. Lower limit is 1. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
queue-size (Advanced Property)
Property Group | Other Configuration |
Description | The maximum number of log records that can be stored in the asynchronous queue. The server will continuously flush messages from the queue to the log. That is, it does not wait for the queue to fill up before flushing to the log. Lowering this value can impact performance. |
Default Value | 10000 |
Allowed Values | An integer value. Lower limit is 1000. Upper limit is 100000 . |
Multi-Valued | No |
Required | No |
Admin Action Required | The Debug Access Log Publisher must be restarted if this property is changed and the asynchronous property is set to true. |
time-interval (Advanced Property)
Property Group | Other Configuration |
Description | Specifies the interval at which to check whether the log files need to be rotated. |
Default Value | 5s |
Allowed Values | A duration. Lower limit is 1 milliseconds. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Log Publishers:
dsconfig list-log-publishers [--property {propertyName}] ...
To view the configuration for an existing Log Publisher:
dsconfig get-log-publisher-prop --publisher-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Log Publisher:
dsconfig set-log-publisher-prop --publisher-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Debug Access Log Publisher:
dsconfig create-log-publisher --publisher-name {name} --type debug --set enabled:{propertyValue} --set log-file:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Log Publisher:
dsconfig delete-log-publisher --publisher-name {name}