Syslog Based Access Log Publisher

Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact support for assistance if you believe that you have a need to create or modify this type of object.

A legacy access log publisher that offers limited functionality and can only send unencrypted messages to a syslog server over UDP. It is only recommended for backward compatibility with older versions of the server. New deployments should use either the syslog-text-access-log-publisher or syslog-json-access-log-publisher.

Parent Component Properties dsconfig Usage

Parent Component

The Syslog Based Access Log Publisher component inherits from the Writer Based Access Log Publisher

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
 description  None
 enabled
 logging-error-behavior
Syslog Configuration Basic Properties: Advanced Properties:
 server-host-name  syslog-facility
 server-port
Log Messages To Include Basic Properties: Advanced Properties:
 log-connects  None
 log-disconnects
 log-security-negotiation
 log-client-certificates
 log-requests
 log-results
 log-assurance-completed
 log-search-entries
 log-search-references
 log-intermediate-responses
 suppress-internal-operations
 suppress-replication-operations
 correlate-requests-and-results
Filtering Criteria Basic Properties: Advanced Properties:
 connection-criteria  None
 request-criteria
 result-criteria
 search-entry-criteria
 search-reference-criteria
Log Message Elements To Include Basic Properties: Advanced Properties:
 include-product-name  include-thread-id
 include-instance-name
 include-startup-id
 include-requester-dn
 include-requester-ip-address
 include-request-details-in-result-messages
 include-request-details-in-search-entry-messages
 include-request-details-in-search-reference-messages
 include-request-details-in-intermediate-response-messages
 include-result-code-names
 include-extended-search-request-details
 include-add-attribute-names
 include-modify-attribute-names
 include-search-entry-attribute-names
 include-request-controls
 include-response-controls
 include-replication-change-id
 include-connection-details-in-request-messages
 generify-message-strings-when-possible
Other Configuration Basic Properties: Advanced Properties:
 log-field-behavior  asynchronous
 auto-flush
 max-string-length
 queue-size

Basic Properties

description

Property Group
General Configuration
Description
A description for this Log Publisher
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the Syslog Based Access Log Publisher is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
This is a legacy error log publisher that offers limited functionality and can only send unencrypted messages to a syslog server over UDP. It is only recommended for backward compatibility with older versions of the server. New deployments should use either the syslog-text-error-log-publisher or syslog-json-error-log-publisher.

logging-error-behavior

Property Group
General Configuration
Description
Specifies the behavior that the server should exhibit if an error occurs during logging processing.
Default Value
standard-error
Allowed Values
standard-error - Write a message to standard error in the event of a logging failure.

lockdown-mode - Place the server in lockdown mode in the event of a logging failure.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

server-host-name

Property Group
Syslog Configuration
Description
Specifies the hostname or IP address of the syslogd host to log to. It is highly recommend to use localhost.
Default Value
localhost
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

server-port

Property Group
Syslog Configuration
Description
Specifies the port number of the syslogd host to log to.
Default Value
514
Allowed Values
An integer value. Lower limit is 1. Upper limit is 65535 .
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

log-connects

Property Group
Log Messages To Include
Description
Indicates whether to log information about connections established to the server.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-disconnects

Property Group
Log Messages To Include
Description
Indicates whether to log information about connections that have been closed by the client or terminated by the server.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-security-negotiation

Property Group
Log Messages To Include
Description
Indicates whether to log information about the result of any security negotiation (e.g., SSL handshake) processing that has been performed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-client-certificates

Property Group
Log Messages To Include
Description
Indicates whether to log information about any client certificates presented to the server.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-requests

Property Group
Log Messages To Include
Description
Indicates whether to log information about requests received from clients.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-results

Property Group
Log Messages To Include
Description
Indicates whether to log information about the results of client requests.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-assurance-completed

Property Group
Log Messages To Include
Description
Indicates whether to log information about the result of replication assurance processing.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-search-entries

Property Group
Log Messages To Include
Description
Indicates whether to log information about search result entries sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-search-references

Property Group
Log Messages To Include
Description
Indicates whether to log information about search result references sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-intermediate-responses

Property Group
Log Messages To Include
Description
Indicates whether to log information about intermediate responses sent to the client.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-internal-operations

Property Group
Log Messages To Include
Description
Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

suppress-replication-operations

Property Group
Log Messages To Include
Description
Indicates whether access messages that are generated by replication operations should be suppressed.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

correlate-requests-and-results

Property Group
Log Messages To Include
Description
Indicates whether to automatically log result messages for any operation in which the corresponding request was logged. In such cases, the result, entry, and reference criteria will be ignored, although the log-responses, log-search-entries, and log-search-references properties will be honored.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

connection-criteria

Property Group
Filtering Criteria
Description
Specifies a set of connection criteria that must match the associated client connection in order for a connect, disconnect, request, or result message to be logged.
Default Value
None
Allowed Values
The DN of any Connection Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

request-criteria

Property Group
Filtering Criteria
Description
Specifies a set of request criteria that must match the associated operation request in order for a request or result to be logged by this Access Log Publisher.
Default Value
None
Allowed Values
The DN of any Request Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

result-criteria

Property Group
Filtering Criteria
Description
Specifies a set of result criteria that must match the associated operation result in order for that result to be logged by this Access Log Publisher.
Default Value
None
Allowed Values
The DN of any Result Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

search-entry-criteria

Property Group
Filtering Criteria
Description
Specifies a set of search entry criteria that must match the associated search result entry in order for that it to be logged by this Access Log Publisher.
Default Value
None
Allowed Values
The DN of any Search Entry Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

search-reference-criteria

Property Group
Filtering Criteria
Description
Specifies a set of search reference criteria that must match the associated search result reference in order for that it to be logged by this Access Log Publisher.
Default Value
None
Allowed Values
The DN of any Search Reference Criteria.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-product-name

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the product name for the Directory Server.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-instance-name

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the instance name for the Directory Server.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-startup-id

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the startup ID for the Directory Server, which is a value assigned to the server instance at startup and may be used to identify when the server has been restarted.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-dn

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include the DN of the authenticated user for the client connection on which the operation was requested.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-requester-ip-address

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include the IP address of the client that requested the operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-result-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation results should include information about both the request and the result. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-search-entry-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search result entries should include information about the associated search request. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-search-reference-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search result references should include information about the associated search request. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-details-in-intermediate-response-messages

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for intermediate responses should include information about the associated operation request. This option can be used to eliminate the need to log request messages, and can eliminate the need to read multiple lines in order to obtain the full set of information logged for an operation.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-result-code-names

Property Group
Log Message Elements To Include
Description
Indicates whether result log messages should include human-readable names for result codes in addition to their numeric values.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-extended-search-request-details

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search requests should include extended information from the request, including the requested size limit, time limit, alias dereferencing behavior, and types only behavior.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-add-attribute-names

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for add requests should include a list of the names of the attributes included in the entry to add.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-modify-attribute-names

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for modify requests should include a list of the names of the attributes to be modified.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-search-entry-attribute-names

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for search result entries should include a list of the names of the attributes included in the entry that was returned.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-request-controls

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation requests should include a list of the OIDs of any controls included in the request.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-response-controls

Property Group
Log Message Elements To Include
Description
Indicates whether log messages for operation results should include a list of the OIDs of any controls included in the result.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-replication-change-id

Property Group
Log Message Elements To Include
Description
Indicates whether to log information about the replication change ID. The replication change ID uniquely identifies an update operation. When enabled on all replicas in the replication topology, it can be used to trace updates from the origin replica to all other replicas.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

include-connection-details-in-request-messages

Property Group
Log Message Elements To Include
Description
Indicates whether to log connection details in request messages, including, where applicable, the client IP address and port, the server IP address and port, and the communication protocol.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

generify-message-strings-when-possible

Property Group
Log Message Elements To Include
Description
Indicates whether to use generified version of certain message strings, including diagnostic messages, additional information messages, authentication failure reasons, and disconnect messages. Generified versions of those strings may use placeholders (like %s for a string or %d for an integer) rather than the version of the string with those placeholders replaced with specific values. Using generified versions of message strings may make those messages somewhat less useful since context-specific detail will not be included in the log message, but they may improve privacy and security because any potentially sensitive information will have been redacted.
Note that in some cases, it may not be possible to completely generify message strings. For example, it is not possible to generify messages that originate outside the server codebase (like messages generated by a third-party library or received from an external service).
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

log-field-behavior

Property Group
Other Configuration
Description
The behavior to use for determining which fields to log and whether to transform the values of those fields in any way.
Default Value
None
Allowed Values
The DN of any Text Access Log Field Behavior.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

syslog-facility (Advanced Property)

Property Group
Syslog Configuration
Description
Specifies the syslog facility to use for this Syslog Based Access Log Publisher Enter a syslog facility code from the list
  • 0 : kernel messages
  • 1 : user-level messages
  • 2 : mail system
  • 3 : system daemons
  • 4 : security/authorization messages
  • 5 : messages generated internally by syslogd
  • 6 : line printer subsystem
  • 7 : network news subsystem
  • 8 : UUCP subsystem
  • 9 : clock daemon
  • 10 : security/authorization messages
  • 11 : FTP daemon
  • 12 : NTP subsystem
  • 13 : log audit
  • 14 : log alert
  • 15 : clock daemon
  • 16 : local use 0
  • 17 : local use 1
  • 18 : local use 2
  • 19 : local use 3
  • 20 : local use 4
  • 21 : local use 5
  • 22 : local use 6
  • 23 : local use 7

Default Value
1
Allowed Values
An integer value. Lower limit is 0. Upper limit is 23 .
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

include-thread-id (Advanced Property)

Property Group
Log Message Elements To Include
Description
Indicates whether log messages should include the thread ID for the Directory Server in each log message. This ID can be used to correlate log messages from the same thread within a single log as well as generated by the same thread across different types of log files. More information about the thread with a specific ID can be obtained using the cn=JVM Stack Trace,cn=monitor entry.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

asynchronous (Advanced Property)

Property Group
Other Configuration
Description
Indicates whether the Writer Based Access Log Publisher will publish records asynchronously.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

auto-flush (Advanced Property)

Property Group
Other Configuration
Description
Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

max-string-length (Advanced Property)

Property Group
Other Configuration
Description
Specifies the maximum number of characters that may be included in any string in a log message before that string is truncated and replaced with a placeholder indicating the number of characters that were omitted. This can help prevent extremely long log messages from being written. A value of zero indicates that no limit will be imposed.
Default Value
500
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

queue-size (Advanced Property)

Property Group
Other Configuration
Description
The maximum number of log records that can be stored in the asynchronous queue. The server will continuously flush messages from the queue to the log. That is, it does not wait for the queue to fill up before flushing to the log. Lowering this value can impact performance.
Default Value
10000
Allowed Values
An integer value. Lower limit is 1000. Upper limit is 100000 .
Multi-Valued
No
Required
No
Admin Action Required
The Writer Based Access Log Publisher must be restarted if this property is changed and the asynchronous property is set to true.


dsconfig Usage

To list the configured Log Publishers:

dsconfig list-log-publishers
     [--property {propertyName}] ...

To view the configuration for an existing Log Publisher:

dsconfig get-log-publisher-prop
     --publisher-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Log Publisher:

dsconfig set-log-publisher-prop
     --publisher-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Syslog Based Access Log Publisher:

dsconfig create-log-publisher
     --publisher-name {name}
     --type {type}
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Log Publisher:

dsconfig delete-log-publisher
     --publisher-name {name}