Hi Florence, I really appreciate your help so far, however I'm till not getting anywhere trying to fix this issue. I have the audit fail log enabled but after going through pages and pages logs for days I can't find any cause for the error. I think I'll just need to cut my losses and reinstall and start from scratch. :(
Thanks Charles On Sat, 12 Mar 2022 at 01:10, Florence Blanc-Renaud <[email protected]> wrote: > > Hi, > > in order to log failing operations in the audit log, you need to configure > nsslapd-auditfaillog-logging-enabled: on in the entry cn=config, please see > https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_auditfaillog_logging_enabled_Audit_Fail_Log_Enable_Logging > > flo > > On Fri, Mar 11, 2022 at 12:15 AM Charles P <[email protected]> wrote: >> >> Hi >> >Just a note: can you confirm that the messages are in the error log >> (/var/log/dirsrv/slapd-DOMAIN/errors), not in the audit >> (/var/log/slapd-<DOMAIN>/audit)? >> Correct - those messages were in /var/log/dirsrv/slapd-DOMAIN/errors. >> >> >Those messages are normal and can also be seen on my instance (without any >> >schema extension). >> Ok good to know, thanks. >> >> For some reason the Audit log doesn't seem to get _any_ messages at >> all when I try to create a new user, however when I change the error >> log logging level I do get messages in the audit log like below - so >> the logfile seems to be working: >> >> /var/log/dirsrv/slapd-[DOMAIN]-NET/audit >> -----------------------8<------------------------------------ >> time: 20220311092419 >> dn: cn=config >> result: 0 >> changetype: modify >> replace: nsslapd-errorlog-level >> nsslapd-errorlog-level: 128 >> - >> replace: modifiersname >> modifiersname: cn=directory manager >> - >> replace: modifytimestamp >> modifytimestamp: 20220310225419Z >> - >> -----------------------8<------------------------------------ >> >> >Aren't there any additional logs after those messages? What is in >> >/var/log/dirsrv/slapd-<DOMAIN>/audit if you enable audit log? >> Not when I try to create a new user, no. >> Here's the settings matching "audit" - is there a log "level" setting >> for the audit log, or is it just "on" and "off"? Have I enabled audit >> logging correctly? >> >> nsslapd-auditlog-mode: 600 >> nsslapd-auditlog-logrotationsync-enabled: off >> nsslapd-auditlog-logrotationsynchour: 0 >> nsslapd-auditlog-logrotationsyncmin: 0 >> nsslapd-auditlog-logrotationtime: 1 >> nsslapd-auditlog-logmaxdiskspace: 100 >> nsslapd-auditlog-maxlogsize: 100 >> nsslapd-auditlog-logexpirationtime: 1 >> nsslapd-auditlog-logrotationtimeunit: week >> nsslapd-auditlog-maxlogsperdir: 2 >> nsslapd-auditlog-logging-enabled: on >> nsslapd-auditlog-logging-hide-unhashed-pw: on >> nsslapd-auditlog-logexpirationtimeunit: month >> nsslapd-auditlog-logminfreediskspace: 5 >> nsslapd-auditlog: /var/log/dirsrv/slapd-[DOMAIN]-NET/audit >> nsslapd-auditfaillog-mode: 600 >> nsslapd-auditfaillog-logrotationsync-enabled: off >> nsslapd-auditfaillog-logrotationsynchour: 0 >> nsslapd-auditfaillog-logrotationsyncmin: 0 >> nsslapd-auditfaillog-logrotationtime: 1 >> nsslapd-auditfaillog-logmaxdiskspace: 100 >> nsslapd-auditfaillog-maxlogsize: 100 >> nsslapd-auditfaillog-logexpirationtime: 1 >> nsslapd-auditfaillog-maxlogsperdir: 2 >> nsslapd-auditfaillog-logging-enabled: off >> nsslapd-auditfaillog-logging-hide-unhashed-pw: on >> nsslapd-auditfaillog-logexpirationtimeunit: month >> nsslapd-auditfaillog-logminfreediskspace: 5 >> nsslapd-auditfaillog-logrotationtimeunit: week >> nsslapd-auditfaillog: /var/log/dirsrv/slapd-[DOMAIN]-NET/audit >> nsslapd-auditlog-list: /var/log/dirsrv/slapd-[DOMAIN >> ]-NET/audit.20211228-1609 >> nsslapd-auditfaillog-list: >> >> Thanks again! Really appreciate your time and support. >> _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
