Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-80252

[RFE] Structured (JSON) logging option for RHDS access and error logs

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-10.1
    • None
    • 389-ds-base
    • 389-ds-base-3.1.3-3.el10
    • None
    • ZStream
    • rhel-idm-ds
    • 20
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Regression Exception
    • Hide

      dirsrvtests/tests/suites/logging/access_json_logging_test.py
      dirsrvtests/tests/suites/logging/error_json_logging_test.py

      Show
      dirsrvtests/tests/suites/logging/access_json_logging_test.py dirsrvtests/tests/suites/logging/error_json_logging_test.py
    • Pass
    • Automated
    • Enhancement
    • Hide
      .JSON format is available for the access and error logs in `389-ds-base`

      With this update, you can use the following commands to configure JSON format for the access and error log files:

      [subs="+quotes"]
      ----
      # *dsconf __<instance_name>__ logging access set log-format json*
      # *dsconf __<instance_name>__ logging error set log-format json*
      ----

      These commands set the `nsslapd-accesslog-log-format` or `nsslapd-errorlog-json-format` configuration attributes to `json`. As a result, access and error logging becomes more consumable by standard parsing tools.

      Note that when you change the format setting, Directory Server rotates the current log file.
      Show
      .JSON format is available for the access and error logs in `389-ds-base` With this update, you can use the following commands to configure JSON format for the access and error log files: [subs="+quotes"] ---- # *dsconf __<instance_name>__ logging access set log-format json* # *dsconf __<instance_name>__ logging error set log-format json* ---- These commands set the `nsslapd-accesslog-log-format` or `nsslapd-errorlog-json-format` configuration attributes to `json`. As a result, access and error logging becomes more consumable by standard parsing tools. Note that when you change the format setting, Directory Server rotates the current log file.
    • Done
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      (Copied from case verbatim)

      Given the newer security log is in a JSON format, could we consider an optional access logging format that would consolidate relevant log information into a structured format? I wouldn't even necessarily suggest this become a default change, but first an option to change to this style of logging.

      Example: If there is RESULT entry from a bind failure, I have to find the corresponding BIND operation line to find the DN, and then find the first line for the host's "conn=" to find the source IP. Having certain details repeated (like the connection IP in addition to the internal connection number), is a substantial improvement in usability at the cost of some increased disk IO and storage.

      (Simiarly, high etime (unindexed) searches can have many other log entries between the SRCH line and the RESULT line.)

              rhn-engineering-mareynol Mark Reynolds
              rhn-support-ccallaha Chance Callahan
              IdM DS Dev IdM DS Dev
              IdM DS QE IdM DS QE
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: