How to Automate eDirectory logging on Solaris with Retention

Novell Cool Solutions: Trench
By Patrick Dooley

Digg This - Slashdot This

Posted: 20 Jan 2004

eDirectory comes with ndstrace which is useful to diagnose problems, but unfortunately, it overwrites its logfile, so it's not very useful for auditing ldap authentications, queries, etc. Here's how I do it.

SOLUTION: First, you have to decide what you want in your logfile, so load ndstrace and turn on the flags that you want captured in your logs. (I turn off everything but ldap). Type in exit; that should save your ndstrace settings for subsequent launches.

Create a script called edirlog.sh. with the following contents:

<-----SCRIPT BEGIN------------>
#! /bin/ksh
#First, define where we want to store the log files, and how to name them.

FNAME=$BASE_DIR/$(date +%Y%m%d-%H%M%S)-${SNAME}

#If the directories don't exist, let's create them.

if [ ! -d ${BASE_DIR} ]; then
mkdir ${BASE_DIR}

if [ ! -d ${BASE_DIR}/archive ]; then
mkdir ${BASE_DIR}/archive

#Let's check to see if ndstrace is already loaded, if so, unload it.

ps -ef|grep ndstrace|grep -v grep
if  [ $? -eq 0 ]; then
ndstrace -u

#Archive the last log file, fire up the new logfile.
mv ${BASE_DIR}/*.log ${BASE_DIR}/archive
nohup ndstrace -l >${FNAME}.log &
cd ${BASE_DIR}/archive
for i in `ls|grep .log|grep -v gz`; do gzip $i; done
<------SCRIPT END--------->

Now, you need to modify the /etc/init.d/ndsd startup script to automate the whole thing. In the StartNdsd () function, you need to launch your script. Here's what mine looks like:

# Start the ndsd daemon

StartNdsd () {


    if [ -f $sbindir/ndsd ]; then
                echo `gettext nds "Starting NDS Server..."`
 LD_PRELOAD=$ld_preload $sbindir/ndsd
# $sbindir/ndsd
# $sbindir/ndsd
                if [ "$?" -ne 0 ]; then
                        echo `gettext nds "NDS Server startup failed."`
                        echo `gettext nds "Look for $localstatedir/ndsd.log for informat
                        exit 1
                sleep 5                         # wait for server to initialize
                echo "Starting iMonitor"
                echo "Starting edir logging"  
                npki -l
                echo `gettext nds "done."`
# if [ -d /var/lock/subsys ]
# then
# touch /var/lock/subsys/NDS
# fi
                echo `gettext nds "NDS Server $sbindir/ndsd not found."`
                exit 1
}       # StartNdsd
<------END SCRIPT SNIPPET------>

You'll also see that I have included launching iMonitor and npki as well. I hope this helps someone out.

If you have any questions you may contact Patrick at patrick.dooley@towers.com

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus