Novell Home

How to Automate eDirectory logging on Solaris with Retention

Novell Cool Solutions: Trench
By Patrick Dooley

Digg This - Slashdot This

Posted: 20 Jan 2004
 

eDirectory comes with ndstrace which is useful to diagnose problems, but unfortunately, it overwrites its logfile, so it's not very useful for auditing ldap authentications, queries, etc. Here's how I do it.

SOLUTION: First, you have to decide what you want in your logfile, so load ndstrace and turn on the flags that you want captured in your logs. (I turn off everything but ldap). Type in exit; that should save your ndstrace settings for subsequent launches.

Create a script called edirlog.sh. with the following contents:

<-----SCRIPT BEGIN------------>
#! /bin/ksh
#
#First, define where we want to store the log files, and how to name them.
#

BASE_DIR=/var/nds/ldap_logs
SNAME=`/bin/hostname`
FNAME=$BASE_DIR/$(date +%Y%m%d-%H%M%S)-${SNAME}

#
#If the directories don't exist, let's create them.
#

if [ ! -d ${BASE_DIR} ]; then
mkdir ${BASE_DIR}
fi

if [ ! -d ${BASE_DIR}/archive ]; then
mkdir ${BASE_DIR}/archive
fi

#
#Let's check to see if ndstrace is already loaded, if so, unload it.
#

ps -ef|grep ndstrace|grep -v grep
if  [ $? -eq 0 ]; then
ndstrace -u
fi

#
#Archive the last log file, fire up the new logfile.
#
mv ${BASE_DIR}/*.log ${BASE_DIR}/archive
nohup ndstrace -l >${FNAME}.log &
cd ${BASE_DIR}/archive
for i in `ls|grep .log|grep -v gz`; do gzip $i; done
<------SCRIPT END--------->

Now, you need to modify the /etc/init.d/ndsd startup script to automate the whole thing. In the StartNdsd () function, you need to launch your script. Here's what mine looks like:

<------BEGIN SCRIPT SNIPPET------->
#
# Start the ndsd daemon
#

StartNdsd () {

 SetupMemManager

    if [ -f $sbindir/ndsd ]; then
                echo `gettext nds "Starting NDS Server..."`
 LD_PRELOAD=$ld_preload $sbindir/ndsd
# $sbindir/ndsd
# $sbindir/ndsd
                if [ "$?" -ne 0 ]; then
                        echo `gettext nds "NDS Server startup failed."`
                        echo `gettext nds "Look for $localstatedir/ndsd.log for informat
ion."`
                        exit 1
                fi
                sleep 5                         # wait for server to initialize
                echo "Starting iMonitor"
                /usr/bin/ndsimonitor
                echo "Starting edir logging"  
                /var/nds/scripts/edirlog.sh
                npki -l
                echo `gettext nds "done."`
# if [ -d /var/lock/subsys ]
# then
# touch /var/lock/subsys/NDS
# fi
    else
                echo `gettext nds "NDS Server $sbindir/ndsd not found."`
                exit 1
    fi
}       # StartNdsd
<------END SCRIPT SNIPPET------>

You'll also see that I have included launching iMonitor and npki as well. I hope this helps someone out.

If you have any questions you may contact Patrick at patrick.dooley@towers.com


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell