Configure Logging for OpenLDAP on SLES 1

[tumichaelf]

I run OpenLDAP on a SLES10 box and as it uses "syslog-ng.conf" rather than "syslog.conf" I am having difficulty configuring ldap to log. If this were a "syslog.conf" file I would simply add

local4.* /var/log/ldap.log

, but as it is not, how do I add this to "syslog-ng.conf

 

[Annihilannic]

Try adding these lines:

destination d_ldap { file("/var/log/ldap.log"); };
filter f_ldap { facility(local4); };
log { source(src); filter(f_ldap); destination(d_ldap); };

Annihilannic
[small]tgmlify - code syntax highlighting for your tek-tips posts[/small]

 

[tumichaelf]

This did not throw any errors, but it also did not create the logs (I restart the syslog daemon as well as ldap).

I tried a very similar setup in syslog-ng yesterday with no luck.

 

[Annihilannic]

Are you sure the daemon sent some messages? Did you try sending some your self using something like logger -p local4.notice "a test message"?

Perhaps you also need the level, try this?

filter f_ldap { facility(local4) and level (debug..emerg); };

You may want to change that from "debug" to "info" or higher once you've confirmed that it's working.

Annihilannic
[small]tgmlify - code syntax highlighting for your tek-tips posts[/small]

 

[tumichaelf]

I tried all three of those recommendations, and nothing is being logged..

destination d_ldap { file("/var/log/ldap.log"); };
filter f_ldap { facility(local4) and level(info..emerg); };
log { source(src); filter(f_ldap); destination(d_ldap); };

 

[Annihilannic]

Is it SLES10? I just tried it using my first suggestion and it works fine. Did you restart, reload or kill -HUP the syslog service after making the config file changes?

linux-2xfn:/etc/syslog-ng # service syslog reload
Reload syslog service                                                 done
linux-2xfn:/etc/syslog-ng # tail /etc/syslog-ng/syslog-ng.conf
#
# Enable this, if you want to keep all messages in one file:
# (don't forget to provide logrotation config)
#
#destination allmessages { file("/var/log/allmessages"); };
#log { source(src); destination(allmessages); };

destination d_ldap { file("/var/log/ldap.log"); };
filter f_ldap { facility(local4); };
log { source(src); filter(f_ldap); destination(d_ldap); };
linux-2xfn:/etc/syslog-ng # logger -p local4.notice -t testing "a test message"
linux-2xfn:/etc/syslog-ng # cat /var/log/ldap.log
Oct 20 22:24:53 linux-2xfn testing: a test message
linux-2xfn:/etc/syslog-ng #

Annihilannic
[small]tgmlify - code syntax highlighting for your tek-tips posts[/small]

 

[tumichaelf]

# Enable this, if you want to keep all messages in one file:
# (don't forget to provide logrotation config)
#
#destination allmessages { file("/var/log/allmessages"); };
#log { source(src); destination(allmessages); };

destination d_ldap { file("/var/log/ldap.log"); };
filter f_ldap { facility(local4); };
log { source(src); filter(f_ldap); destination(d_ldap); };
~
"/etc/syslog-ng/syslog-ng.conf" 196L, 5624C written                                                     
HOST1:~ # service syslog reload
Reload syslog service                                                 failed

 

[tumichaelf]

so I tried

# Enable this, if you want to keep all messages in one file:
# (don't forget to provide logrotation config)
#
#destination allmessages { file("/var/log/allmessages"); };
#log { source(src); destination(allmessages); };

destination d_ldap { file("/var/log/ldap.log"); };
filter f_ldap { facility(local4); };
log { source(src); filter(f_ldap); destination(d_ldap); };
"/etc/syslog-ng/syslog-ng.conf" 196L, 5624C written
HOST1:~ # service syslog restart
Shutting down syslog services                                         done
Starting syslog services                                              done
HOST1:~ # logger -p local4.notice -t testing "a test message"
HOST1:~ # cat /var/log/ldap.log
cat: /var/log/ldap.log: No such file or directory
HOST1:~ #

 

[Annihilannic]

Strange, did the test message appear in /var/log/messages? Mine appeared there as well.

Annihilannic
[small]tgmlify - code syntax highlighting for your tek-tips posts[/small]

 

[tumichaelf]

HOST1:/var/log # logger -p local4.notice -t testing "a test message"
HOST1:/var/log # grep -iR "a test message" *

 

[Annihilannic]

Even stranger!

Is *anything* being logged on your system? Try logger -p kern.notice "another test" perhaps and see if it appears in /var/log/messages?

Is /var full perhaps?

Is syslog-ng daemon definitely running (check ps)? And perhaps service syslog status.

Are any other syslog-ng.conf customisations already present that might be overriding your entries, or was the file untouched until now?

Annihilannic
[small]tgmlify - code syntax highlighting for your tek-tips posts[/small]

 

[tumichaelf]

HOST1:~ # service syslog status
Checking for service syslog:                                          running
HOST1:~ # logger -p kern.notice "another test"
HOST1:~ # cd /var/log/
HOST1:/var/log # grep -iR "another test" *
HOST1:/var/log #

I then went and ran

HOST1:/var/log # ps -ef|grep syslog
root     21965     1  0 Oct18 ?        00:00:00 /sbin/syslog-ng
root     21997     1  0 Oct18 ?        00:00:00 /sbin/syslog-ng
root     21999     1  0 Oct18 ?        00:00:00 /sbin/syslog-ng restart
root     22066     1  0 Oct18 ?        00:00:00 /sbin/syslog-ng restart
root     29017 27937  0 08:48 pts/1    00:00:00 grep syslog

. With those funky results I then went and bounced the box and now

HOST1:~ # ps -ef|grep syslog
root      2808     1  2 08:49 ?        00:00:00 /sbin/syslog-ng
root      4403  4375  0 08:50 pts/0    00:00:00 grep syslog
HOST1:~ # logger -p kern.notice "another test"
HOST1:~ # cd /var/log/
HOST1:/var/log # grep -iR "another test" *
messages:Oct 25 08:50:20 HOST1 root: another test

and when I look in "/var/log/" for the ldap.log it is there

HOST1:/var/log # pwd
/var/log
HOST1:/var/log # ls -ltr ldap.log 
-rw-r----- 1 root root 25806829 2011-10-25 08:54 ldap.log
HOST1:/var/log #

Thanks for your help