Logging Configuration for RHEL / Centos
Set up and customize logging configurations in your software applications to track and analyze system activities for improved performance and debugging purposes.
Updated at July 27th, 2024
Table of Contents
Date: 11-04-2022
slapd Logging
By default, slapd uses rsyslog to handle log messages. If left unconfigured, log messages will be written to /var/log/messages. Because the slapd log messages will be mixed with various system log messages, it is recommended that OpenLDAP log messages are written to their own file. These steps are recommended for a RHEL/CentOS system.
rsyslog Configuration
slapd Log File
To direct slapd log messages to their own file, either add the following line to /etc/rsyslog.conf or a new file named /etc/rsyslog.d/slapd.conf:
local4.* -/var/log/slapd.log;RSYSLOG_FileFormatDisabling Rate Limiting
Rate limiting is a feature of rsyslog and journald that limits the amount of messages saved in log files when log activity is heavy. This creates gaps in the log files and often times log messages that are critical for troubleshooting are discarded. It is highly recommended that rate limiting is disabled. There are two configuration files that control rate limiting: /etc/systemd/journald.conf and /etc/rsyslog.conf.
/etc/systemd/journald.conf
If the /etc/systemd/journald.conf file is present, add the following:
RateLimitInterval=0
RateLimitBurst=0Restart journald for the change to take effect: systemctl restart journald
/etc/rsyslog.conf
In /etc/rsyslog.conf, add the following to the "#### GLOBAL DIRECTIVES ####" section:
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0Decoupling journald from syslog
Starting with RedHat 7, RedHat made a bridge between syslog and systemd's binary logging. This bridge destroys performance due to serious deficiencies with systemd. For reasonable performance on RedHat 7+ then, it is necessary to remove this bridge from the rsyslog configuration.
Modify /etc/rsyslog.conf and comment out (#) the following lines:
$ModLoad imjournal # provides access to the system journal
$OmitLocalLogging on
$IMJournalStateFile imjournal.stateRemove listen.conf file
The file /etc/rsyslog.d/listen.conf needs to be removed:
rm –f /etc/rsyslog.d/listen.confConfigure Log Rotation
Logs must be rotated at regular intervals. At the bare minimum, logs should be rotated daily. Busier systems should rotate logs hourly.
To configure daily log rotation, add the following to /etc/logrotate.conf:
Note: indentation must be two space characters, otherwise the rotation will fail.
/var/log/slapd.log
{
rotate 7
daily
missingok
notifempty
compress
postrotate
kill -HUP `cat /var/run/rsyslog*.pid 2>/dev/null` || true
endscript
}Local File Logging
Starting with OpenLDAP version 2.6, slapd has the capability to bypass syslog and log directly to a file on the local filesystem. The advantage of using local file logging is that it overcomes syslog's performance issues that can block slapd operations when under heavy load.
To enable local file logging, add the following to slapd.conf See the slapd.conf man page for configuration parameters:
logfile