Date: 11-04-2022

slapd Logging

By default, slapd uses rsyslog to handle log messages. If left unconfigured, log messages will be written to /var/log/messages. Because the slapd log messages will be mixed with various system log messages, it is recommended that OpenLDAP log messages are written to their own file. These steps are recommended for a RHEL/CentOS system.

rsyslog Configuration

slapd Log File

To direct slapd log messages to their own file, either add the following line to /etc/rsyslog.conf or a new file named /etc/rsyslog.d/slapd.conf:

local4.*     -/var/log/slapd.log;RSYSLOG_FileFormat

Disabling Rate Limiting

Rate limiting is a feature of rsyslog and journald that limits the amount of messages saved in log files when log activity is heavy. This creates gaps in the log files and often times log messages that are critical for troubleshooting are discarded. It is highly recommended that rate limiting is disabled. There are two configuration files that control rate limiting: /etc/systemd/journald.conf and /etc/rsyslog.conf.

/etc/systemd/journald.conf

If the /etc/systemd/journald.conf file is present, add the following:

RateLimitInterval=0
RateLimitBurst=0

Restart journald for the change to take effect: systemctl restart journald

/etc/rsyslog.conf

In /etc/rsyslog.conf, add the following to the "#### GLOBAL DIRECTIVES ####" section:

$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0

Decoupling journald from syslog

Starting with RedHat 7, RedHat made a bridge between syslog and systemd's binary logging. This bridge destroys performance due to serious deficiencies with systemd. For reasonable performance on RedHat 7+ then, it is necessary to remove this bridge from the rsyslog configuration.

Modify /etc/rsyslog.conf and comment out (#) the following lines:

$ModLoad imjournal # provides access to the system journal
$OmitLocalLogging on
$IMJournalStateFile imjournal.state

Remove listen.conf file

The file /etc/rsyslog.d/listen.conf needs to be removed:

rm –f /etc/rsyslog.d/listen.conf

Configure Log Rotation

Logs must be rotated at regular intervals. At the bare minimum, logs should be rotated daily. Busier systems should rotate logs hourly.

To configure daily log rotation, add the following to /etc/logrotate.conf:

Note: indentation must be two space characters, otherwise the rotation will fail.

/var/log/slapd.log
{
  rotate 7
  daily
  missingok
  notifempty
  compress
  postrotate
    kill -HUP `cat /var/run/rsyslog*.pid 2>/dev/null` || true
  endscript
}

Local File Logging

Starting with OpenLDAP version 2.6, slapd has the capability to bypass syslog and log directly to a file on the local filesystem. The advantage of using local file logging is that it overcomes syslog's performance issues that can block slapd operations when under heavy load.

To enable local file logging, add the following to slapd.conf See the slapd.conf man page for configuration parameters:

logfile logfile-format debug | syslog-utc | syslog-localtime logfile-only on logfile-rotate