• Contact Us
  • Home
  • Installation
  • Configuration

Logging Configuration for RHEL / Centos

Set up and customize logging configurations in your software applications to track and analyze system activities for improved performance and debugging purposes.

Written by Maryanne Normann

Updated at July 27th, 2024

  • Quick Start
  • Installation
    Best Practices Configuration Troubleshooting Design Performance Platform
  • Maintenance
    Releases Upgrade
  • Reference
+ More

Table of Contents

slapd Logging rsyslog Configuration slapd Log File Disabling Rate Limiting Decoupling journald from syslog Configure Log Rotation Local File Logging

Date: 11-04-2022

slapd Logging

By default, slapd uses rsyslog to handle log messages. If left unconfigured, log messages will be written to /var/log/messages. Because the slapd log messages will be mixed with various system log messages, it is recommended that OpenLDAP log messages are written to their own file. These steps are recommended for a RHEL/CentOS system.

rsyslog Configuration

slapd Log File

To direct slapd log messages to their own file, either add the following line to /etc/rsyslog.conf or a new file named /etc/rsyslog.d/slapd.conf:

local4.*     -/var/log/slapd.log;RSYSLOG_FileFormat

Disabling Rate Limiting

Rate limiting is a feature of rsyslog and journald that limits the amount of messages saved in log files when log activity is heavy. This creates gaps in the log files and often times log messages that are critical for troubleshooting are discarded. It is highly recommended that rate limiting is disabled. There are two configuration files that control rate limiting: /etc/systemd/journald.conf and /etc/rsyslog.conf.

/etc/systemd/journald.conf

If the /etc/systemd/journald.conf file is present, add the following:

RateLimitInterval=0
RateLimitBurst=0

Restart journald for the change to take effect: systemctl restart journald

/etc/rsyslog.conf

In /etc/rsyslog.conf, add the following to the "#### GLOBAL DIRECTIVES ####" section:

$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0

Decoupling journald from syslog

Starting with RedHat 7, RedHat made a bridge between syslog and systemd's binary logging. This bridge destroys performance due to serious deficiencies with systemd. For reasonable performance on RedHat 7+ then, it is necessary to remove this bridge from the rsyslog configuration.

Modify /etc/rsyslog.conf and comment out (#) the following lines:
$ModLoad imjournal # provides access to the system journal
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
Remove listen.conf file

The file /etc/rsyslog.d/listen.conf needs to be removed:

rm –f /etc/rsyslog.d/listen.conf

Configure Log Rotation

Logs must be rotated at regular intervals. At the bare minimum, logs should be rotated daily. Busier systems should rotate logs hourly.

To configure daily log rotation, add the following to /etc/logrotate.conf:

Note: indentation must be two space characters, otherwise the rotation will fail.

/var/log/slapd.log
{
  rotate 7
  daily
  missingok
  notifempty
  compress
  postrotate
    kill -HUP `cat /var/run/rsyslog*.pid 2>/dev/null` || true
  endscript
}

Local File Logging

Starting with OpenLDAP version 2.6, slapd has the capability to bypass syslog and log directly to a file on the local filesystem. The advantage of using local file logging is that it overcomes syslog's performance issues that can block slapd operations when under heavy load.

To enable local file logging, add the following to slapd.conf See the slapd.conf man page for configuration parameters:

logfile logfile-format debug | syslog-utc | syslog-localtime logfile-only on logfile-rotate

Copyright © 2020-2024 Symas Corporation. All rights reserved.
logging syslog logrotate configuration troubleshooting

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Configuring Apache Fortress-OpenLDAP for High Availability
  • Creating Dynamic Groups
  • Configuring PPolicy for OpenLDAP 2.5
  • Configure Variant
  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2023, Symas Corporation. All rights reserved. Privacy Statement (updated July 31, 2023)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA

Expand