diff options
Diffstat (limited to 'doc/man/man5/slapo-auditlog.5')
-rw-r--r-- | doc/man/man5/slapo-auditlog.5 | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/doc/man/man5/slapo-auditlog.5 b/doc/man/man5/slapo-auditlog.5 new file mode 100644 index 0000000..6aeca87 --- /dev/null +++ b/doc/man/man5/slapo-auditlog.5 @@ -0,0 +1,98 @@ +.TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 2005-2022 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapo\-auditlog \- Audit Logging overlay to slapd +.SH SYNOPSIS +ETCDIR/slapd.conf +.TP +ETCDIR/slapd.d +.SH DESCRIPTION +The Audit Logging overlay can be used to record all changes on a given +backend database to a specified log file. Changes are logged as standard +LDIF, with an additional comment header providing six fields of +information about the change. A second comment header is added at the end +of the operation to note the termination of the change. +.LP +For Add and Modify operations the identity comes from the modifiersName +associated with the operation. This is usually the same as the requestor's +identity, but may be set by other overlays to reflect other values. +.SH CONFIGURATION +This +.B slapd.conf +option applies to the Audit Logging overlay. +It should appear after the +.B overlay +directive. +.TP +.B auditlog <filename> +Specify the fully qualified path for the log file. +.TP +.B olcAuditlogFile <filename> +For use with +.B cn=config +.SH COMMENT FIELD INFORMATION +The first field is the operation type. +.br +The second field is the timestamp of the operation in seconds since epoch. +.br +The third field is the suffix of the database. +.br +The fourth field is the recorded modifiersName. +.br +The fifth field is the originating IP address and port. +.br +The sixth field is the connection number. A connection number of -1 +indicates an internal slapd operation. +.SH EXAMPLE +The following LDIF could be used to add this overlay to +.B cn=config +(adjust to suit) +.LP +.RS +.nf +dn: olcOverlay=auditlog,olcDatabase={1}mdb,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcAuditLogConfig +olcOverlay: auditlog +olcAuditlogFile: /tmp/auditlog.ldif +.fi +.RE +.LP +.LP +.SH EXAMPLE CHANGELOG +.LP +.RS +.nf +# modify 1614223245 dc=example,dc=com cn=admin,dc=example,dc=com IP=[::1]:47270 conn=1002 +dn: uid=joepublic,ou=people,dc=example,dc=com +changetype: modify +replace: displayName +displayName: Joe Public +- +replace: entryCSN +entryCSN: 20210225032045.045229Z#000000#001#000000 +- +replace: modifiersName +modifiersName: cn=admin,dc=example,dc=com +- +replace: modifyTimestamp +modifyTimestamp: 20210225032045Z +- +# end modify 1614223245 + +.fi +.RE +.LP +.SH FILES +.TP +ETCDIR/slapd.conf +default slapd configuration file +.TP +ETCDIR/slapd.d +default slapd configuration directory +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd\-config(5). |