I would like to have accesslog with a data retention of 10 days. In my ldap
usage scenario this retention produce an accesslog db of quite 10GB of data.
Things are working quite fine, but when the log db contains data older than
the retention I defined after restart slapd has a thread allocated at 100% of
cpu of one processor.
I logged at loglevel 992 = 512 + 256 + 128 + 64 + 32, blocked with iptables
every external ldap access and saw these lines in the log:
[cut]
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042854.000008Z,cn=log03,dc=mycorp.it <http://mycorp.it>"
"reqStart" requested
Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted
by manage(=mwrscxd)
Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6
Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter
Feb 3 09:37:08 ldap03 slapd[16289]: LE
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042854.000010Z,cn=log03,dc=mycorp.it" "reqStart" requested
Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted
by manage(=mwrscxd)
Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6
Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter
Feb 3 09:37:08 ldap03 slapd[16289]: LE
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042854.000012Z,cn=log03,dc=mycorp.it" "reqStart" requested
Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted
by manage(=mwrscxd)
Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6
Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter
Feb 3 09:37:08 ldap03 slapd[16289]: LE
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042854.000014Z,cn=log03,dc=mycorp.it" "reqStart" requested
Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted
by manage(=mwrscxd)
Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6
Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter
Feb 3 09:37:08 ldap03 slapd[16289]: LE
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042855.000000Z,cn=log03,dc=mycorp.it" "reqStart" requested
Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted
Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted
by manage(=mwrscxd)
Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6
Feb 3 09:37:09 ldap03 slapd[16289]: => test_filter
Feb 3 09:37:09 ldap03 slapd[16289]: LE
Feb 3 09:37:09 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042855.000002Z,cn=log03,dc=mycorp.it" "reqStart" requested
Feb 3 09:37:09 ldap03 slapd[16289]: <= root access granted
Feb 3 09:37:09 ldap03 slapd[16289]: => access_allowed: search access granted
by manage(=mwrscxd)
Feb 3 09:37:09 ldap03 slapd[16289]: <= test_filter 6
Feb 3 09:37:09 ldap03 slapd[16289]: => test_filter
Feb 3 09:37:09 ldap03 slapd[16289]: LE
Feb 3 09:37:09 ldap03 slapd[16289]: => access_allowed: search access to
"reqStart=20110202042855.000004Z,cn=log03,dc=mycorp.it" "reqStart" requested
[cut]
I could assume that slapo-accesslog is querying all entries older than the
retention and passes to delete them.
What if this step to end the job will take more time than the interval time of
re-starting?
Augmenting the frequency of this job could help in this meaning?
Every best practice to follow to use accesllog effectively will be very
appreciated! :-)
Thanks
Marco Pizzoli
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison