Service manual
Audit Logging
142 Sun ONE Directory Server Installation and Tuning Guide • June 2003
Audit Logging
The audit log contains detailed information about all changes made to each
database as well as to server configuration. Audit logging is disabled by default.
When enabled in deployments having high modify volume, enablingaudit logging
causes a very noticeable overall drop in performance. Unless the deployment
requires it, leave audit logging disabled. For large or high volume deployments
that require audit logging, consider allocating a separate disk on a separate
controller to the audit log. Table 8-3 provides further recommendations for specific
attributes.
Table 8-3 Tuning Recommendations for AuditLogging
Configuration Attribute (on dn: cn=config) Short Description and Tuning Recommendations
nsslapd-auditlog Specifies the path and filename of the audit log file.
For low volume deployments,theauditlog mayshare
a disk with the access and error logs.
For high volume deployments, consider putting the
audit log on its own disk, with its own controller.
Choose a disk with a large I/O buffer.
nsslapd-auditlog-logging-enabled Enables and disables audit logging.
Leave off (default setting) unless audit logging is
required.
nsslapd-auditlog-logmaxdiskspace Specifies maximum disk space that all audit logs
(current and rotated logs) may consume.
Set this value below the total amount of disk space
dedicated to audit logging.
If using the same disk for audit, access, and error
logging, ensure sufficient disk space for all three.
If the audit log resides on its own disk, set this
variable to the size of the disk.