Configuring an Admin Alert Access Log publisher
Before configuring an Admin Alert Access Log, you must establish an administrative alert handler in your system.
Steps
-
To create a criteria object for the Admin Alert Access Log, use
dsconfig
.If you are using the
dsconfig
tool in interactive mode, the menu items for the criteria operations are located in theStandard objects menu
.Example:
For this example, we want to log only write operations that target user entries. The following command matches any of the specified operations whose target entry matches the filter
(objectClass=person)
.$ bin/dsconfig create-request-criteria --type simple \ --criteria-name “User Updates” \ --set operation-type:add \ --set operation-type:delete \ --set operation-type:modify \ --set operation-type:modify-dn \ --set “any-included-target-entry-filter:(objectClass=person)”
-
To create a log publisher of type
admin-alert-access
, usedsconfig
.Example:
$ bin/dsconfig create-log-publisher \ --publisher-name ”User Updates Admin Alert Access Log” \ --type admin-alert-access \ --set “request-criteria:User Updates” \ --set include-request-details-in-result-messages:true \ --set enabled:true