The PingDirectory Server provides a mechanism to filter access log messages based on specific criteria. The filtered log can then be used with a custom log publisher to create and to generate your own custom logs. Adding new filtered logs and associate publishers does not change the behavior of any existing logs. For example, adding a new log that only contains operations that were unsuccessful does not result in those operations being removed from the default access log.
The following example shows how to create a set of criteria that matches any operation that did not complete successfully. It then explains how to create a custom access log publisher that logs only operations matching that criteria. Note that this log does not include messages for connects or disconnects, and only a single message is logged per operation. This message contains both the request and result details.
To run log filtering based on any operation result (for example, result code, processing
time, and response controls), turn off request logging and set the
include-request-details-in-result-messages property to TRUE. Since
filtering based on the results of an operation cannot be done until the operation
completes, the server has no idea whether to log the request. Therefore, it might log
request messages but not log any result messages. Instead, if you can only log result
messages and include request details in the result messages, then only messages for
operations that match the result criteria are logged. All pertinent information about
the corresponding requests are included.
Use the dsconfig command in non-interactive mode to create a
result criteria object set to failure-result-codes, a predefined set of result codes
that indicate when an operation did not complete successfully.
$ bin/dsconfig create-result-criteria --type simple \ --criteria-name "Failed Operations" --set result-code-criteria:failure-result-codes
Use dsconfig to create the corresponding log publisher that uses
the result criteria. The log rotation and retention policies are also set with this
$ bin/dsconfig create-log-publisher \ --type file-based-access \ --publisher-name "Filtered Failed Operations" \ --set enabled:true \ --set log-connects:false \ --set log-disconnects:false \ --set log-requests:false \ --set "result-criteria:Failed Operations" \ --set log-file:logs/failed-ops.log \ --set include-request-details-in-result-messages:true \ --set "rotation-policy:7 Days Time Limit Rotation Policy" \ --set "retention-policy:Free Disk Space Retention Policy"
- View the failed-ops.log in the logs directory. Verify that only information about failed operations is written to it.