The Access Log has a standard format that lists various elements identifying the connection and operation occurring within the Directory Server. By default, each operation generates one access log message.

The Access Log displays the following common properties:
  • Timestamp. Displays the date and time of the operation. Format: DD/Month/ YYYY:HH:MM:SS <offset from UTC time>
  • Connection Type. Displays the connection type requested by the client and the response by the server. Examples include the following:
    • CONNECT
    • BIND REQUEST/RESULT
    • UNBIND REQUEST
    • DISCONNECT
    • SEARCH REQUEST/RESULT
    • MODIFY REQUEST/RESPONSE
    • others include: ABANDON, ADD, COMPARE, DELETE, EXTENDED OPERATION, MODIFY, MODIFY DN
  • Connection ID. Numeric identifier, starting incrementally with 0, that identifies the client connection that is requesting the operation. The connection ID is unique for a span of time on a single server. Values of the connection ID will be re-used when the server restarts or when it has had enough connections to cause the identifier to wrap back to zero.
  • Operation ID. Numeric identifier, starting incrementally with 0, that identifies the operation. The operation ID is unique for a span of time on a single server. Values of the operation ID will be re-used when the server restarts or when it has serviced enough operations to cause the identifier to wrap back to zero.
  • Result Code. LDAP result code that determines the success or failure of the operation result. Result messages include a result element that indicates whether the operation was successful or if failed, the general category for the failure, and an etime element that indicates the length of time in milliseconds that the server spent processing the operation.

    The Directory Server provides a useful tool <server-root>/bin/ldap-result-code (UNIX, Linux) or <server-root>\bat\ldap-result-code (Windows), that displays all of the result codes used in the system. You can use the utility if you are not sure what a result code means. For example, use the following:
    • ldap-result-code --list displays all of the defined result codes in the Directory Server.
    • ldap-result-code --int-value 16654 displays the name of the result code with a numeric value of 16654.
    • ldap-result-code --search operation displays a list of all result codes whose name includes the substring "operation".
  • Elapsed Time. Displays the elapsed time (milliseconds) during which the operation completed its processing.
  • Message ID. Numeric identifier, starting incrementally with 1, which identifies the LDAP message used to request the operation.