Prior to configuring an Admin Alert Access Log, you must establish an administrative alert handler in your system. For more information, see Working with Administrative Alert Handlers.

  1. Use dsconfig to create a criteria object for the Admin Alert Access Log. For this example, we want to log only write operations that target user entries. The following command matches any of the specified operations whose target entry matches the filter “(objectClass=person)”.
    If you are using the dsconfig tool in interactive mode, the menu items for the criteria operations are located in the Standard objects menu.
    $ bin/dsconfig create-request-criteria --type simple \ 
      --criteria-name “User Updates” \ 
      --set operation-type:add \ 
      --set operation-type:delete \
      --set operation-type:modify \ 
      --set operation-type:modify-dn \ 
      --set “any-included-target-entry-filter:(objectClass=person)”
  2. Use dsconfig to create a log publisher of type admin-alert-access.
    $ bin/dsconfig create-log-publisher \ 
      --publisher-name ”User Updates Admin Alert Access Log” \ 
      --type admin-alert-access \ 
      --set “request-criteria:User Updates” \ 
      --set include-request-details-in-result-messages:true \ 
      --set enabled:true