ldap/ldif/template-dse.ldif.in | 7 ++-----
ldap/servers/slapd/auditlog.c | 11 ++++++++---
2 files changed, 10 insertions(+), 8 deletions(-)
New commits:
commit b408ffcd5f101c73b6045eb72a5bef076071aea6
Author: William Brown <firstyear(a)redhat.com>
Date: Tue Nov 24 07:58:38 2015 +1000
Ticket 48145 - Allow merged logging of audit events
Bug Description: The auditfail logging should be able to be directed to the
same audit file, or to it's own seperate file.
Fix Description: When nsslapd-auditfaillog is not specified the value of
nsslapd-auditlog will be used for audit and auditfail events. If auditfaillog
is specified, all results with RC != LDAP_SUCCESS (0) will go to the auditfail
handler.
https://fedorahosted.org/389/ticket/48145
Author: wibrown
Review by: mreynolds (Thanks!)
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index a25295b..1ec8009 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -52,11 +52,8 @@ nsslapd-auditlog-mode: 600
nsslapd-auditlog-maxlogsize: 100
nsslapd-auditlog-logrotationtime: 1
nsslapd-auditlog-logrotationtimeunit: day
-nsslapd-auditfaillog: %log_dir%/auditfail
-nsslapd-auditfaillog-mode: 600
-nsslapd-auditfaillog-maxlogsize: 100
-nsslapd-auditfaillog-logrotationtime: 1
-nsslapd-auditfaillog-logrotationtimeunit: day
+nsslapd-auditlog-logging-enabled: off
+nsslapd-auditfaillog-logging-enabled: off
nsslapd-rootdn: %rootdn%
nsslapd-rootpw: %ds_passwd%
nsslapd-maxdescriptors: 1024
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index 2ddfad0..45ef16e 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -78,7 +78,7 @@ write_audit_log_entry( Slapi_PBlock *pb )
curtime = current_time();
/* log the raw, unnormalized DN */
dn = slapi_sdn_get_udn(sdn);
- write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime,
0);
+ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime,
LDAP_SUCCESS);
}
void
@@ -129,8 +129,13 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
curtime = current_time();
/* log the raw, unnormalized DN */
dn = slapi_sdn_get_udn(sdn);
- /* If we are combined */
- write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag,
curtime, pbrc);
+ if (config_get_auditfaillog() == NULL || strlen(config_get_auditfaillog()) == 0) {
+ /* If no auditfail log write to audit log */
+ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag,
curtime, pbrc);
+ } else {
+ /* If we have our own auditfail log path */
+ write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag,
curtime, pbrc);
+ }
}