Project

General

Profile

Task #4253

Task #4246: Determine why cn-stage-ucsb-1 LDAP syncrepl is failing

Build slapd stage cn log event logging into Splunk

Added by David Doyle over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
David Doyle
Category:
-
Target version:
-
Start date:
2014-02-03
Due date:
% Done:

100%

Estimated time:
0.00 h
Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

When the Splunk system was first set up, we removed slapd entries from the logs being sent to Splunk due to debug spam. Unfortunately, this gets rid of the events we need to figure out the ldap sync issue. Need to send these events into their own index in Splunk.

History

#1 Updated by David Doyle over 8 years ago

  • Status changed from In Progress to Testing
  • % Done changed from 0 to 80

Simple fix - changed the last line of /etc/rsyslog.d/30-splunk.conf from

*.debug @@splunk-forwarder-orc-1.dataone.org:29996

to

*.debug @@splunk-forwarder-orc-1.dataone.org:29996

on the stage CNs. This is sending "debug" info (as slapd is currently set up to generate it, which apparently isn't as simple as a "debug" level) to rsyslog, and then on to Splunk. This generates a negligible level of index activity on the Splunk server, given our license level and current index activity.

Will continue testing with Splunk and adjust slapd log behavior further if needed.

#2 Updated by David Doyle over 8 years ago

  • % Done changed from 80 to 100

Getting plenty of slapd log data into Splunk. Calling this done - will add more via loglevel tweaks if needed.

#3 Updated by David Doyle over 8 years ago

  • translation missing: en.field_remaining_hours set to 0.0
  • Status changed from Testing to Closed

#4 Updated by David Doyle over 8 years ago

  • Subject changed from Build slapd log event logging into Splunk to Build slapd stage cn log event logging into Splunk
  • Estimated time set to 0.00

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)