Task #4246: Determine why cn-stage-ucsb-1 LDAP syncrepl is failing
Build slapd stage cn log event logging into Splunk
When the Splunk system was first set up, we removed slapd entries from the logs being sent to Splunk due to debug spam. Unfortunately, this gets rid of the events we need to figure out the ldap sync issue. Need to send these events into their own index in Splunk.
#1 Updated by David Doyle almost 8 years ago
- Status changed from In Progress to Testing
- % Done changed from 0 to 80
Simple fix - changed the last line of /etc/rsyslog.d/30-splunk.conf from
on the stage CNs. This is sending "debug" info (as slapd is currently set up to generate it, which apparently isn't as simple as a "debug" level) to rsyslog, and then on to Splunk. This generates a negligible level of index activity on the Splunk server, given our license level and current index activity.
Will continue testing with Splunk and adjust slapd log behavior further if needed.