11.2. 错误日志参考
Directory 服务器错误记录目录服务器事务和操作的消息。错误日志不仅包含失败操作的错误消息,还包含有关目录服务器进程和 LDAP 任务的常规信息,如服务器启动消息、登录和搜索目录以及连接信息。
11.2.1. 错误日志记录级别
错误日志可以记录目录服务器操作的不同详情,包括不同类型的信息,具体取决于启用的日志级别。
您可以使用 cn=config 条目的 nsslapd-errorlog-level 配置属性来设置日志记录级别。
默认日志记录级别为 16384。此级别包括严重错误消息和标准记录的消息,如 LDAP 结果代码和启动消息。错误日志记录级别是可添加的。要启用复制日志记录(8192)和插件日志记录(65536),请将 nsslapd-errorlog-level 属性设置为 73728 (8192 + 65536)。
启用高级别调试日志记录可能会显著降低服务器性能。因此,只启用高调试日志记录级别,如复制(8192),仅适用于故障排除。
| 设置 | 控制台名称 | 描述 |
|---|---|---|
| 1 | 跟踪函数调用 | 当服务器进入并退出函数时,记录一条消息。 |
| 2 | 数据包处理 | 记录服务器进程的数据包的调试信息。 |
| 4 | 大量追踪输出 | 当服务器进入并退出函数时,日志会带有额外的调试信息。 |
| 8 | 连接管理 | 记录当前连接状态,包括用于 SASL 绑定的连接方法。 |
| 16 | 发送和接收的数据包 | 打印服务器发送和接收的数据包数。 |
| 32 | 搜索过滤器处理 | 记录搜索操作调用的所有功能。 |
| 64 | 配置文件处理 |
在服务器启动时,打印每个使用的 |
| 128 | 访问控制列表处理 | 提供详细的访问控制列表处理信息。 |
| 2048 | 日志条目解析 | 日志模式解析调试信息。 |
| 4096 | housekeeping | 记录内务线程的调试信息。 |
| 8192 | 复制 | 记录有关每个复制相关操作的详细信息,包括更新和错误,这对于调试复制问题非常重要。 |
| 16384 | Default(默认) | 记录 Directory 服务器始终写入错误日志的严重错误和其他消息,如服务器启动消息。无论日志级别设置是什么,错误日志都会包含这些消息。 |
| 32768 | 条目缓存 | 记录数据库条目缓存的调试信息。 |
| 65536 | 插件 |
当服务器插件调用 |
| 262144 | 访问控制概述 |
总结了有关访问服务器的信息,包含比 |
| 524288 | 后端数据库 | 记录用于处理与后缀关联的数据库的调试信息。 |
| 1048576 | 密码策略 | 记录有关密码策略决策的调试信息。 |
11.2.2. 默认错误日志内容
服务器或插件都可以将条目写入错误日志中:
当服务器写入日志时,它使用以下格式:
[time_stamp] - <severity_level> - <function_name> - <message>
服务器生成的错误日志示例:
[time_stamp] - NOTICE - bdb_start_autotune - found 7110616k physical memory
当插件写入日志时,它使用以下格式:
[time_stamp] - <severity_level> - <plug-in_name> - <function_name> - <message>
插件生成的错误日志示例:
[time_stamp] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=19 op=3 repl="o=example.com": Excessive clock skew from supplier RUV
错误日志条目包含以下信息:
| 日志消息 | 描述 |
|---|---|
| 时间戳 | 时间戳格式可能会因您的本地设置而异。默认情况下启用高分辨率时间戳,以纳秒为单位。 |
| 严重性级别 | 严重性级别可以具有以下值:
|
| 插件名称 | 只有在插件将消息写入错误日志时才会显示插件名称。 |
| 功能名称 | 操作或插件调用的功能。 |
| 消息 | operation 或 插件返回的输出。消息包含其他信息,如 LDAP 错误代码和连接信息。 |
您可以使用严重性级别来过滤您的日志条目。例如,要只显示 ERR 严重性为 ERR 的日志条目,请运行:
# grep ERR /var/log/dirsrv/slapd-instance_name/errors
[time_stamp] - ERR - no_diskspace - No enough space left on device (/var/lib/dirsrv/slapd-instance_name/db) (40009728 bytes); at least 145819238 bytes space is needed for db region files
[time_stamp] - ERR - ldbm_back_start - Failed to init database, err=28 No space left on device
[time_stamp] - ERR - plugin_dependency_startall - Failed to start database plugin ldbm database
...其他资源
11.2.3. 非默认错误日志内容
不同的日志记录级别返回不同的详细信息,包括服务器操作的类型。以下是默认情况下不启用的最常用错误日志记录级别。请记住,您可以组合日志记录级别。
复制(8192)
复制日志记录是要实施的最重要诊断级别之一。复制(8192)级别记录与复制和 Windows 同步相关的所有操作,包括处理供应商修改并将其写入更改日志、发送更新和更改复制协议。
当目录服务器准备或发送复制更新时,错误日志会标识它是复制或同步协议。日志还标识使用者主机和端口,以及当前的复制任务。
复制级别日志的格式如下:
[time_stamp] NSMMReplicationPlugin - agmt="name" (consumer_host:consumer_port): current_task
以下是复制(8192)级别日志的示例,其中 {replicageneration} 表示目录服务器发送新信息,4949df6e000000010000 是复制条目的更改序列号(CSN):
[time_stamp] NSMMReplicationPlugin - agmt="cn=example2_agreement" (alt:13864): {replicageneration} 4949df6e000000010000以下是向消费者发送单个条目的完整流程示例,从添加条目到更改日志,以在复制完成后释放消费者。
[time_stamp] - DEBUG - _csngen_adjust_local_time - gen state before 592c103d0000:1496059964:0:1
[time_stamp] - DEBUG - _csngen_adjust_local_time - gen state after 592c10e20000:1496060129:0:1
[time_stamp] - DEBUG - NSMMReplicationPlugin - ruv_add_csn_inprogress - Successfully inserted csn 592c10e2000000020000 into pending list
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName - found DB object 0x558ddfe1f720 for database /var/lib/dirsrv/slapd-supplier_2/changelogdb/d3de3e8d-446611e7-a89886da-6a37442d_592c0e0b000000010000.db
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - cl5WriteOperationTxn - Successfully written entry with csn (592c10e2000000020000)
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName - found DB object 0x558ddfe1f720 for database /var/lib/dirsrv/slapd-supplier_2/changelogdb/d3de3e8d-446611e7-a89886da-6a37442d_592c0e0b000000010000.db
[time_stamp] - DEBUG - NSMMReplicationPlugin - csnplCommitALL: committing all csns for csn 592c10e2000000020000
[time_stamp] - DEBUG - NSMMReplicationPlugin - csnplCommitALL: processing data csn 592c10e2000000020000
[time_stamp] - DEBUG - NSMMReplicationPlugin - ruv_update_ruv - Successfully committed csn 592c10e2000000020000
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_run - agmt="cn=meTo_localhost:39001" (localhost:39001): State: wait_for_changes -> wait_for_changes
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_run - agmt="cn=meTo_localhost:39001" (localhost:39001): State: wait_for_changes -> ready_to_acquire_replica
[time_stamp] - DEBUG - NSMMReplicationPlugin - conn_connect - agmt="cn=meTo_localhost:39001" (localhost:39001) - Trying non-secure slapi_ldap_init_ext
[time_stamp] - DEBUG - NSMMReplicationPlugin - conn_connect - agmt="cn=meTo_localhost:39001" (localhost:39001) - binddn = cn=replrepl,cn=config, passwd = {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVGRERBNEJDUmlZVFUzTnpRMk55MDBaR1ZtTXpobQ0KTWkxaE9XTTRPREpoTlMwME1EaGpabVUxWmdBQ0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCRGhwMnNLcEZ2ZWE2RzEwWG10OU41Tg==}+36owaI7oTmvWhxRzUqX5w==
[time_stamp] - DEBUG - NSMMReplicationPlugin - conn_cancel_linger - agmt="cn=meTo_localhost:39001" (localhost:39001) - No linger to cancel on the connection
[time_stamp] - DEBUG - _csngen_adjust_local_time - gen state before 592c10e20001:1496060129:0:1
[time_stamp] - DEBUG - _csngen_adjust_local_time - gen state after 592c10e30000:1496060130:0:1
[time_stamp] - DEBUG - NSMMReplicationPlugin - acquire_replica - agmt="cn=meTo_localhost:39001" (localhost:39001): Replica was successfully acquired.
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_run - agmt="cn=meTo_localhost:39001" (localhost:39001): State: ready_to_acquire_replica -> sending_updates
[time_stamp] - DEBUG - csngen_adjust_time - gen state before 592c10e30001:1496060130:0:1
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - _cl5GetDBFile - found DB object 0x558ddfe1f720 for database /var/lib/dirsrv/slapd-supplier_2/changelogdb/d3de3e8d-446611e7-a89886da-6a37442d_592c0e0b000000010000.db
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - _cl5PositionCursorForReplay - (agmt="cn=meTo_localhost:39001" (localhost:39001)): Consumer RUV:
[time_stamp] - DEBUG - NSMMReplicationPlugin - agmt="cn=meTo_localhost:39001" (localhost:39001): {replicageneration} 592c0e0b000000010000
[time_stamp] - DEBUG - NSMMReplicationPlugin - agmt="cn=meTo_localhost:39001" (localhost:39001): {replica 1 ldap://localhost:39001} 592c0e17000000010000 592c0e1a000100010000 00000000
[time_stamp] - DEBUG - NSMMReplicationPlugin - agmt="cn=meTo_localhost:39001" (localhost:39001): {replica 2 ldap://localhost:39002} 592c103c000000020000 592c103c000000020000 00000000
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - _cl5PositionCursorForReplay - (agmt="cn=meTo_localhost:39001" (localhost:39001)): Supplier RUV:
[time_stamp] - DEBUG - NSMMReplicationPlugin - agmt="cn=meTo_localhost:39001" (localhost:39001): {replicageneration} 592c0e0b000000010000
[time_stamp] - DEBUG - NSMMReplicationPlugin - agmt="cn=meTo_localhost:39001" (localhost:39001): {replica 2 ldap://localhost:39002} 592c103c000000020000 592c10e2000000020000 592c10e1
[time_stamp] - DEBUG - NSMMReplicationPlugin - agmt="cn=meTo_localhost:39001" (localhost:39001): {replica 1 ldap://localhost:39001} 592c0e1a000100010000 592c0e1a000100010000 00000000
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_get_buffer - found thread private buffer cache 0x558ddf870f00
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_get_buffer - _pool is 0x558ddfe294d0 _pool->pl_busy_lists is 0x558ddfab84c0 _pool->pl_busy_lists->bl_buffers is 0x558ddf870f00
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_initial_anchorcsn - agmt="cn=meTo_localhost:39001" (localhost:39001) - (cscb 0 - state 0) - csnPrevMax () csnMax (592c10e2000000020000) csnBuf (592c103c000000020000) csnConsumerMax (592c103c000000020000)
[time_stamp] - DEBUG - clcache_initial_anchorcsn - anchor is now: 592c103c000000020000
[time_stamp] - DEBUG - NSMMReplicationPlugin - changelog program - agmt="cn=meTo_localhost:39001" (localhost:39001): CSN 592c103c000000020000 found, position set for replay
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_get_next_change - load=1 rec=1 csn=592c10e2000000020000
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Starting
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 0
[time_stamp] - DEBUG - NSMMReplicationPlugin - replay_update - agmt="cn=meTo_localhost:39001" (localhost:39001): Sending add operation (dn="cn=user,ou=People,dc=example,dc=com" csn=592c10e2000000020000)
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 0
[time_stamp] - DEBUG - NSMMReplicationPlugin - replay_update - agmt="cn=meTo_localhost:39001" (localhost:39001): Consumer successfully sent operation with csn 592c10e2000000020000
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 0
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_adjust_anchorcsn - agmt="cn=meTo_localhost:39001" (localhost:39001) - (cscb 0 - state 1) - csnPrevMax (592c10e2000000020000) csnMax (592c10e2000000020000) csnBuf (592c10e2000000020000) csnConsumerMax (592c10e2000000020000)
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_load_buffer - rc=-30988
[time_stamp] - DEBUG - NSMMReplicationPlugin - send_updates - agmt="cn=meTo_localhost:39001" (localhost:39001): No more updates to send (cl5GetNextOperationToReplay)
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_waitfor_async_results - 0 5
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 0
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 0
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 5
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Result 1, 0, 0, 5, (null)
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain - Read result for message_id 5
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_waitfor_async_results - 5 5
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_result_threadmain exiting
[time_stamp] - DEBUG - agmt="cn=meTo_localhost:39001" (localhost:39001) - clcache_return_buffer - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0
[time_stamp] - DEBUG - NSMMReplicationPlugin - consumer_connection_extension_acquire_exclusive_access - conn=4 op=3 Acquired consumer connection extension
[time_stamp] - DEBUG - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=4 op=3 repl="dc=example,dc=com": Begin incremental protocol
[time_stamp] - DEBUG - csngen_adjust_time - gen state before 592c10e30001:1496060130:0:1
[time_stamp] - DEBUG - csngen_adjust_time - gen state after 592c10e40001:1496060130:1:1
[time_stamp] - DEBUG - NSMMReplicationPlugin - replica_get_exclusive_access - conn=4 op=3 repl="dc=example,dc=com": Acquired replica
[time_stamp] - DEBUG - NSMMReplicationPlugin - release_replica - agmt="cn=meTo_localhost:39001" (localhost:39001): Successfully released consumer
[time_stamp] - DEBUG - NSMMReplicationPlugin - conn_start_linger -agmt="cn=meTo_localhost:39001" (localhost:39001) - Beginning linger on the connection
[time_stamp] - DEBUG - NSMMReplicationPlugin - repl5_inc_run - agmt="cn=meTo_localhost:39001" (localhost:39001): State: sending_updates -> wait_for_changes
[time_stamp] - DEBUG - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=4 op=3 repl="dc=example,dc=com": StartNSDS90ReplicationRequest: response=0 rc=0
[time_stamp] - DEBUG - NSMMReplicationPlugin - consumer_connection_extension_relinquish_exclusive_access - conn=4 op=3 Relinquishing consumer connection extension
[time_stamp] - DEBUG - NSMMReplicationPlugin - consumer_connection_extension_acquire_exclusive_access - conn=4 op=4 Acquired consumer connection extension
[time_stamp] - DEBUG - NSMMReplicationPlugin - replica_relinquish_exclusive_access - conn=4 op=4 repl="dc=example,dc=com": Released replica held by locking_purl=conn=4 id=3
[time_stamp] - DEBUG - NSMMReplicationPlugin - consumer_connection_extension_relinquish_exclusive_access - conn=4 op=4 Relinquishing consumer connection extensionPlug-in (65536)
插件(65536)级别记录了插件的名称,以及插件调用的所有功能。
插件级别日志的格式如下:
[time_stamp] plug-in_name - message [time_stamp] - function - message
返回的信息可以包含数百个行,因为目录服务器会处理每个步骤。确切记录的信息取决于插件本身。在以下示例中,ACL 插件包含连接和操作号:
[time_stamp] - DEBUG - NSACLPlugin - acl_access_allowed - conn=15 op=1 (main): Allow search on entry(cn=replication,cn=config): root user配置文件处理(64)
配置文件处理日志级别会经过服务器使用的每个 .conf 文件,并在服务器启动时打印每一行。您可以使用 64 日志级别来调试服务器常规配置外文件的任何问题。默认情况下,只有 slapd-collations.conf 文件(其中包含国际语言集的配置)可用。
配置文件处理(64)级别)的示例:
[time_stamp] - DEBUG - collation_read_config - Reading config file /etc/dirsrv/slapd-supplier_1/slapd-collations.conf [time_stamp] - DEBUG - collation-plugin - collation_read_config - line 16: collation "" "" "" 1 3 2.16.840.1.113730.3.3.2.0.1 default [time_stamp] - DEBUG - collation-plugin - collation_read_config - line 17: collation ar "" "" 1 3 2.16.840.1.113730.3.3.2.1.1 ar [time_stamp] - DEBUG - collation-plugin - collation_read_config - line 18: collation be "" "" 1 3 2.16.840.1.113730.3.3.2.2.1 be be-BY ...
访问控制列表处理(128)和访问控制摘要(262144)
其他日志级别不包含连接号(conn)和操作号(op)的 ACI 日志记录级别记录信息。访问控制列表处理(128)显示绑定和任何其他操作过程中调用的一系列功能。访问控制摘要(262144)记录插件的名称、用户的绑定 DN、执行或尝试操作以及应用的 ACI。
访问控制概述示例(262144)级别:
[time_stamp] - DEBUG - NSACLPlugin - acllist_init_scan - Failed to find root for base: cn=features,cn=config [time_stamp] - DEBUG - NSACLPlugin - acllist_init_scan - Failed to find root for base: cn=config [time_stamp] - DEBUG - NSACLPlugin - acl_access_allowed - ## conn=6 op=1 binddn="cn=user,ou=people,dc=example,dc=com" [time_stamp] - DEBUG - NSACLPlugin - RESOURCE INFO STARTS [time_stamp] - DEBUG - NSACLPlugin - Client DN: cn=user,ou=people,dc=example,dc=com [time_stamp] - DEBUG - NSACLPlugin - resource type:256(search target_DN ) [time_stamp] - DEBUG - NSACLPlugin - Slapi_Entry DN: cn=features,cn=config [time_stamp] - DEBUG - NSACLPlugin - ATTR: objectClass [time_stamp] - DEBUG - NSACLPlugin - rights:search [time_stamp] - DEBUG - NSACLPlugin - RESOURCE INFO ENDS [time_stamp] - DEBUG - NSACLPlugin - acl__scan_for_acis - Num of ALLOW Handles:0, DENY handles:0 [time_stamp] - DEBUG - NSACLPlugin - print_access_control_summary - conn=6 op=1 (main): Deny search on entry(cn=features,cn=config).attr(objectClass) to cn=user,ou=people,dc=example,dc=com: no aci matched the resource
其他日志记录级别
许多其他日志记录级别具有与插件日志级别类似的输出格式。唯一的区别是在记录的内部操作中。
日志记录级别,如 Heavy trace output (4)、访问控制列表处理(128)、模式解析(2048)和内务(4096)级别,在目录服务器执行不同操作时记录调用的功能。另外,当目录服务器调用这些功能时,错误日志写入。
