Modify ldap accesslog Purge Duration

KB 24342	Last updated on 2021-08-18	Last updated by Navdeep Mathur	0.00 (0 votes)	Verified in: ZCS 8.7 ZCS 8.8 ZCS 9.0
- This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.

KB 24342	Last updated on 2021-08-18
0.00 (0 votes)
- This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.

How to modify ldap accesslog purge duration

olcAccessLogPurge attribute is required to modify. In this attribute specifies the maximum age for log entries to be retained in the database, and how often to scan the database for old entries.

This attribute exist in "/opt/zimbra/data/ldap/config/cn\=config/olcDatabase\=\{3\}mdb/olcOverlay\=\{1\}accesslog.ldif" file on ldap master.

Explanation

Default value in zimbra of olcAccessLogPurge attribute is "01+00:00 00+04:00"

This means log database should be scanned every four hours for old entries, and entries older than one day should be deleted. Both the age and interval are specified as a time span in days, hours, minutes, and seconds.

The format of olcAccessLogPurge is [ddd+]hh:mm[:ss] i.e., the days and seconds components are optional, but hours and minutes are required.

So "01+00:00" is age and "00+04:00" is interval.

Procedure to modify attribute

• To modify ldap config, it is mandatory to have a ldap config backup. To export ldap configuration database:

/opt/zimbra/libexec/zmslapcat -c /tmp

• For example, requirement is to accesslog database should be scanned every two hours for old entries, and entries older than four hours should be deleted.

su - zimbra

ldapmodify -x -H ldapi:/// -D cn=config -w `zmlocalconfig -s -m nokey ldap_root_password` <<EOF
dn: olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config
changetype:modify
replace: olcAccessLogPurge
olcAccessLogPurge: 00+04:00 00+02:00
EOF

• Restart LDAP

ldap restart