{{tag>[centos7 linux ldap openldap security audit log]}}
 
=====CentOS 7 - OpenLDAP 2.4 audit log=====
Configure the steps below on the provider (master) or servers where changes to the directory can be made. Audit logging will be saved as LDIF format.

====Configure the audit module====
  * Load the module:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap/
olcModuleLoad: auditlog.la
EOF</code>
  * Create log directory:<code>mkdir -p /var/log/slapd
chmod 755 /var/log/slapd/
chown ldap. /var/log/slapd/</code>
  * Add overlay:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
dn: olcOverlay=auditlog,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAuditLogConfig
olcOverlay: auditlog
olcAuditlogFile: /var/log/slapd/auditlog.log
EOF</code>
====Configure log rotate====
  * Configure log rotate, create the following file /etc/logrotate.d/slapd-audit:<code># vim /etc/logrotate.d/slapd-audit
/var/log/slapd/auditlog.log {
    notifempty
    missingok
    monthly
    rotate 3
    compress
    copytruncate
}</code>
  * Test log rotation:<code>logrotate --force /etc/logrotate.d/slapd-audit</code>