Name

dsconfig create-access-log-filtering-criteria — Creates Access Log Filtering Criteria

Synopsis

dsconfig create-access-log-filtering-criteria {options}

Options

The dsconfig create-access-log-filtering-criteria command takes the following options:

--publisher-name {name}

The name of the Access Log Publisher.

--criteria-name {name}

The name of the new Access Log Filtering Criteria.

Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following Access Log Filtering Criteria types:

access-log-filtering-criteria

Default {name}: Access Log Filtering Criteria

Enabled by default: false

See the section called “Access Log Filtering Criteria” for the properties of this Access Log Filtering Criteria type.

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the --criteria-name {name} option.

Access Log Filtering Criteria

Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties:

connection-client-address-equal-to
Description

Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

None

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

connection-client-address-not-equal-to
Description

Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

None

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

connection-port-equal-to
Description

Filters log records associated with connections to any of the specified listener port numbers.

Default Value

None

Allowed Values

An integer value. Lower value is 1. Upper value is 65535.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

connection-protocol-equal-to
Description

Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx".

Default Value

None

Allowed Values

The protocol name as reported in the access log.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

log-record-type
Description

Filters log records based on their type.

Default Value

None

Allowed Values
abandon

Abandon operations

add

Add operations

bind

Bind operations

compare

Compare operations

connect

Client connections

delete

Delete operations

disconnect

Client disconnections

extended

Extended operations

modify

Modify operations

rename

Rename operations

search

Search operations

unbind

Unbind operations

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

request-target-dn-equal-to
Description

Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

request-target-dn-not-equal-to
Description

Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

response-etime-greater-than
Description

Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

response-etime-less-than
Description

Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

response-result-code-equal-to
Description

Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

response-result-code-not-equal-to
Description

Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

search-response-is-indexed
Description

Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

search-response-nentries-greater-than
Description

Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

search-response-nentries-less-than
Description

Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

user-dn-equal-to
Description

Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

user-dn-not-equal-to
Description

Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

user-is-member-of
Description

Filters log records associated with users which are members of at least one of the specified groups.

Default Value

None

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

user-is-not-member-of
Description

Filters log records associated with users which are not members of any of the specified groups.

Default Value

None

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No