cancel
Showing results for 
Search instead for 
Did you mean: 

Use of soft links for Logs directory

Highlighted
UnboundID idmquig
UnboundID
0 Kudos

Use of soft links for Logs directory

Are there any known issues with utilizing a soft link for the Logs directory to relocate all log files to a different partition?

1 REPLY
UnboundID ArnoL
UnboundID
0 Kudos

Re: Use of soft links for Logs directory

I think generally you are better off changing the log publisher configuration to reflect the new location of where each publisher should persist its log data. It's better in term of configuration management visibility because it allows you to fold this duty into your main infrastructure git repo and more importantly it makes it more difficult for a malicious user to surreptitiously relocate logs from under an instance.

 

Via dsconfig

dsconfig set-log-publisher-prop --publisher-name "File-Based Access Logger" --set enabled:false --set log-file:/splunk/ping/directory/node0/access
dsconfig set-log-publisher-prop --publisher-name "File-Based Access Logger" --set enabled:true

Via configuration API:

Path: /log-publishers/File-Based%20Access%20Logger
Method: PATCH
Body:
{
"schemas" : [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
"Operations" : [ {
"op" : "replace",
"path" : "enabled",
"value" : "false"
}, {
"op" : "replace",
"path" : "log-file",
"value" : "/splunk/ping/directory/node0/access"
} ]
}
Path: /log-publishers/File-Based%20Access%20Logger
Method: PATCH
Body:
{
"schemas" : [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
"Operations" : [ {
"op" : "replace",
"path" : "enabled",
"value" : "true"
}
}