Idea ID: 2785427

ndstrace limited logging when high number of requests are happening on the server

Status : Waiting for Votes
Waiting for Votes
See status update history
over 2 years ago
Problem: I had a customer that had a looping on a script that continually queried LDAP over and over relentlessly and as it was poorly written code that didn't escape the loop, eDirectory troubleshooting was limited as the ndstrace would not show what the search base, filter, returned attributes, etc lines in the trace. We only saw minimal connection and return data.

My assumption is that when a server reaches a certain threshhold of requests, the logging automatically turns down on the file and screen.

Request: Allow for a set limited of time to capture the fine details of the trace events. So allow for a minute of logging to a file if a given flag is set, after the minute the flag resets itself...

Note, All trace options were turned on. Once the issue was fixed and the threshold dimminished on the server all of the trace lines now show up so we can see the fine details. We knew what server it was coming from, but had no idea what on the server could be causing it. It ended up being a workflow that had a stuck javascript that was looping.

How did we troubleshoot it and find the issue: We had to take a tcpdump and import the private cert and then do a decode on the TLS LDAP data to be able to see the search. This is great but cumbersome and a security risk. Nobody should have to export their private key when the tools are already available on the server. There were 12 cores on the user's eDir box and so CPU and Memory were sufficient.