EngageOne™

 View Only

EngageOne Server security internal log growing? Here's why and how to fix it

  • 1.  EngageOne Server security internal log growing? Here's why and how to fix it

    Employee
    Posted 01-17-2020 07:08
    Edited by Andrzej Heller 01-20-2020 03:18
    You may have noticed that the content of folder <security bundle installation directory>\conf\OpenAM\opends\changelogDb grows quickly.
    If you have seen this, you will also have noticed that it is consuming disk space on all the machines where security bundle is installed.

    This is a known issue which may affect all clustered installations of EO 4.4.x.

    Explanation for that is pretty simple: default configuration of OpenDJ (which is embedded in each instance of our OpenAM) causes the server is running with change number indexer enabled. Changelogs are not purged, as it is possible there could be external clients that search change logs based on change numbers. As any such applications are present in our solution.

    The setting responsible for uncontrolled growth of changelogs can be easily disabled. Doing it will allow OpenDJ to automatically purge its changelogs, reducing the size of folder <security bundle installation directory>\conf\OpenAM\opends\changelogDb and potentially free up a lot of disk space on all the servers where security bundle is installed.

    Use this simple command to disable change number indexer:


    For Linux:
    dsconfig set-replication-server-prop \
    --provider-name Multimaster\ Synchronization \
    --set compute-change-number:false \
    --hostname <hostname> \
    --port 4444 \
    --bindDn cn=Directory\ Manager \
    --trustAll \
    --bindPassword <password> \
    --no-prompt

    On Windows:
    dsconfig set-replication-server-prop --provider-name "Multimaster Synchronization" --set compute-change-number:false --hostname <hostname> --port 4444 --bindDn "cn=Directory Manager" --trustAll --bindPassword <password> --no-prompt


    Before executing the command, navigate to either:
    <security bundle installation directory>/conf/OpenAM/opends/bin (for Linux installations) or
    <security bundle installation directory>\conf\OpenAM\opends\bat (for Windows environments)

    Both <hostname> and <password> have to be replaced with values that are appropriate for the environment you're about to modify.
    As --no-prompt flag is provided, no prompts or any other messages are expected to appear on the console.

    It is essential to remember that the command has to be executed on all the nodes where security bundle is installed (primary and all the replicas).
    If the command is completed successfully, size of folder <security bundle installation directory>\conf\OpenAM\opends\changelogDb should be significantly reduced and the change should be visible pretty quickly.


    Finally, it is necessary to execute the command again if either security bundle is re-configured or the whole environment is upgraded to newer version of EO Compose (as each of those two operations restores default values).

    ------------------------------
    Andrzej Heller
    Knowledge Community Shared Account
    Shelton CT
    ------------------------------