- October 13, 2012
-
Daniel Paluszek
- 2 min
WHY YOU NO HAVE HAVE LOGGING???
This was my first thought after realizing there was no way to edit the AFP activity logging level of Lion Server through the GUI. I was in the process of troubleshooting a connectivity issue but found nothing to increase the level from the default which is set to NO LOGGING. Why, Apple, are you disabling a key feature of a server? Are you so sure your coding works that parsing logs to check activity is unnecessary? Guaranteed to work; every time? With all machines of every variety in every possible situation?
Sorry for the rant, but that’s 15 minutes gone forever spent combing every menu looking for where to enable said missing logs. You could do it in Snow Leopard, I mean come on. But hey, more Terminal Time! Anyway you can tinker with this, amongst other settings, by using the serveradmin command. Check these out:
First let’s turn this bad boy on:
serveradmin settings afp:activityLog = yes
Note the above command turns on all logs. You may only want certain ones on. Play with these:
serveradmin settings afp:loggingAttributes:logOpenFork = no
serveradmin settings afp:loggingAttributes:logCreateDir = no
serveradmin settings afp:loggingAttributes:logLogin = no
serveradmin settings afp:loggingAttributes:logLogout = no
serveradmin settings afp:loggingAttributes:logDelete = no
serveradmin settings afp:loggingAttributes:logCreateFile = no
Use this to set the activity log and error log rollover times:
serveradmin settings afp:errorLogTime = [number of days]
serveradmin settings afp:activityLogTime = [number of days]
With the commands below you can enable and tweak ability to have users logged off should their connection stay idle too long.
serveradmin settings afp:idleDisconnectOnOff = yes
serveradmin settings afp:idleDisconnectMsg = "Wake up and get back to work!"
serveradmin settings afp:idleDisconnectTime = [number of hours]
To globally disable guest access to increase security:
serveradmin settings afp:guestAccess = no
You can also allow the root user to log into afp with this (if root user is enabled):
serveradmin settings afp:allowRootLogin = yes
There are many, many more uses for this. I’ve only listed the basic admin stuff here. You’ll probably find yourself just needing to turn on the AFP logging. Note that IP addresses are still used to identify clients in these logs. Run man serveradmin to get some more info.
