Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Sun DS format #37

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Add Sun DS format #37

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ca5c8ac
Add sunds option and match connections in logs
coudot Feb 18, 2025
7aeca15
Parse BIND
coudot Feb 18, 2025
7eed47a
Parse SRCH
coudot Feb 18, 2025
79acccd
Parse UNBIND
coudot Feb 18, 2025
b1c4893
Check failed binds
coudot Feb 18, 2025
a9d4166
Count searches and write operations
coudot Feb 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 95 additions & 17 deletions ldap-stats.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,13 @@
# Author: LDAP Tool Box project
# Author: David Coutadeur <[email protected]>
#
# Current Version: 8
# Current Version: 9
#
# Revision History:
#
# Version 9
# - add option --sunds to parse Sun DS logs (#36)
#
# Version 8
# - add option --log24 for old openldap log format (logs without qtime/etime) (#35)
# - Display n longer requests in ldap-stats.pl (qtime/etime) (#31)
Expand Down Expand Up @@ -172,7 +175,8 @@ sub usage {
. " -s Split attributes found used in searches\n"
. " -D Use RFC5424 date format\n"
. " --log24 Use OpenLDAP 2.4 log format (no qtime/etime)\n"
. " --log26 Use OpenLDAP 2.6 log format\n";
. " --log26 Use OpenLDAP 2.6 log format\n"
. " --sunds Use Sun DS log format\n";
return;
}

Expand Down Expand Up @@ -207,6 +211,9 @@ sub usage {
# Use OpenLDAP 2.6 log format
my $log26 = 0;

# Use SunDS log format
my $sunds = 0;

# Maximum number of greater qtimes to display
my $max_qtimes = 10;

Expand All @@ -230,6 +237,7 @@ sub usage {
'split|s' => \$splitattrs,
'log24' => \$log24,
'log26' => \$log26,
'sunds' => \$sunds,
);

### print a nice usage message
Expand Down Expand Up @@ -507,14 +515,21 @@ sub storeOp
my ( $month, $day, $hour ) = getTimeComponents($line);

### Check for a new connection
if ( $line =~
/conn=(\d+) [ ] fd=\d+ [ ] (?:ACCEPT|connection) [ ] from/mx
)
if (
( $sunds and $line =~
/conn=(\d+) op=[-]?\d+ msgId=[-]?\d+ - fd=\d+ slot=\d+ LDAP connection from/m
)
or $line =~
/conn=(\d+) [ ] fd=\d+ [ ] (?:ACCEPT|connection) [ ] from/mx
)
{
my $conn = $1;
my $host;

if ( $line =~ /IP=(\d+\.\d+\.\d+\.\d+):/mx ) {
if ( $sunds and $line =~ /from (\d+\.\d+\.\d+\.\d+)/m ) {
$host = $1;
}
elsif ( $line =~ /IP=(\d+\.\d+\.\d+\.\d+):/mx ) {
$host = $1;
}
elsif ( $line =~ /PATH=(\S+)/mx ) {
Expand Down Expand Up @@ -612,9 +627,13 @@ sub storeOp

### Check for anonymous binds
}
elsif ( $line =~
/conn=(\d+) [ ] op=(\d+) [ ] BIND [ ] dn="" [ ] method=128/mx
)
elsif (
(
$sunds and $line =~ /conn=(\d+) op=(\d+) msgId=\d+ - BIND dn="" method=128/m
)
or $line =~
/conn=(\d+) [ ] op=(\d+) [ ] BIND [ ] dn="" [ ] method=128/mx
)
{
my $conn = $1;
storeOp("$1,$2","$line");
Expand All @@ -635,9 +654,11 @@ sub storeOp

### Check for non-anonymous binds
}
elsif ( $line =~
/conn=(\d+) [ ] op=(\d+) [ ] BIND [ ] dn="([^"]+)" [ ] mech=/mx
)
elsif (
($sunds and $line =~ /conn=(\d+) op=(\d+) msgId=\d+ - BIND dn="([^"]+)" method=/m )
or $line =~
/conn=(\d+) [ ] op=(\d+) [ ] BIND [ ] dn="([^"]+)" [ ] mech=/mx
)
{
my $conn = $1;
storeOp("$1,$2","$line");
Expand All @@ -659,10 +680,13 @@ sub storeOp

### Check the search base
}
elsif ( $line =~
/\bconn=(\d+) [ ] op=(\d+) [ ] SRCH [ ] base="([^"]*?)" [ ] .*filter="([^"]*?)"/mx
)
elsif (
($sunds and $line =~ /conn=(\d+) op=(\d+) msgId=\d+ - SRCH base="([^"]*?)" scope=\d filter="([^"]*?)" attrs=(.+)/m )
or $line =~
/\bconn=(\d+) [ ] op=(\d+) [ ] SRCH [ ] base="([^"]*?)" [ ] .*filter="([^"]*?)"/mx
)
{
my $conn = $1;
my $base = lc $3;
storeOp("$1,$2","$line");
my $filter = $4;
Expand All @@ -676,6 +700,30 @@ sub storeOp
$filters{$filter}++;
}

if ($sunds) {
my $attrs = lc $5;
$attrs =~ s/^"//;
$attrs =~ s/"$//;
if ($splitattrs) {
for my $attr ( split q{ }, $attrs ) {
$searchattributes{$attr}++;
}
}
else {
$searchattributes{$attrs}++;
}
### Increment the counters
if ( defined $conns{$conn}
&& defined $hosts{ $conns{$conn} } )
{
$hosts{ $conns{$conn} }{SRCH}++;
$hours{$hour}{SRCH}++;
$days{$day}{SRCH}++;
$months{$month}{SRCH}++;
$stats{TOTAL_SRCH}++;
}
}

### Check for search attributes
}
elsif ( $line =~ /\bconn=(\d+) [ ] op=(\d+) [ ] SRCH [ ] attr=(.+)/mx ) {
Expand Down Expand Up @@ -742,7 +790,8 @@ sub storeOp
### Check for unbinds
}
elsif (
$line =~ /conn=(\d+) [ ] op=(\d+) [ ] UNBIND/mx )
( $sunds and $line =~ /conn=(\d+) op=(\d+) msgId=\d+ - UNBIND/m)
or $line =~ /conn=(\d+) [ ] op=(\d+) [ ] UNBIND/mx )
{
my $conn = $1;
storeOp("$1,$2","$line");
Expand Down Expand Up @@ -811,9 +860,38 @@ sub storeOp
}
}

### Check the result of the last operation (log format SUNDS)
### TODO: Add other err=X values from contrib/ldapc++/src/LDAPResult.h
}
elsif ( $sunds and $line =~
/conn=(\d+) op=(\d+) msgId=\d+ - RESULT err=\d+ tag=\d+ nentries=\d+ etime=([\d.]+)/m
)
{
my $conn = $1;
my $op = $2;
storeOp("$1,$2","$line");
my $etime = $3;
$etime =~ tr/\.//d; # remove . => microsecond format
$etimes{"$conn,$op"} = $etime;

if ( $line =~ /\berr=49\b/mx ) {
### Increment the counters
if ( defined $conns{$conn}
&& defined $hosts{ $conns{$conn} } )
{
$hosts{ $conns{$conn} }{AUTHFAILURES}++;
$hours{$hour}{AUTHFAILURES}++;
$days{$day}{AUTHFAILURES}++;
$months{$month}{AUTHFAILURES}++;
$stats{TOTAL_AUTHFAILURES}++;
}
}

### Check for entry changes: add, modify modrdn, delete
}
elsif ( $line =~
elsif (
($sunds and $line =~ /conn=(\d+) op=(\d+) msgId=\d+ - (ADD|CMP|MOD|MODRDN|DEL)/m )
or $line =~
/conn=(\d+) [ ] op=(\d+) [ ] (ADD|CMP|MOD|MODRDN|DEL) [ ] dn=/mx
)
{
Expand Down