Main Nav

Kind beings, I am seeking any software people have to recommend for LDAP Log Analysis against 389/Fedora/Redhat/SunOne/iPlanet/Netscape directory server. I know years ago Brendan wrote something but it doesn't appear to be available any longer. I am wanting to know who are the top users of the directory, the operations they are performing, attributes requested and any other useful data. For monitoring, we are going with CN=Monitor - nice little web tool but getting top-talkers and the like doesn't seem to be readily available. Of course, my google foo ain't so good. Many thanks in advance! /mrg

Comments

Have you tried logconv, bundled with SunOne/Oracle? http://docs.oracle.com/cd/E19424-01/820-4813/logconv-1/index.html http://docs.oracle.com/cd/E19424-01/820-4814/geicv/index.html I may have a copy of Brendan's LOOK tool saved somewhere. I'll do some digging. Regards, Todd Piket todd.piket@so.mnscu.edu "It is amazing what you can accomplish if you do not care who gets the credit." -- Harry Truman
Michael,

I would recommend Splunk (http://www.splunk.com). I send all of my OpenLDAP logs (5 production servers) as well as a script that pulls the cn=monitor information for each server. With a few simple searches and a dashboard, I have a complete picture of activity within my servers (including uptime, avg processor usage, busiest users, versions, etc). For using SunOne, your searches may be different then mine, but it will work. I also threw in the audit logs for safe keeping. Splunk can get expensive, but is free up to 500MB a day.

Kyle Smith
Systems Engineer - Directory Services
York College of Pennsylvania
717-815-1981



The SUN LDAP comes with a very nice utility logconv which analyzes the access logs for such information. It lives in the dsrk directory of the installed tree. Keith Hersh (khersh@suffolk.edu) Identity Management programmer/analyst 617-570-4872
Here is the tool I believe Michael was thinking of: http://middleware.internet2.edu/dir/look/ Cheers- Steve
Ah, thanks Steve O. That saves me some digging and gives me a new bookmark. Also, I highly recommend Splunk as well, for anything that produces logs in fact. Regards, Todd Piket todd.piket@so.mnscu.edu "It is amazing what you can accomplish if you do not care who gets the credit." -- Harry Truman
You should check out logconv.pl - it's included in the 389-ds-base RPM and was originally provided in Sun's LDAP Resource Kit.  The version included with 389 works with Sun DS up to atleast version 6.3 - no idea if newer versions have changed their log format, though.  A quick search found that Oracle lists a man page for logconv ( http://docs.oracle.com/cd/E20295_01/html/821-1224/logconv-1.html ) so it looks like it comes with the directory server now.

-Eric   

I tend to use a perl script on my openldap servers:
#!/bin/sh
# look at common issues in the ldap log
# top talkers and index candidates
# toptalk1.sh looks at the previous week's log: /var/log/openldap/ldap.1
cd /root
grep -o "ACCEPT from .*" /var/log/messages.1 | cut -d " " -f 3 | cut -d ":" -f 1 >address.txt
sort address.txt | uniq -c | sort -n >address.count
wc -l address.count
tail -15 address.count
grep -o "<= bdb_.*" /var/log/messages.1 | cut -d " " -f 2,3 >index.txt
sort index.txt | uniq -c | sort -n >index.count
cat index.count

But you might take a look at Sawmill, http://www.sawmill.net/features.html. I used that a while back for web and firewall logs.