Main Nav

Kind beings, I am seeking any software people have to recommend for LDAP Log Analysis against 389/Fedora/Redhat/SunOne/iPlanet/Netscape directory server. I know years ago Brendan wrote something but it doesn't appear to be available any longer. I am wanting to know who are the top users of the directory, the operations they are performing, attributes requested and any other useful data. For monitoring, we are going with CN=Monitor - nice little web tool but getting top-talkers and the like doesn't seem to be readily available. Of course, my google foo ain't so good. Many thanks in advance! /mrg


Have you tried logconv, bundled with SunOne/Oracle? I may have a copy of Brendan's LOOK tool saved somewhere. I'll do some digging. Regards, Todd Piket "It is amazing what you can accomplish if you do not care who gets the credit." -- Harry Truman

I would recommend Splunk ( I send all of my OpenLDAP logs (5 production servers) as well as a script that pulls the cn=monitor information for each server. With a few simple searches and a dashboard, I have a complete picture of activity within my servers (including uptime, avg processor usage, busiest users, versions, etc). For using SunOne, your searches may be different then mine, but it will work. I also threw in the audit logs for safe keeping. Splunk can get expensive, but is free up to 500MB a day.

Kyle Smith
Systems Engineer - Directory Services
York College of Pennsylvania

The SUN LDAP comes with a very nice utility logconv which analyzes the access logs for such information. It lives in the dsrk directory of the installed tree. Keith Hersh ( Identity Management programmer/analyst 617-570-4872
Here is the tool I believe Michael was thinking of: Cheers- Steve
Ah, thanks Steve O. That saves me some digging and gives me a new bookmark. Also, I highly recommend Splunk as well, for anything that produces logs in fact. Regards, Todd Piket "It is amazing what you can accomplish if you do not care who gets the credit." -- Harry Truman
You should check out - it's included in the 389-ds-base RPM and was originally provided in Sun's LDAP Resource Kit.  The version included with 389 works with Sun DS up to atleast version 6.3 - no idea if newer versions have changed their log format, though.  A quick search found that Oracle lists a man page for logconv ( ) so it looks like it comes with the directory server now.


I tend to use a perl script on my openldap servers:
# look at common issues in the ldap log
# top talkers and index candidates
# looks at the previous week's log: /var/log/openldap/ldap.1
cd /root
grep -o "ACCEPT from .*" /var/log/messages.1 | cut -d " " -f 3 | cut -d ":" -f 1 >address.txt
sort address.txt | uniq -c | sort -n >address.count
wc -l address.count
tail -15 address.count
grep -o "<= bdb_.*" /var/log/messages.1 | cut -d " " -f 2,3 >index.txt
sort index.txt | uniq -c | sort -n >index.count
cat index.count

But you might take a look at Sawmill, I used that a while back for web and firewall logs.