Main Nav

Kind beings, I am seeking any software people have to recommend for LDAP Log Analysis against 389/Fedora/Redhat/SunOne/iPlanet/Netscape directory server. I know years ago Brendan wrote something but it doesn't appear to be available any longer. I am wanting to know who are the top users of the directory, the operations they are performing, attributes requested and any other useful data. For monitoring, we are going with CN=Monitor - nice little web tool but getting top-talkers and the like doesn't seem to be readily available. Of course, my google foo ain't so good. Many thanks in advance! /mrg

Comments

Have you tried logconv, bundled with SunOne/Oracle? http://docs.oracle.com/cd/E19424-01/820-4813/logconv-1/index.html http://docs.oracle.com/cd/E19424-01/820-4814/geicv/index.html I may have a copy of Brendan's LOOK tool saved somewhere. I'll do some digging. Regards, Todd Piket todd.piket@so.mnscu.edu "It is amazing what you can accomplish if you do not care who gets the credit." -- Harry Truman
Michael,

I would recommend Splunk (http://www.splunk.com). I send all of my OpenLDAP logs (5 production servers) as well as a script that pulls the cn=monitor information for each server. With a few simple searches and a dashboard, I have a complete picture of activity within my servers (including uptime, avg processor usage, busiest users, versions, etc). For using SunOne, your searches may be different then mine, but it will work. I also threw in the audit logs for safe keeping. Splunk can get expensive, but is free up to 500MB a day.

Kyle Smith
Systems Engineer - Directory Services
York College of Pennsylvania
717-815-1981



The SUN LDAP comes with a very nice utility logconv which analyzes the access logs for such information. It lives in the dsrk directory of the installed tree. Keith Hersh (khersh@suffolk.edu) Identity Management programmer/analyst 617-570-4872
Here is the tool I believe Michael was thinking of: http://middleware.internet2.edu/dir/look/ Cheers- Steve
Ah, thanks Steve O. That saves me some digging and gives me a new bookmark. Also, I highly recommend Splunk as well, for anything that produces logs in fact. Regards, Todd Piket todd.piket@so.mnscu.edu "It is amazing what you can accomplish if you do not care who gets the credit." -- Harry Truman
You should check out logconv.pl - it's included in the 389-ds-base RPM and was originally provided in Sun's LDAP Resource Kit.  The version included with 389 works with Sun DS up to atleast version 6.3 - no idea if newer versions have changed their log format, though.  A quick search found that Oracle lists a man page for logconv ( http://docs.oracle.com/cd/E20295_01/html/821-1224/logconv-1.html ) so it looks like it comes with the directory server now.

-Eric   

I tend to use a perl script on my openldap servers:
#!/bin/sh
# look at common issues in the ldap log
# top talkers and index candidates
# toptalk1.sh looks at the previous week's log: /var/log/openldap/ldap.1
cd /root
grep -o "ACCEPT from .*" /var/log/messages.1 | cut -d " " -f 3 | cut -d ":" -f 1 >address.txt
sort address.txt | uniq -c | sort -n >address.count
wc -l address.count
tail -15 address.count
grep -o "<= bdb_.*" /var/log/messages.1 | cut -d " " -f 2,3 >index.txt
sort index.txt | uniq -c | sort -n >index.count
cat index.count

But you might take a look at Sawmill, http://www.sawmill.net/features.html. I used that a while back for web and firewall logs.

Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.