[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Need help unpicking stats logging

To: "Philip Colmer" <philip.colmer@linaro.org>, <openldap-technical@openldap.org>
Subject: Antw: Need help unpicking stats logging
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Fri, 01 Apr 2016 13:59:07 +0200
Content-disposition: inline
In-reply-to: <CAKTSSTgD6zqMBmCckfWEcZFCK1KbtixkWkq-aLRB67pY8oe1rw@mail.gmail.com>
References: <CAKTSSTgD6zqMBmCckfWEcZFCK1KbtixkWkq-aLRB67pY8oe1rw@mail.gmail.com>

>>> Philip Colmer <philip.colmer@linaro.org> schrieb am 01.04.2016 um 12:45 in
Nachricht
<CAKTSSTgD6zqMBmCckfWEcZFCK1KbtixkWkq-aLRB67pY8oe1rw@mail.gmail.com>:
> I've currently got stats logging turned on while I try to troubleshoot
> an application and I've noticed some rather strange searches going on.
> Strange in that the searches are for very high uidNumber values or for
> uid values that don't exist ... suggesting that someone might be
> trying to grab data from our server.
> 
> What I'm struggling with is trying to figure out from the logs (a) the
> IP address that these queries are coming from and/or (b) the
> authenticated account being used (even if anonymous).
> 
> For example, if I have a log line like this:
> 
> conn=1928683 op=24 SRCH base="ou=accounts,dc=linaro,dc=org" scope=2
> deref=0 
> filter="(&(uid=tftp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))
> ))"
> 
> is there anything I can do with the conn or op values to connect that
> particular search query to an earlier logged BIND log entry?

I guess "conn=1928683" is the primary key for a connection on this run of slapd ;-)

> 
> Or is there a different/better way for me to try and get the
> information I'm after?
> 
> Thanks.
> 
> Philip

References:
- Need help unpicking stats logging
  - From: Philip Colmer <philip.colmer@linaro.org>

Prev by Date: Re: Need help unpicking stats logging
Next by Date: Re: Making a full replica: slapd -c "rid=xxx" doesn't seem to work
Index(es):
- Chronological
- Thread