yo/openldap-log-parser
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

v0.6.14 : Add meta_back_error support

Browse Source
This commit is contained in:
yo
2026-06-12 17:11:38 +02:00
parent 5055a0cb96
commit 072a3df46c
2 changed files with 100 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
openldap-log-parser.go
+18 -1
View File
@@ -47,10 +47,12 @@ const (
AddDnRE = `(?:ADD dn="(.*)")?` AddDnRE = `(?:ADD dn="(.*)")?`
// group[42] // group[42]
DelDnRE = `(?:DEL dn="(.*)")?` DelDnRE = `(?:DEL dn="(.*)")?`
// group[43], 44, 45, 46
MetaBackOpErrorRE = `(?:meta_back_search\[([0-9]+)\] match="(.*)" err=([0-9]+) \(Operations error\) text="([^\"]*)")?`
LogLineRE = SyslogPri + TimeRE + ` ` + HostRE + ` ` + ProcessRE + ` ` + ConnIdRE + ` ` + ConnFdRE + OperationIdRE + ` ` + LogLineRE = SyslogPri + TimeRE + ` ` + HostRE + ` ` + ProcessRE + ` ` + ConnIdRE + ` ` + ConnFdRE + OperationIdRE + ` ` +
AcceptRE + STARTTLSRE + BindMethodRE + BindMechRE + ResultRE + SearchBaseRE + SearchAttrRE + SearchResultRE + ModDnRE + ModAttrRE + AcceptRE + STARTTLSRE + BindMethodRE + BindMechRE + ResultRE + SearchBaseRE + SearchAttrRE + SearchResultRE + ModDnRE + ModAttrRE +
PassModRE + UnbindRE + ConnClosedRE + AddDnRE + DelDnRE PassModRE + UnbindRE + ConnClosedRE + AddDnRE + DelDnRE + MetaBackOpErrorRE
) )
type ( type (
@@ -100,6 +102,10 @@ type (
SearchResETime string `json:"search_res_etime"` SearchResETime string `json:"search_res_etime"`
SearchResNEntries int `json:"search_res_nentries"` SearchResNEntries int `json:"search_res_nentries"`
SearchResText string `json:"search_res_text"` SearchResText string `json:"search_res_text"`
ErrorBackend int `json:"err_backend"`
ErrorMatch string `json:"err_match"`
ErrorErr int `json:"err_error"`
ErrorText string `json:"err_text"`
} }
) )
@@ -151,6 +157,11 @@ func (o *OpenldapLog) Parse(text []byte) (LogFormat, error) {
serr,_ := strconv.Atoi(string(group[31])) serr,_ := strconv.Atoi(string(group[31]))
srentries, _ := strconv.Atoi(string(group[34])) srentries, _ := strconv.Atoi(string(group[34]))
// 0 even if no error, so don't use this for error testing
backend, _ := strconv.Atoi(string(group[43]))
// 0 if no error, so use this instead
backerr, _ := strconv.Atoi(string(group[45]))
logFormat := LogFormat{ logFormat := LogFormat{
Time: &t, Time: &t,
Hostname: string(group[2]), Hostname: string(group[2]),
@@ -192,6 +203,10 @@ func (o *OpenldapLog) Parse(text []byte) (LogFormat, error) {
PassModDN: string(group[38]), PassModDN: string(group[38]),
AddDN: string(group[41]), AddDN: string(group[41]),
DelDN: string(group[42]), DelDN: string(group[42]),
ErrorBackend: backend,
ErrorMatch: string(group[44]),
ErrorErr: backerr,
ErrorText: string(group[46]),
} }
// Now handle Operation Type // Now handle Operation Type
@@ -215,6 +230,8 @@ func (o *OpenldapLog) Parse(text []byte) (LogFormat, error) {
logFormat.OpType = "add" logFormat.OpType = "add"
} else if len(group[42]) > 0 { } else if len(group[42]) > 0 {
logFormat.OpType = "del" logFormat.OpType = "del"
} else if logFormat.ErrorErr != 0 {
logFormat.OpType = "error"
} }
return logFormat, nil return logFormat, nil
openldap-log-parser/cmd/root.go
+74 -1
View File
@@ -80,6 +80,10 @@ type (
SearchResETime string `json:"search_res_etime,omitempty"` SearchResETime string `json:"search_res_etime,omitempty"`
SearchResNEntries *int `json:"search_res_nentries,omitempty"` SearchResNEntries *int `json:"search_res_nentries,omitempty"`
SearchResText string `json:"search_res_text,omitempty"` SearchResText string `json:"search_res_text,omitempty"`
ErrorBackend *int `json:"err_backend,omitempty"`
ErrorMatch string `json:"err_match,omitempty"`
ErrorErr *int `json:"err_error,omitempty"`
ErrorText string `json:"err_text,omitempty"`
} }
OpenLdapConnectionFlat struct { OpenLdapConnectionFlat struct {
@@ -122,6 +126,10 @@ type (
SearchResETime string `json:"search_res_etime,omitempty"` SearchResETime string `json:"search_res_etime,omitempty"`
SearchResNEntries *int `json:"search_res_nentries,omitempty"` SearchResNEntries *int `json:"search_res_nentries,omitempty"`
SearchResText string `json:"search_res_text,omitempty"` SearchResText string `json:"search_res_text,omitempty"`
ErrorBackend *int `json:"err_backend,omitempty"`
ErrorMatch string `json:"err_match,omitempty"`
ErrorErr *int `json:"err_error,omitempty"`
ErrorText string `json:"err_text,omitempty"`
} }
) )
@@ -129,7 +137,7 @@ var (
File os.File File os.File
Writer *bufio.Writer Writer *bufio.Writer
Version = "0.6.13" Version = "0.6.14"
BuildInfo = promauto.NewGaugeVec(prometheus.GaugeOpts{ BuildInfo = promauto.NewGaugeVec(prometheus.GaugeOpts{
Name: "openldaplogparser_build_info", Name: "openldaplogparser_build_info",
@@ -195,6 +203,10 @@ var (
Name: "openldaplogparser_starttlscount", Name: "openldaplogparser_starttlscount",
Help: "Number of STARTTLS commands executed", Help: "Number of STARTTLS commands executed",
}, []string{"host"}) }, []string{"host"})
ErrorCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_error_count",
Help: "Number of errors",
}, []string{"host","type"})
rootCmd = &cobra.Command{ rootCmd = &cobra.Command{
Use: "openldap-log-parser", Use: "openldap-log-parser",
@@ -309,6 +321,11 @@ func OlcToFlat(olc *OpenLdapConnection) []OpenLdapConnectionFlat {
olcf[i].ResQTime = olc.Operations[i].ResQTime olcf[i].ResQTime = olc.Operations[i].ResQTime
olcf[i].ResETime = olc.Operations[i].ResETime olcf[i].ResETime = olc.Operations[i].ResETime
olcf[i].ResText = olc.Operations[i].ResText olcf[i].ResText = olc.Operations[i].ResText
case "error":
olcf[i].ErrorBackend = olc.Operations[i].ErrorBackend
olcf[i].ErrorMatch = olc.Operations[i].ErrorMatch
olcf[i].ErrorErr = olc.Operations[i].ErrorErr
olcf[i].ErrorText = olc.Operations[i].ErrorText
} }
} }
@@ -910,10 +927,66 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
} }
// Then remove operation from OpenLDAPConnection so it wont output again // Then remove operation from OpenLDAPConnection so it wont output again
olc.Operations = olc.Operations[:len(olc.Operations)-1] olc.Operations = olc.Operations[:len(olc.Operations)-1]
}
UnbindCnt.WithLabelValues(olc.Hostname).Inc() UnbindCnt.WithLabelValues(olc.Hostname).Inc()
} }
mqMtx.Unlock()
return nil
}
/* 2022-07-18T09:25:35.224779+02:00 ldap.domain.org slapd[82581] conn=1512 op=2 meta_back_search[0] match="" err=1 (Operations error) text="000004DC: LdapErr: DSID-0C090BA8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839".*/
if logFormat.ErrorErr != 0 {
op := &Operation{
Time: logFormat.Time,
OpType: logFormat.OpType,
OpId: &logFormat.OpId,
ErrorBackend: &logFormat.ErrorBackend,
ErrorMatch: logFormat.ErrorMatch,
ErrorErr: &logFormat.ErrorErr,
ErrorText: logFormat.ErrorText,
}
mqMtx.Lock()
// Do this connection exists ?
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
if false == ok {
if false == gDispUnkConn {
mqMtx.Unlock()
return nil
} else {
// Create connection
olc = &OpenLdapConnection{
Time: logFormat.Time,
Hostname: logFormat.Hostname,
Process: logFormat.Process,
ConnId: logFormat.ConnId,
ConnFd: logFormat.ConnFd,
ClientIp: logFormat.ClientIp,
ClientPort: logFormat.ClientPort,
ServerIp: logFormat.ServerIp,
ServerPort: logFormat.ServerPort,
}
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
}
}
olc.Operations = append(olc.Operations, op)
// Dump to stdout if gFlatten, b/c this is a standalone event
if gFlatten == true {
jsonBytes, err := json.Marshal(OlcToFlat(olc)[len(olc.Operations)-1])
if err != nil {
log.Fatal(err)
}
outfMtx.Lock()
err = writeOut(string(jsonBytes), gOutputFile)
outfMtx.Unlock()
if err != nil {
log.Fatal(err)
}
// Then remove operation from OpenLDAPConnection so it wont output again
olc.Operations = olc.Operations[:len(olc.Operations)-1]
} }
mqMtx.Unlock() mqMtx.Unlock()
ErrorCnt.WithLabelValues(olc.Hostname, "meta_back_search").Inc()
return nil
} }
/* /*