yo/openldap-log-parser
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

ADD and DEL operations now supported

Browse Source
This commit is contained in:
yo 2022-11-13 13:41:14 +01:00
parent aff1c5af75
commit 2cbac9a0c3
2 changed files with 126 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
openldap-log-parser.go
View File

@ -43,10 +43,14 @@ const (
UnbindRE = `(UNBIND)?` UnbindRE = `(UNBIND)?`
// group[40] // group[40]
ConnClosedRE = `(closed)?(?: \(connection lost\))?` ConnClosedRE = `(closed)?(?: \(connection lost\))?`
// group[41]
AddDnRE = `(?:ADD dn="(.*)")?`
// group[42]
DelDnRE = `(?:DEL dn="(.*)")?`
LogLineRE = SyslogPri + TimeRE + ` ` + HostRE + ` ` + ProcessRE + ` ` + ConnIdRE + ` ` + ConnFdRE + OperationIdRE + ` ` + LogLineRE = SyslogPri + TimeRE + ` ` + HostRE + ` ` + ProcessRE + ` ` + ConnIdRE + ` ` + ConnFdRE + OperationIdRE + ` ` +
AcceptRE + STARTTLSRE + BindMethodRE + BindMechRE + ResultRE + SearchBaseRE + SearchAttrRE + SearchResultRE + ModDnRE + ModAttrRE + AcceptRE + STARTTLSRE + BindMethodRE + BindMechRE + ResultRE + SearchBaseRE + SearchAttrRE + SearchResultRE + ModDnRE + ModAttrRE +
PassModRE + UnbindRE + ConnClosedRE PassModRE + UnbindRE + ConnClosedRE + AddDnRE + DelDnRE
) )
type ( type (
@ -74,6 +78,8 @@ type (
SSF string `json:"ssf"` SSF string `json:"ssf"`
ModDN string `json:"mod_dn"` ModDN string `json:"mod_dn"`
ModAttr string `json:"mod_attr"` ModAttr string `json:"mod_attr"`
AddDN string `json:"add_dn"`
DelDN string `json:"del_dn"`
PassModDN string `json:"passmod_dn"` PassModDN string `json:"passmod_dn"`
Result bool Result bool
ResTag string `json:"result_tag"` ResTag string `json:"result_tag"`
@ -184,6 +190,8 @@ func (o *OpenldapLog) Parse(text []byte) (LogFormat, error) {
ModDN: string(group[36]), ModDN: string(group[36]),
ModAttr: string(group[37]), ModAttr: string(group[37]),
PassModDN: string(group[38]), PassModDN: string(group[38]),
AddDN: string(group[41]),
DelDN: string(group[42]),
} }
// Now handle Operation Type // Now handle Operation Type
@ -203,6 +211,10 @@ func (o *OpenldapLog) Parse(text []byte) (LogFormat, error) {
logFormat.OpType = "unbind" logFormat.OpType = "unbind"
} else if len(group[40]) > 0 { } else if len(group[40]) > 0 {
logFormat.OpType = "close" logFormat.OpType = "close"
} else if len(group[41]) > 0 {
logFormat.OpType = "add"
} else if len(group[42]) > 0 {
logFormat.OpType = "del"
} }
return logFormat, nil return logFormat, nil

122
openldap-log-parser/cmd/root.go
View File

@ -57,6 +57,8 @@ type (
SSF string `json:"ssf,omitempty"` SSF string `json:"ssf,omitempty"`
ModDN string `json:"mod_dn,omitempty"` ModDN string `json:"mod_dn,omitempty"`
ModAttr string `json:"mod_attr,omitempty"` ModAttr string `json:"mod_attr,omitempty"`
AddDN string `json:"add_dn,omitempty"`
DelDN string `json:"del_dn,omitempty"`
PassModDN string `json:"passmod_dn,omitempty"` PassModDN string `json:"passmod_dn,omitempty"`
ResTag string `json:"result_tag,omitempty"` ResTag string `json:"result_tag,omitempty"`
ResOid string `json:"result_oid,omitempty"` ResOid string `json:"result_oid,omitempty"`
@ -100,6 +102,8 @@ type (
StartTLS bool `json:"starttls,omitempty"` StartTLS bool `json:"starttls,omitempty"`
ModDN string `json:"mod_dn,omitempty"` ModDN string `json:"mod_dn,omitempty"`
ModAttr string `json:"mod_attr,omitempty"` ModAttr string `json:"mod_attr,omitempty"`
AddDN string `json:"add_dn,omitempty"`
DelDN string `json:"del_dn,omitempty"`
PassModDN string `json:"passmod_dn,omitempty"` PassModDN string `json:"passmod_dn,omitempty"`
ResTag string `json:"result_tag,omitempty"` ResTag string `json:"result_tag,omitempty"`
ResOid string `json:"result_oid,omitempty"` ResOid string `json:"result_oid,omitempty"`
@ -125,7 +129,7 @@ var (
File os.File File os.File
Writer *bufio.Writer Writer *bufio.Writer
Version = "0.6.10" Version = "0.6.11"
BuildInfo = promauto.NewGaugeVec(prometheus.GaugeOpts{ BuildInfo = promauto.NewGaugeVec(prometheus.GaugeOpts{
Name: "openldaplogparser_build_info", Name: "openldaplogparser_build_info",
@ -151,35 +155,43 @@ var (
Name: "openldaplogparser_client_count", Name: "openldaplogparser_client_count",
Help: "Number of connected clients", Help: "Number of connected clients",
}) })
AcceptCnt = promauto.NewCounterVec(prometheus.CounterOpts{ AcceptCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_accept_count", Name: "openldaplogparser_accept_count",
Help: "Number of ACCEPT commands executed", Help: "Number of ACCEPT commands executed",
}, []string{"host"}) }, []string{"host"})
BindCnt = promauto.NewCounterVec(prometheus.CounterOpts{ BindCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_bind_count", Name: "openldaplogparser_bind_count",
Help: "Number of BIND commands executed", Help: "Number of BIND commands executed",
}, []string{"host"}) }, []string{"host"})
SearchCnt = promauto.NewCounterVec(prometheus.CounterOpts{ SearchCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_search_count", Name: "openldaplogparser_search_count",
Help: "Number of SRCH commands executed", Help: "Number of SRCH commands executed",
}, []string{"host"}) }, []string{"host"})
ModCnt = promauto.NewCounterVec(prometheus.CounterOpts{ ModCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_mod_count", Name: "openldaplogparser_mod_count",
Help: "Number of MOD commands executed", Help: "Number of MOD commands executed",
}, []string{"host"}) }, []string{"host"})
PassModCnt = promauto.NewCounterVec(prometheus.CounterOpts{ AddCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_add_count",
Help: "Number of ADD commands executed",
}, []string{"host"})
DelCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_del_count",
Help: "Number of DEL commands executed",
}, []string{"host"})
PassModCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_passmod_count", Name: "openldaplogparser_passmod_count",
Help: "Number of PASSMOD commands executed", Help: "Number of PASSMOD commands executed",
}, []string{"host"}) }, []string{"host"})
UnbindCnt = promauto.NewCounterVec(prometheus.CounterOpts{ UnbindCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_unbind_count", Name: "openldaplogparser_unbind_count",
Help: "Number of UNBIND commands executed", Help: "Number of UNBIND commands executed",
}, []string{"host"}) }, []string{"host"})
CloseCnt = promauto.NewCounterVec(prometheus.CounterOpts{ CloseCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_close_count", Name: "openldaplogparser_close_count",
Help: "Number of closed connections", Help: "Number of closed connections",
}, []string{"host"}) }, []string{"host"})
StartTLSCnt = promauto.NewCounterVec(prometheus.CounterOpts{ StartTLSCnt = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "openldaplogparser_starttlscount", Name: "openldaplogparser_starttlscount",
Help: "Number of STARTTLS commands executed", Help: "Number of STARTTLS commands executed",
}, []string{"host"}) }, []string{"host"})
@ -273,6 +285,22 @@ func OlcToFlat(olc *OpenLdapConnection) []OpenLdapConnectionFlat {
olcf[i].ResQTime = olc.Operations[i].ResQTime olcf[i].ResQTime = olc.Operations[i].ResQTime
olcf[i].ResETime = olc.Operations[i].ResETime olcf[i].ResETime = olc.Operations[i].ResETime
olcf[i].ResText = olc.Operations[i].ResText olcf[i].ResText = olc.Operations[i].ResText
case "add":
olcf[i].AddDN = olc.Operations[i].AddDN
olcf[i].ResTag = olc.Operations[i].ResTag
olcf[i].ResOid = olc.Operations[i].ResOid
olcf[i].ResErr = olc.Operations[i].ResErr
olcf[i].ResQTime = olc.Operations[i].ResQTime
olcf[i].ResETime = olc.Operations[i].ResETime
olcf[i].ResText = olc.Operations[i].ResText
case "del":
olcf[i].DelDN = olc.Operations[i].DelDN
olcf[i].ResTag = olc.Operations[i].ResTag
olcf[i].ResOid = olc.Operations[i].ResOid
olcf[i].ResErr = olc.Operations[i].ResErr
olcf[i].ResQTime = olc.Operations[i].ResQTime
olcf[i].ResETime = olc.Operations[i].ResETime
olcf[i].ResText = olc.Operations[i].ResText
case "passmod": case "passmod":
olcf[i].PassModDN = olc.Operations[i].PassModDN olcf[i].PassModDN = olc.Operations[i].PassModDN
olcf[i].ResTag = olc.Operations[i].ResTag olcf[i].ResTag = olc.Operations[i].ResTag
@ -735,6 +763,82 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
mqMtx.Unlock() mqMtx.Unlock()
return nil return nil
} }
/*
* 2022-07-18T14:35:17.381223+02:00 ldap.domain.org slapd slapd[82581] conn=16113 op=3 ADD dn="cn=coincoin,dc=domain,dc=org"
*/
if logFormat.AddDN != "" {
op := &Operation{
Time: logFormat.Time,
OpType: logFormat.OpType,
OpId: &logFormat.OpId,
AddDN: logFormat.AddDN,
}
mqMtx.Lock()
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
if false == ok {
if false == gDispUnkConn {
mqMtx.Unlock()
return nil
} else {
// Create connection
olc = &OpenLdapConnection{
Time: logFormat.Time,
Hostname: logFormat.Hostname,
Process: logFormat.Process,
ConnId: logFormat.ConnId,
ConnFd: logFormat.ConnFd,
ClientIp: logFormat.ClientIp,
ClientPort: logFormat.ClientPort,
ServerIp: logFormat.ServerIp,
ServerPort: logFormat.ServerPort,
}
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
}
}
olc.Operations = append(olc.Operations, op)
mqMtx.Unlock()
AddCnt.WithLabelValues(olc.Hostname).Inc()
return nil
}
/*
* 2022-07-18T14:35:17.381223+02:00 ldap.domain.org slapd slapd[82581] conn=16113 op=3 DEL dn="cn=coincoin,dc=domain,dc=org"
*/
if logFormat.DelDN != "" {
op := &Operation{
Time: logFormat.Time,
OpType: logFormat.OpType,
OpId: &logFormat.OpId,
DelDN: logFormat.DelDN,
}
mqMtx.Lock()
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
if false == ok {
if false == gDispUnkConn {
mqMtx.Unlock()
return nil
} else {
// Create connection
olc = &OpenLdapConnection{
Time: logFormat.Time,
Hostname: logFormat.Hostname,
Process: logFormat.Process,
ConnId: logFormat.ConnId,
ConnFd: logFormat.ConnFd,
ClientIp: logFormat.ClientIp,
ClientPort: logFormat.ClientPort,
ServerIp: logFormat.ServerIp,
ServerPort: logFormat.ServerPort,
}
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
}
}
olc.Operations = append(olc.Operations, op)
mqMtx.Unlock()
DelCnt.WithLabelValues(olc.Hostname).Inc()
return nil
}
/* /*
2022-07-18T11:13:17.521717+02:00 ldap.domain.org slapd[82581] conn=16113 op=4 PASSMOD id="cn=pika,ou=users,dc=domain,dc=org" new 2022-07-18T11:13:17.521717+02:00 ldap.domain.org slapd[82581] conn=16113 op=4 PASSMOD id="cn=pika,ou=users,dc=domain,dc=org" new