yo/openldap-log-parser
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

comment/help

Browse Source
This commit is contained in:
yo 2022-07-21 19:09:30 +02:00
parent 187b76e95d
commit 5fffafc9fa
1 changed files with 145 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
README.md
View File

@ -14,12 +14,152 @@ Input openldap logs as os stdin.
``` console ``` console
# cat /var/log/slapd.log | ./openldap-log-parser | jq # cat /var/log/slapd.log | ./openldap-log-parser | jq
{
"time": "2022-07-20T10:03:42.856796+02:00",
"hostname": "ldap.domain.org",
"process": "slapd[82581]",
"operations": [
{
"time": "2022-07-20T10:03:42.856796+02:00",
"op_type": "accept"
},
{
"time": "2022-07-20T10:03:42.856847+02:00",
"op_type": "bind",
"op_id": 0,
"bind_dn": "cn=meuh,ou=users,dc=domain,dc=org",
"bind_method": "128",
"result_tag": "97",
"result_err": 0
},
{
"time": "2022-07-20T10:03:42.8572+02:00",
"op_type": "search",
"op_id": 1,
"search_base": "dc=domain,dc=org",
"search_scope": "2",
"search_deref": "0",
"search_filter": "(cn=cuicui)",
"search_attr": "dn ",
"search_res_tag": "101",
"search_res_err": 0,
"search_res_nentries": 1
},
{
"time": "2022-07-20T10:03:42.857572+02:00",
"op_type": "bind",
"op_id": 2,
"bind_dn": "cn=cuicui,ou=users,dc=domain,dc=org",
"bind_method": "128",
"result_tag": "97",
"result_err": 0
},
{
"time": "2022-07-20T10:03:42.857891+02:00",
"op_type": "close"
}
],
"client_ip": "10.11.12.14",
"client_port": 30390,
"server_ip": "0.0.0.0",
"server_port": 389,
"conn_id": 1699,
"conn_fd": 41,
"bind_dn": "cn=cuicui,ou=users,dc=domain,dc=org",
"bind_method": null,
"bind_mech": null,
"bind_ssf": null,
"ssf": null,
"starttls": false
}
``` ```
Use -f flag to flatten json structure: Use -f flag to flatten json structure:
``` console ``` console
# cat /var/log/slapd.log | ./openldap-log-parser -f | jq # cat /var/log/slapd.log | ./openldap-log-parser -f | jq
{
"time": "2022-07-20T10:03:42.856796+02:00",
"hostname": "ldap.domain.org",
"process": "slapd[82581]",
"client_ip": "10.11.12.14",
"client_port": 30390,
"server_ip": "0.0.0.0",
"server_port": 389,
"conn_id": 1699,
"conn_fd": 41,
"op_type": "accept"
}
{
"time": "2022-07-20T10:03:42.856796+02:00",
"hostname": "ldap.domain.org",
"process": "slapd[82581]",
"client_ip": "10.11.12.14",
"client_port": 30390,
"server_ip": "0.0.0.0",
"server_port": 389,
"bind_dn": "cn=meuh,ou=users,dc=domain,dc=org",
"conn_id": 1699,
"conn_fd": 41,
"op_id": 0,
"op_type": "bind",
"bind_method": "128",
"result_tag": "97",
"result_err": 0
}
{
"time": "2022-07-20T10:03:42.856796+02:00",
"hostname": "ldap.domain.org",
"process": "slapd[82581]",
"client_ip": "10.11.12.14",
"client_port": 30390,
"server_ip": "0.0.0.0",
"server_port": 389,
"bind_dn": "cn=meuh,ou=users,dc=domain,dc=org",
"conn_id": 1699,
"conn_fd": 41,
"op_id": 1,
"op_type": "search",
"search_base": "dc=domain,dc=org",
"search_scope": "2",
"search_deref": "0",
"search_filter": "(cn=cuicui)",
"search_attr": "dn ",
"search_res_tag": "101",
"search_res_err": 0,
"search_res_nentries": 1
}
{
"time": "2022-07-20T10:03:42.856796+02:00",
"hostname": "ldap.domain.org",
"process": "slapd[82581]",
"client_ip": "10.11.12.14",
"client_port": 30390,
"server_ip": "0.0.0.0",
"server_port": 389,
"bind_dn": "cn=cuicui,ou=users,dc=domain,dc=org",
"conn_id": 1699,
"conn_fd": 41,
"op_id": 2,
"op_type": "bind",
"bind_method": "128",
"result_tag": "97",
"result_err": 0
}
{
"time": "2022-07-20T10:03:42.856796+02:00",
"hostname": "ldap.domain.org",
"process": "slapd[82581]",
"client_ip": "10.11.12.14",
"client_port": 30390,
"server_ip": "0.0.0.0",
"server_port": 389,
"bind_dn": "cn=cuicui,ou=users,dc=domain,dc=org",
"conn_id": 1699,
"conn_fd": 41,
"op_type": "close"
}
``` ```
Use "-o filename.json" to write output to file. Use "-o filename.json" to write output to file.
@ -36,3 +176,8 @@ action(
binary="/usr/local/bin/openldap-log-parser -f -o /var/log/slapd.log.json" binary="/usr/local/bin/openldap-log-parser -f -o /var/log/slapd.log.json"
template="RSYSLOG_FileFormat") template="RSYSLOG_FileFormat")
``` ```
openldap-log-parser can also be used as a service. It will listen on tcp, accepting syslog messages and converting them to json.
The json file can then be read by rsyslog and sent to a log management tool like Graylog or Splunk.