Add -u option to display operations missing connection details (b/c accept was not seen) + prometheus counter for STARTTLS
This commit is contained in:
parent
5fffafc9fa
commit
a3ccbcef24
@ -39,10 +39,10 @@ type (
|
||||
ConnId int `json:"conn_id"`
|
||||
ConnFd int `json:"conn_fd"`
|
||||
BindDN *string `json:"bind_dn"`
|
||||
BindMethod *string `json:"bind_method"`
|
||||
BindMech *string `json:"bind_mech"`
|
||||
BindSSF *string `json:"bind_ssf"`
|
||||
SSF *string `json:"ssf"`
|
||||
BindMethod *string `json:"bind_method,omitempty"`
|
||||
BindMech *string `json:"bind_mech,omitempty"`
|
||||
BindSSF *string `json:"bind_ssf,omitempty"`
|
||||
SSF *string `json:"ssf,omitempty"`
|
||||
StartTLS bool `json:"starttls"`
|
||||
}
|
||||
|
||||
@ -125,7 +125,7 @@ var (
|
||||
File os.File
|
||||
Writer *bufio.Writer
|
||||
|
||||
Version = "0.6.5"
|
||||
Version = "0.6.6"
|
||||
|
||||
BuildInfo = promauto.NewGaugeVec(prometheus.GaugeOpts{
|
||||
Name: "openldaplogparser_build_info",
|
||||
@ -179,6 +179,10 @@ var (
|
||||
Name: "openldaplogparser_close_count",
|
||||
Help: "Number of closed connections",
|
||||
}, []string{"host"})
|
||||
StartTLSCnt = promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
Name: "openldaplogparser_starttlscount",
|
||||
Help: "Number of STARTTLS commands executed",
|
||||
}, []string{"host"})
|
||||
|
||||
rootCmd = &cobra.Command{
|
||||
Use: "openldap-log-parser",
|
||||
@ -196,6 +200,7 @@ var (
|
||||
gPromMetricPath string
|
||||
|
||||
gDebug bool
|
||||
gDispUnkConn bool
|
||||
)
|
||||
|
||||
func Execute() {
|
||||
@ -359,6 +364,7 @@ func init() {
|
||||
rootCmd.Flags().StringVarP(&gPromListenAddress, "prom.listen-address", "l", "do-not-listen", "Address to listen on for prometheus metrics")
|
||||
rootCmd.Flags().StringVarP(&gPromMetricPath, "prom.telemetry-path", "m", "/metrics", "Path under which to expose metrics.")
|
||||
rootCmd.Flags().BoolVarP(&gDebug, "debug", "d", false, "debug mode")
|
||||
rootCmd.Flags().BoolVarP(&gDispUnkConn, "unknown", "u", false, "display operations missing connection details (b/c accept was not seen)")
|
||||
|
||||
cobra.OnInitialize(initConfig)
|
||||
}
|
||||
@ -422,67 +428,96 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
// Then remove operation from OpenLDAPConnection so it wont output again
|
||||
olc.Operations = nil
|
||||
}
|
||||
|
||||
mqMtx.Lock()
|
||||
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
|
||||
mqMtx.Unlock()
|
||||
|
||||
AcceptCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T14:35:17.381223+02:00 ldap.domain.org slapd slapd[82581] conn=16113 op=0 STARTTLS
|
||||
|
||||
If we don't have the initial connect, we will discard logs
|
||||
/*
|
||||
2022-07-18T14:35:17.381223+02:00 ldap.domain.org slapd slapd[82581] conn=16113 op=0 STARTTLS
|
||||
*/
|
||||
if logFormat.OpType == "starttls" {
|
||||
opexist := false
|
||||
mqMtx.Lock()
|
||||
if olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]; ok {
|
||||
// We may be here for the result of STARTTLS operation
|
||||
for i := range olc.Operations {
|
||||
if *olc.Operations[i].OpId == logFormat.OpId {
|
||||
opexist = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if false == opexist {
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
}
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
}
|
||||
|
||||
mqMtx.Lock()
|
||||
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
|
||||
if false == ok {
|
||||
if false == gDispUnkConn {
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
} else {
|
||||
// Create connection
|
||||
olc = &OpenLdapConnection{
|
||||
Time: logFormat.Time,
|
||||
Hostname: logFormat.Hostname,
|
||||
Process: logFormat.Process,
|
||||
ConnId: logFormat.ConnId,
|
||||
ConnFd: logFormat.ConnFd,
|
||||
ClientIp: logFormat.ClientIp,
|
||||
ClientPort: logFormat.ClientPort,
|
||||
ServerIp: logFormat.ServerIp,
|
||||
ServerPort: logFormat.ServerPort,
|
||||
}
|
||||
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
|
||||
}
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
mqMtx.Unlock()
|
||||
StartTLSCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T17:18:19.785570+02:00 ldap.domain.org slapd[82581] conn=16113 op=1 BIND dn="cn=coincoin,dc=domain,dc=org" method=128
|
||||
|
||||
If we don't have the initial connect, we will discard logs
|
||||
2022-07-18T17:18:19.785570+02:00 ldap.domain.org slapd[82581] conn=16113 op=1 BIND dn="cn=coincoin,dc=domain,dc=org" method=128
|
||||
*/
|
||||
if logFormat.BindDN != "" && logFormat.BindMethod != "" {
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
BindDN: logFormat.BindDN,
|
||||
BindMethod: logFormat.BindMethod,
|
||||
}
|
||||
|
||||
mqMtx.Lock()
|
||||
if olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]; ok {
|
||||
// FIXME: What if this bind is not successful?
|
||||
olc.BindDN = &logFormat.BindDN
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
BindDN: logFormat.BindDN,
|
||||
BindMethod: logFormat.BindMethod,
|
||||
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
|
||||
if false == ok {
|
||||
if gDispUnkConn == false {
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
} else {
|
||||
// Create connection
|
||||
olc = &OpenLdapConnection{
|
||||
Time: logFormat.Time,
|
||||
Hostname: logFormat.Hostname,
|
||||
Process: logFormat.Process,
|
||||
ConnId: logFormat.ConnId,
|
||||
ConnFd: logFormat.ConnFd,
|
||||
ClientIp: logFormat.ClientIp,
|
||||
ClientPort: logFormat.ClientPort,
|
||||
ServerIp: logFormat.ServerIp,
|
||||
ServerPort: logFormat.ServerPort,
|
||||
}
|
||||
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
BindCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
}
|
||||
}
|
||||
// FIXME: What if this bind is not successful?
|
||||
olc.BindDN = &logFormat.BindDN
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
mqMtx.Unlock()
|
||||
BindCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T17:18:19.786218+02:00 ldap.domain.org slapd[82581] conn=16113 op=1 BIND dn="cn=coincoin,dc=domain,dc=org" mech=SIMPLE ssf=0
|
||||
2022-07-18T17:18:19.786218+02:00 ldap.domain.org slapd[82581] conn=16113 op=1 BIND dn="cn=coincoin,dc=domain,dc=org" mech=SIMPLE ssf=0
|
||||
*/
|
||||
if logFormat.BindDN != "" && logFormat.BindMech != "" {
|
||||
mqMtx.Lock()
|
||||
@ -496,6 +531,7 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
}
|
||||
}
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
@ -504,6 +540,7 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
*/
|
||||
if logFormat.Result == true {
|
||||
mqMtx.Lock()
|
||||
// If we dont know conn_id here, then we also dont know operation which we are processing result, so we dont care
|
||||
if olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]; ok {
|
||||
for i := range olc.Operations {
|
||||
if olc.Operations[i].OpId != nil && *olc.Operations[i].OpId == logFormat.OpId {
|
||||
@ -537,27 +574,48 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
}
|
||||
}
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T17:18:19.785881+02:00 ldap.domain.org slapd[82581] conn=16113 op=2 SRCH base="ou=users,dc=domain,dc=org" scope=2 deref=0 filter="(cn=pika)"
|
||||
*/
|
||||
if logFormat.SearchBase != "" {
|
||||
mqMtx.Lock()
|
||||
if olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]; ok {
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
SearchBase: logFormat.SearchBase,
|
||||
SearchScope: logFormat.SearchScope,
|
||||
SearchDeref: logFormat.SearchDeref,
|
||||
SearchFilter: logFormat.SearchFilter,
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
SearchCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
if logFormat.SearchBase != "" {
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
SearchBase: logFormat.SearchBase,
|
||||
SearchScope: logFormat.SearchScope,
|
||||
SearchDeref: logFormat.SearchDeref,
|
||||
SearchFilter: logFormat.SearchFilter,
|
||||
}
|
||||
mqMtx.Lock()
|
||||
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
|
||||
if false == ok {
|
||||
if false == gDispUnkConn {
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
} else {
|
||||
// Create connection
|
||||
olc = &OpenLdapConnection{
|
||||
Time: logFormat.Time,
|
||||
Hostname: logFormat.Hostname,
|
||||
Process: logFormat.Process,
|
||||
ConnId: logFormat.ConnId,
|
||||
ConnFd: logFormat.ConnFd,
|
||||
ClientIp: logFormat.ClientIp,
|
||||
ClientPort: logFormat.ClientPort,
|
||||
ServerIp: logFormat.ServerIp,
|
||||
ServerPort: logFormat.ServerPort,
|
||||
}
|
||||
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
|
||||
}
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
mqMtx.Unlock()
|
||||
SearchCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
@ -574,6 +632,7 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
}
|
||||
}
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
@ -614,31 +673,49 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
}
|
||||
}
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T14:35:17.381223+02:00 ldap.domain.org slapd slapd[82581] conn=16113 op=3 MOD dn="cn=coincoin,dc=domain,dc=org"
|
||||
|
||||
If we don't have the initial connect, we will discard logs
|
||||
*/
|
||||
if logFormat.ModDN != "" {
|
||||
mqMtx.Lock()
|
||||
if olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]; ok {
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
ModDN: logFormat.ModDN,
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
ModCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
ModDN: logFormat.ModDN,
|
||||
}
|
||||
mqMtx.Lock()
|
||||
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
|
||||
if false == ok {
|
||||
if false == gDispUnkConn {
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
} else {
|
||||
// Create connection
|
||||
olc = &OpenLdapConnection{
|
||||
Time: logFormat.Time,
|
||||
Hostname: logFormat.Hostname,
|
||||
Process: logFormat.Process,
|
||||
ConnId: logFormat.ConnId,
|
||||
ConnFd: logFormat.ConnFd,
|
||||
ClientIp: logFormat.ClientIp,
|
||||
ClientPort: logFormat.ClientPort,
|
||||
ServerIp: logFormat.ServerIp,
|
||||
ServerPort: logFormat.ServerPort,
|
||||
}
|
||||
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
|
||||
}
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
mqMtx.Unlock()
|
||||
ModCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T14:35:17.381233+02:00 ldap.domain.org slapd[82581] conn=16113 op=3 MOD attr=description
|
||||
|
||||
If we don't have the initial connect, we will discard logs
|
||||
*/
|
||||
if logFormat.ModAttr != "" {
|
||||
@ -652,26 +729,45 @@ func parseStoreAndWrite(input []byte, mq map[string]*OpenLdapConnection, mqMtx *
|
||||
}
|
||||
}
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
2022-07-18T11:13:17.521717+02:00 ldap.domain.org slapd[82581] conn=16113 op=4 PASSMOD id="cn=pika,ou=users,dc=domain,dc=org" new
|
||||
|
||||
If we don't have the initial connect, we will discard logs
|
||||
*/
|
||||
if logFormat.PassModDN != "" {
|
||||
mqMtx.Lock()
|
||||
if olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]; ok {
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
PassModDN: logFormat.PassModDN,
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
PassModCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
op := &Operation{
|
||||
Time: logFormat.Time,
|
||||
OpType: logFormat.OpType,
|
||||
OpId: &logFormat.OpId,
|
||||
PassModDN: logFormat.PassModDN,
|
||||
}
|
||||
mqMtx.Lock()
|
||||
olc, ok := mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)]
|
||||
if false == ok {
|
||||
if false == gDispUnkConn {
|
||||
mqMtx.Unlock()
|
||||
return nil
|
||||
} else {
|
||||
// Create connection
|
||||
olc = &OpenLdapConnection{
|
||||
Time: logFormat.Time,
|
||||
Hostname: logFormat.Hostname,
|
||||
Process: logFormat.Process,
|
||||
ConnId: logFormat.ConnId,
|
||||
ConnFd: logFormat.ConnFd,
|
||||
ClientIp: logFormat.ClientIp,
|
||||
ClientPort: logFormat.ClientPort,
|
||||
ServerIp: logFormat.ServerIp,
|
||||
ServerPort: logFormat.ServerPort,
|
||||
}
|
||||
mq[fmt.Sprintf("%s:%d", logFormat.Hostname, logFormat.ConnId)] = olc
|
||||
}
|
||||
}
|
||||
olc.Operations = append(olc.Operations, op)
|
||||
mqMtx.Unlock()
|
||||
PassModCnt.WithLabelValues(olc.Hostname).Inc()
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user