Thanks Rich,
Will do.
Regards
Burn
On Mon, 2015-07-06 at 08:00 -0600, Rich Megginson wrote:
On 07/03/2015 05:49 AM, Burn Alting wrote:
> Has anyone authored code to parse a 389 Directory Server's access.log
> file(s) with an aim of generating audit events based around the LDAP
> request type. Basically, take the log sequence
>
> [21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connection from
> 207.1.153.51 to 192.18.122.139
> [21/Apr/2007:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory
> Manager" method=128 version=3
> [21/Apr/2007:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97
> nentries=0 etime=0
> [21/Apr/2007:11:39:51 -0700] conn=11 op=1 SRCH
> base="dc=example,dc=com" scope=2 filter="(uid=bjensen)"
> [21/Apr/2007:11:39:51 -0700] conn=11 op=1 RESULT err=0 tag=101
> nentries=1 etime=1000 notes=U
> [21/Apr/2007:11:39:51 -0700] conn=11 op=2 UNBIND
> [21/Apr/2007:11:39:51 -0700] conn=11 op=2 fd=608 closed - U1
>
> And turn this into an audit event with
>
> a date/time (21/Apr/2007:11:39:51 -0700), a client location
> (207.1.153.51), server location (192.18.122.139), a user (cn=Directory
> Manager), an event (SRCH) and event metadata of (query -
> base="dc=example,dc=com" scope=2 filter="(uid=bjensen)", result
set size
> - 1, timetaken = 1000 sec, etc)
>
> The logconv.pl script seems to do all sorts of analysis, but no event
> representation.
This sounds like a request for a new feature. Would you be able to
write up a description of the new feature based on
http://www.port389.org/docs/389ds/design/design-template.html? If so, I
will post it to the 389 wiki and assign a ticket.
>
> Thanks in advance
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users