DevTech101

DevTech101

Perl Script to parse ODSEE ldap logs.

#!/usr/bin/perl
use Tie::IxHash;
 
tie %db, Tie::IxHash;
 
($file) = @ARGV if @ARGV;
$file   = 'access' unless -f $file;
open(IN, "$file") or die;
while () {
 
        ## for raw ldap log
        # [20/Nov/2007:20:55:43 -0500] conn=251299755 op=491 msgId=571 - RESULT err=0 tag=101 nentries=967 etime=0 notes=U
        #if (/conn=(\d+).*?notes=U/) { $db{"$1"} ++; }
 
        ## for parsed file
 
        # [20/Nov/2007:19:51:51 -0500] conn=251405900 op=-1 msgId=-1 - fd=158 slot=158 LDAPS connection from 10.10.10.150 to 10.10.10.151
        if (/conn=(\d+).*?connection from (.*?)\s+/) {
                $connections{"$1"} = $2;
        }
 
        # [21/Nov/2007:09:49:52 -0500] conn=251879468 op=69 msgId=72 - SRCH base="ou=netgroup,o=domain.com,dc=subdomain,dc=com" scope=2 filter="(&(objectClass=nisNetGroup)(cn=apps.domain.com))" attrs="nisNetgroupTriple member 
        if (/^\[(.*?)\s+.*?conn=(\d+).*?SRCH.*?\(cn=(.*?)\)\)/) {
                my $ip  = $connections{$2};
                print "$1\t$2\t$ip\t$3\n";
        }
}
exit;
# for raw ldap log
foreach $conn (keys %db) {
        print `/usr/bin/grep "conn=$conn" $file`;
        print '='x75,"\n";
}
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
%d bloggers like this: