New version of ldap-stats.pl (version 3.0)
I had been meaning to update ldap-stats.pl for quite some time, and finally got the updates completed this afternoon. The new version contains usage breakdowns by hour of day, day of month, and months in the year:
$ ldap-stats.pl /var/log/openldap openldap*
Report Generated on Sun Sep 25 16:30:36 2005 -------------------------------------------- Processed "/var/log/openldap": Sep 18 00:29:35 - Sep 23 23:13:51 Processed "openldap1": Dec 26 19:20:50 - Dec 29 12:22:00 Processed "openldap2": Dec 26 19:20:50 - Dec 31 12:51:02 Processed "openldap3": Dec 26 19:20:50 - Dec 29 12:22:00 Operation totals ------------------ Total operations : 116424 Total connections : 22176 Total authentication failures : 0 Total binds : 15708 Total unbinds : 15708 Total searches : 85008 Total compares : 0 Total modifications : 0 Total modrdns : 0 Total additions : 0 Total deletions : 0 Unindexed attribute requests : 0 Operations per connection : 5.25 Hostname Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels ------------- ----------- -------- ------ ------- -------- ---- ---- ------- ---- 192.168.1.3 19404 0 12936 12936 82236 0 0 0 0 192.168.1.8 2772 0 2772 2772 2772 0 0 0 0 Hour of Day Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels ------------- ----------- -------- ------ ------- -------- ---- ---- ------- ---- 01:00 - 01:59 3696 0 3696 3696 3696 0 0 0 0 02:00 - 02:59 3696 0 3696 3696 3696 0 0 0 0 12:00 - 12:59 924 0 924 924 924 0 0 0 0 13:00 - 13:59 3696 0 3696 3696 3696 0 0 0 0 15:00 - 15:59 1848 0 1848 1848 1848 0 0 0 0 17:00 - 17:59 3696 0 0 0 55440 0 0 0 0 18:00 - 18:59 924 0 0 0 13860 0 0 0 0 21:00 - 21:59 924 0 924 924 924 0 0 0 0 23:00 - 23:59 2772 0 924 924 924 0 0 0 0 Day of Month Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels ------------- ----------- -------- ------ ------- -------- ---- ---- ------- ---- 18 8316 0 924 3696 72996 0 0 0 0 19 924 0 0 924 924 0 0 0 0 21 6468 0 0 6468 6468 0 0 0 0 22 3696 0 3696 3696 3696 0 0 0 0 23 2772 0 924 924 924 0 0 0 0 Month Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels ------- ----------- -------- ------ ------- -------- ---- ---- ------- ---- Sep 22176 0 15708 15708 85008 0 0 0 0 Unindexed attribute References to attribute ------------------- ----------------------- sn 46 givenName 46 # Searches Search base referenced by # searches ---------- ----------------------------------------------------------- 15708 ou=contacts,dc=synack,dc=com 9240 cn=operations,cn=monitor 4620 cn=add,cn=operations,cn=monitor 4620 cn=read,cn=waiters,cn=monitor 4620 cn=search,cn=operations,cn=monitor 4620 cn=compare,cn=operations,cn=monitor 4620 cn=modify,cn=operations,cn=monitor 4620 cn=bind,cn=operations,cn=monitor 4620 cn=delete,cn=operations,cn=monitor 4620 cn=write,cn=waiters,cn=monitor 4620 cn=total,cn=connections,cn=monitor 4620 cn=entries,cn=statistics,cn=monitor 4620 cn=referrals,cn=statistics,cn=monitor 4620 cn=bytes,cn=statistics,cn=monitor 4620 cn=unbind,cn=operations,cn=monitor # Binds Bind DN ------- -------------------------------------------------------------- 10164 anonymous 5544 cn=email,dc=synack,dc=com
The time breakdowns can be useful for finding bootleg cron jobs, and attempts to illegally access the directory server. Let me know if you find any problems!
